Trust in Zero Trust:
Getting User Buy-in is Critical

Getting user buy-in is critical.

The buy-in of a network’s users is critical to the success of any new security deployment. Without rank-and-file support, employees are capable of tuning out or disregarding new security initiatives. It’s incumbent upon IT leaders who pursue a Zero Trust approach to bring end users along with them.

Employees are burned out by changing cybersecurity requirements. Among CISOs, 78 percent say the biggest risk to their organizations is “people trying to do their jobs the way they want with a disregard for policy,” according to a report by the Society for Human Resource Management. 

Unlike other security approaches that emphasize compliance by users, Zero Trust is virtually transparent. Users access applications the way they always have. This seamless experience is among the attributes of Zero Trust that support the change management aspect of implementation. There’s very little here for the IT team to explain, indoctrinate, justify or motivate. When employees see it in action, the premise of a new security offering becomes easier to swallow.

It’s not just the simplicity that sells users on Zero Trust. For years, end users were told that they had compromised security by falling for a phishing attack and unwittingly downloading something that should have been left alone. From the perspective of those employees, Zero Trust shifts the burden of security away from end users to where they think it rightly belongs, in the lap of IT. Everyone needs to be trained in good cyber hygiene, but when it comes to change management, Zero Trust scores high with end users who prefer to spend more time on mission attainment, less in the security loop.

To deliver on the promise of seamlessness, IT departments will need to do some work to enable Zero Trust, which limits user access based on predefined roles and permissions. Ideally, IT departments will collaborate with application owners to create definitions and ensure identity is adequately and accurately mapped.

The process of engagement and collaboration will help to ensure a smooth transition. By working closely with application owners, IT can help ensure that end users across the system feel a sense of buy-in, that they recognize and appreciate the benefits of the security paradigm. For starters, it is simpler and more secure.

Rather than reinforce its longstanding role as the roadblock to getting things done, the IT department can use Zero Trust to reposition itself as a partner to other business units. By working together to implement Zero Trust, it’s possible to form powerful new alliances in support of better security across the enterprise.