Experts say government agencies must prioritize user experience as they move to Zero Trust architectures. This is to ensure a smooth transition to new security requirements and to avoid complicating specific ongoing requirements.
The need for a smooth user experience is especially important when implementing the five Identity Pillars of Zero Trust Principles outlined by the Cybersecurity and Infrastructure Security Agency. Because identity verification arguably has the most direct impact on individuals, government agencies should fully explain the benefits of their multi-factor authentication policies to their employees, giving them an opportunity to work on new policies and explain any shortcomings they find. must give.
The human side of Zero Trust, sometimes lost in a flurry of cybersecurity rules and terminology, is the “soft side of technology,” says Aaron, senior enterprise solutions architect for the U.S. Department of State’s Office of Information Technology. Drew said.Veterans Affairs during a panel discussion at the recent Zscaler Public Sector Summit in Washington DC
A key part of the user experience as government agencies move toward Zero Trust is enabling agency employees to understand new cybersecurity processes and their importance. These steps may require tokens or other methods of identity verification for multi-factor authentication, or remove legacy systems that may be less secure than newer alternatives, Drew said. said.
Helping employees understand why “employee health has been redefined” is difficult, but early and frequent interactions by IT teams can help users understand, “What is this?” I can understand what you mean,” he said.
“[If] “Unlike last week, we have to let someone know that there is one or two additional steps to access that application,” says Drew. .”
Also, implementing these new processes and policies designed to better protect cybersecurity will require a “coordinated effort” beyond cybersecurity staff, and will require “an early rise in the user population.” It should be included,” said Gerald Caron, chief information officer for the Department of Commerce’s Bureau of International Trade Controls.
“Don’t look at this as a cybersecurity project,” he said at the summit. “This is a modernization project.”
New Jersey Chief Operating Officer Roger Gibson agrees, IT professionals need to be prepared to “tell that story, that story, at multiple different levels,” including the highest levels of government. added. A leader may be skeptical, but he said best practices and lead by example set the tone for the rest of the organization.
To modernize security, government agencies may need to “think differently,” said Sean McCann, Zscaler’s regional vice president of state and local government and education, speaking to a bystander at the Public Sector Summit. said in an interview. He said this is a “work in progress” and could take years, but if done properly, it could improve the cybersecurity posture of government agencies and organizations.
“Fundamentally, we need to show these people that there are better and more efficient ways to achieve better security outcomes,” McCann said. “When they all work together, you get much better output and better protection.”
