locked cloud in a bubble

When zero trust really means variable trust

Talk of the “zero trust” model is increasingly common in security discussions, but many misconceptions exist.

The relatively new practice emphasizes securing the application layer by never trusting users or devices and verifying everything.  A common misunderstanding is that zero trust will inconvenience organizations because users will have the least possible amount access to applications and devices, which will slow down processes and reduce efficiency all around.

Beau Houser, chief information security officer for  the Small Business Administration, defended the model at FCW’s Aug. 6 Cybersecurity Summit, saying that “the name is a bit misleading; it should be called variable trust.”

The SBA uses zero-trust for its email platforms. Employees is trying to access their email  gain increasing levels of trust based on the circumstance. An employee using a recognized device with strong authentication will be able to use email as normal, while a staff member logging in from an unrecognized device will have limited email functionality. Another benefit to this model, is that “we can decide which elements we want to place trust in and then we can build trust based on those elements," Houser said. “You can be as creative in the elements you decide to place trust in.”

Zero trust just “offers the ability to scale that access,” Houser said, and helps agencies balance usability and security.

About the Author

Anoushka Deshmukh is an intern with Public Sector 360, writing for GCN, FCW and Defense Systems.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected