Security

5 Questions End Users Have About Moving to Zero Trust

Federal IT teams moving to a zero-trust security architecture need to make sure they’re not leaving end users out of the equation.

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

Federal IT teams moving to a zero-trust security architecture are usually focused on applications and infrastructure, but leaving end users out of the equation is a mistake. Here are five questions end users might ask, and how to answer them.

1. Why Agencies are Moving to a Zero-Trust Security Model?

The 2021executive order on improving the nation’s cybersecurity mandates federal adoption of zero trust — but agencies aren’t doing it just because they have to. Zero-trust security is better adapted to modern attacks. It protects against attackers who may have a foothold inside the network, such as on a server or an end user’s desktop computer. It also lets agencies deliver services over the internet, rather than requiring users to be in a particular building or use a special VPN client. Zero trust helps federal agencies be more mobile and nimble in meeting the needs of clients and staff.

Click the banner below to get Insider access to exclusive security articles.

2. How Does Zero Trust Benefit Agencies?

Zero-trust security reduces the risk of security breaches for the entire agency. However, every staff member benefits. Zero trust makes it possible for staff to access agency applications and data wherever they are and to do so securely, without putting the agency at risk. Zero trust also simplifies and standardizes agency authentication systems, which means less frequent authentication during the workday. With zero trust, users can authenticate once and then continue to access resources without having to reauthenticate during that work session.

3. How Will Zero Trust Affect Performance?

From an end user’s point of view, zero trust should not have a great effect on performance. Inside applications, there will be additional steps and some minor delays that might feel like a slight slowdown, especially as users switch between applications. It may also take longer to log in at the beginning of a work session because the system will be working harder to authenticate the user and verify that the device and computing environment are safe. The end result will be better security and fewer breaches, which should mean better overall performance for the agency.

4. How Will Zero Trust Affect Agency Work?

The zero-trust journey starts with an overhaul of the authentication process and for end users, this is the most visible part of the change. It’s no longer enough to just have a username and password; for every application, zero trust requires stronger authentication, such as the use of smartcards. Devices and environments must be assessed as users log in: Is the user at the office, on campus, at home, on a smartphone or traveling around the world? Users may notice changes here, and even perhaps a bug or two, as new processes get ironed out.

EXPLORE: How effective federal data sharing is supporting citizen services.

5. What Can Users do to Support the New Zero-Trust Security Effort?

Users who keep their eyes open and are vigilant about security are making an invaluable contribution to the team. When they see something and report it, they become part of an early warning system. As the agency adapts applications and networks to support zero-trust security, having buy-in from staff and getting their help in identifying problems or letting the IT team know when something is not working as expected — that’s the best contribution an agency can ask for.

Kurhan/Getty Images