The zero trust journey can present several challenges for organizations, with funding being just one of them, but Steven Hernandez, chief information security officer at the Department of Education, said the biggest hurdle he sees with zero trust comes down to cultural challenges.
During a GovExec webinar on zero trust held on November 8, Hernandez explained why having a cultural vision is critical to starting the zero trust journey.
“There’s a lot of cultural challenges. I think those are some of the largest hurdles that folks will have to clear as they go down this path,” Hernandez said during the webinar. “It’s just as much of a cultural advancement as it is a technology advancement – those two have to go arm and arm.”
Hernandez explained that oftentimes security professionals think they will be out of a job with zero trust, because it brings benefits such as machine learning, AI, and robotic process automation. However, Hernandez said that while it does all of those things, zero trust will not put them out of a job, but instead make their job “much more interesting.”
“We’re still going to need that human involved, but the work is going to be fascinating because it’s going to not be sifting through a bunch of events, seeing if something looks interesting. No, this is interesting. Now go tell us more about it,” Hernandez said. “We are factoring in the people, we’re factoring in the cultural evolution as part of this. I think that’s the area that catches most people off guard.”
If an organization wants to get started with zero trust, Hernandez stressed that making sure that narrative and vision are incorporated into the planning process will be key. In fact, Hernandez said getting the vision in motion is the first step to the zero trust journey.
“First, get the vision out there,” Hernandez said. “It’s not just a technology vision, it’s a cultural vision. And I think that those that can also bring in that element of the better user experience, you’re going to get more interest because everybody wants a more seamless experience.”
“The best part about zero trust architecture, in my opinion, is that the art of zero trust is a phenomenal end-user experience,” he added. “That’s the real heart of it – is that while we’re going to get all this incredible security and risk visibility as part of it, we’re also going to drive just an incredible user experience if we’re able to fully embrace it and adopt it.”