Top Federal officials from largely public-facing agencies explained at a Dec. 1 GovExec event how zero trust security, if adopted correctly, will inherently end up improving customer experience (CX).
In practice, zero trust and CX are mutually supportive of one another, said Robert Wood, Chief Information Security Officer (CISO) for the Department of Health and Human Services’ (HHS) Centers for Medicare and Medicaid Services (CMS).
Steven Hernandez, CISO for the Education Department, agreed that zero trust security creates a better user experience, adding that the “identity piece of the puzzle is how we get there.”
Identity and access have been a growing focus among Feds not only for agency workforces, but also to ensure that their users experience efficient and secure digital services. The Federal officials speaking at the Dec. 1 event highlighted their interest in leveraging zero trust to move customers away from having to use passwords – and improve CX as a result.
“I absolutely treat and look at zero trust as an opportunity for modernization,” said Gerald Caron, chief information officer in HHS’ Office of Inspector General.
That opportunity to modernize makes a better customer experience, he said, adding, “going passwordless is definitely something that I’d like to get to . . . [passwords are] creating a monotony for our user population, and they’re going to start doing bad hygiene things which results in worse things happening.”
In order to give customers a better experience through zero trust, Hernandez said, the Federal government needs to invite more of the right people to the table: human capital, privacy, administrative, and executive officers, as well as supervisors. All of them, he said, can help when it comes to reducing the friction to the user.
Wood echoed this sentiment, adding that prioritizing CX is really important in all the work CMS does.
“I think it’s a little bit paradoxical when you put zero trust and customer experience together if you interpret or internalize them literally. But in practice, I feel like the two things are very mutually supportive of one another,” especially if security teams are keeping users front and center, he said.