Build Trust in a Zero Trust Environment

Gil Vega, Chief Information Security Officer at Veeam, asks how companies can effectively navigate Zero Trust without creating friction between employers and employees.

Gil Vega, Chief Information Security Officer at Veeam

A recent study by MITER and DTEX found that despite years of industry efforts against insider threats, there is not enough data – or sufficiently advanced systems – to detect all malicious behavior.

As enterprises strive to create a corporate culture of cybersecurity, they have begun to invest in Zero Trust architectures to proactively cover all attack surfaces. While a step in the right direction, this security method also has the potential to instill fear and generate negative reactions from employees.

This is particularly concerning in the midst of the Great Resignation. Countless employees are leaving their workforce due to issues with a work culture that no longer meets the demands of the modern employee. In fact, a poor work culture is 12.4 times more likely than compensation to be the main cause of turnover.

If seen as a sign of mistrust and bad faith, Zero Trust security could sow resentment and demotivation among employees, potentially accelerating turnover rates and bringing the Great Resignation to a climax.

How can companies effectively navigate Zero Trust without creating friction between employers and employees? And how do you achieve that without the luxury of confidence-building exercises in the privacy of an office environment?

The thing is, Zero Trust doesn’t mean instilling distrust in an organization’s networks. Businesses shouldn’t have to rely solely on technology to protect themselves. Safety is best enforced when it is a team effort.

In other words, the success of Zero Trust is based on a culture of transparency, communication and consistency at all levels. When properly understood and applied, these efforts can create a sustainable Zero Trust work environment. So how do you get there?

Create a culture of transparency and communication

According to the World Economic Forum’s Global Risk Report, 95% of cybersecurity breach incidents are caused by employee error. Humans are prone to clicking on phishing emails or running malware unknowingly, making the whole business vulnerable to cyberattacks. Zero Trust security solves this problem by covering all attack surfaces, including the human attack surface.

But Zero Trust also raises questions about trust and faith between the company and its employees. Won’t checking every decision and every move create a “Big Brother” culture of fear and paranoia? Most organizations struggle with this dilemma. But actually, the solution – or part of it – is quite simple.

Even as companies begin to implement Zero Trust technology in their systems, they also need to embed it into their culture. Educate employees on what is happening, what the Zero Trust process entails, its impact and benefits as well as the business, what to watch out for and how they can support the Zero process Trust.

By engaging employees and challenging them to adopt a healthy dose of skepticism about potential threats, employers sow the seeds of security in their organizational skeleton.

Once employees understand what’s going on and the value of Zero Trust, they too begin to feel confident and empowered to be part of the larger cybersecurity network. This pays off as employees proactively identify threats internal and external to the business, covering all surfaces and promoting good security hygiene.

Set up briefings and continuous training

Part of the process of creating a culture of safety is making sure employees always feel prepared. This includes sending ongoing updates on the precise implementation of Zero Trust and providing security training programs.

It is not enough to say that x is good and y is bad. People from different backgrounds are likely to have different interpretations of errors and security incidents. Although there are bad actors, most insider threats turn out to be accidental and unintentional.

By providing resources, including conducting regular briefings, insider threat programs, and cybersecurity awareness training at all levels – from the C-suite to intern cohorts – companies are more likely to see implementation of Zero Trust unfold organically.

With the right information followed by an “open door policy”, employees will know they have safety nets to fall back on in case of error and will be familiar with the multitude of security risks to watch out for and avoid. .

There will always be threats that penetrate a company’s security layers. But if employees are trained in maintaining the company’s security culture, identifying and reporting these threats (whether in a call, email, or text ) will become second nature.

Trained employees are empowered and empowered employees hold the company accountable, protecting it from potential violations.

Create tools and incentives for success

A culture of transparency and knowledge combined with readiness trainings can help hone the skills employees need for a successful Zero Trust environment. But where a culture of transparency may not be enough to keep employees motivated, introducing incentives for success can help.

Zero Trust technologies deployed in an organization should not only keep an eye on the weather on the horizon. Try to make their deployment fun. Many of these technologies rely on adaptive authentication to allow employers to create a risk score based on how their employees use their devices. Have fun with these sheet music! Whether using them to create healthy competition among employees or launching a rewards program based on high safety scores, employers should seek to encourage participation.

By understanding user behavior, employers can also provide personalized support tools and resources that employees may need – whether it’s VPNs, encryption, additional training, and more. Using these varied tools will help organizations cover all attack surfaces and create strong security hygiene for everyone.

At the same time, incentives to achieve or maintain high security scores will motivate employees to continue to use these resources and update their security as necessary.

While Zero Trust technologies are available to cover all attack surfaces and protect organizations, they mean nothing without the people who use them, so aligning business success and security with employee success and safety.

This means prioritizing a culture of transparency, open communication, trust in the process, and faith in everyone’s ability to do good. This, complemented by ongoing training to ensure everyone stays behind the wheel and no one is left behind, and various technologies to cover all attack surfaces and provide optimal protection, can help create a network of employees armed and trained to defend against threats now and in the future. future.

Click below to share this article

Jennifer C. Burleigh