“Everyone interacting with IT resources must constantly prove their identity and the fact that they have permission to have the access they are seeking.
“However, it’s important that these security restrictions do not come at the expense of an appealing and effective user experience. Indeed, organisations need to consider the user experience they are providing as much as they consider their security.
“Such implications are vital when you consider how previously heightened security requirements often led to heavy burdens being placed on employees. Many suddenly found they had to deal with multiple new steps such as constantly needing to re-enter passwords or remember long access codes.”
For this reason, Mr Thomas said it’s important that any security team implementing a zero trust strategy spends time considering the user interface implications. Steps can then be taken to ensure strong security but also allow efficient access to resources.
“As well as constantly verifying the people requesting access to IT resources, a security team must also have the ability to verify the devices being used. This verification needs to cover everything from PCs and smartphones to servers and cloud-based platforms,” he said.
“When it comes to devices, the default position has to be ‘deny access’ until that device’s validity has been confirmed. Checks also need to be carried out on an ongoing basis to ensure that a device has not become compromised or fallen into unauthorised hands.”