Panel | One Size Doesn't Fit All - Why Identity User Experience Matters More Than Ever in a Zero Trust World

Alexei. Yeah. Just quickly introduce yourself and what you do. Yeah. So my name's Alexei, I'm running the me business for Yubico taking care of our enterprise customers in the hold me region. Great. And, and Robin, if you could just say a few words to introduce yourself.
Yes, everyone. Yeah. I, I run our basically Microsoft's identity front end, so I'm in charge of sign in and sign up for all of our identity services across consumer and enterprise.
Fantastic. So this debate is actually about zero trust, which you may have heard of. It's something that doesn't come up very often. How does, how do organizations and management more particularly understand the concept of zero trust in relation to improving the user experience? So other two compatible and I I'll start with you Robin.
Yeah. You know, it's UN it's not surprisingly like the organizations which are heavily regulated, you know, like financial services, government agencies, you know, any that are involved in key areas like elections, healthcare infrastructure, like they're pretty, they're pretty hip to zero trust and, you know, and why it's valuable in their organization. And some of them are pretty far along their journey, but, you know, they also know that, you know, their end users need to be able to interact with their services. And, you know, one of the things that I've, I've been encountering as we talk to our customers at Microsoft that most also understand there's sort of a real cost to their organization, you know, in, in terms of help desk, you know, or productivity if they don't get this right. So I, I think there's beginning to be an understanding. And, you know, if you, if you, if you make change that sort of help your, your zero trust posture, but don't really enable legit users that anywhere in the organization, you know, you, you end up paying a price of sorts. And, and so that, and, and those that don't get this, you know, they are, they are driving up the risk of data leakiness, you know, due to kind of like these habituated workarounds that we see, like employees are clever. Like they will figure out ways to work around the stuff that's inconvenient for them. And it's worse with consumers. They'll just leave, you know, they'll just, they'll just go somewhere else where it's more convenient.
So Alexander does gen like management, like zero trust obviously is a technical, highly technical concept and understood yeah. To a certain degree by the it department. Yeah. But what about their managers and the CEOs and the, the Csuite in general? Do they get it? I think it's, it's a good acceptance so far. So we see a lot of initiatives on this. They become more, especially during the pandemic because people are not working in the secure networks of the company, so they work remotely. So there need to be other things in place that really yeah. Make a, a trusted connection to, to the resources. And we, you lease cozy as, as we are the business of protecting identities. It's zero. Trust really is just a good thing. People coming to us organizations talk to us how they can improve yeah. Secure access to, to any enterprise resources.
But do, do they get that? It's not just something you can bolt on. You know, it's not like a zero trust added value. You, you need to think a lot about it and you have to redesign your architecture. Or I think from, from the it department, it's, there's a good understanding at all. It's not only putting something in place on the it side, it's about governance policies and organizational stuff as well. So this is important and there's a yeah. Nearly high acceptance in moving to this initiative. Okay. So talking about end users, then a bit more specifically, and we, we've seen, we talk a lot about the cloud and what's happening sort of behind what end users do, but what, what are the, you feel that the end users now want from what we might call their digital workplace or their workspace, and is there now a tangible generational difference Robin?
Yeah. You know, Paul, I saw when we saw the questions, I thought this one was interesting and I, I kind of, I got to dug dig into our data a bit. So in, in my job, we get to see more than a billion users every month, which is, which is quite interesting when you think about it. And it's, it's employees and members of organizations, students, and, and a lot of consumers as well. And to, to be honest, the, the main generational difference that you you'd expect among adults, you know, like 18 to 64 say is, is really, you know, as you get older, kind of the level of stress people experience around technology goes up, you know, and I I'd say it's probably stronger in consumer segments than it would be in, in sort of information worker, but in terms of just like your, your general experience with, you know, what do we expect from say, identity systems or our experience with technology as it regards our, our own security and trust.
Everybody tells us the same thing that ease of use and convenience is primary. And, you know, and those of us who have been working in identity and I, and identity security, you know, have, have been discussing this balance, you know, for years, fundamentally is still the same. And it doesn't, it doesn't really differ. So when security measures get in the way we know that people they seek or find and secure workarounds, we know that consumers are more likely to abandon or become frustrated. So that ease of use and convenience is primary. And we find in our research that across the, the age groups that, you know, folks will folks will, they will change their level of trust. You know, when you make it about the security and they will give you their trust when, when you make it about convenience.
Do, do you think there's too many applications though, that with so many extra tools now that people have access to and they sign up for, and that it's actually causing more confusion Alexei? Yeah, I think so. We have quite similar experience than Robin explained and what we see a lot of people really setting up things like change management to get acceptance, because user acceptance is the most important thing. People, especially employees, they need to use the security things they have in place, and they need to get the best out of it. And the best secure connection. When we look at the UV key, it's, it's really, it's really easy to use. It's integrates fully into a lot of applications, so on an enterprise environment, as well as on the consumer side. So we have so many out of the box integrations with the UBI key. It really helps our customers to use it easily and also to create the acceptance. So you're saying it doesn't matter how many integrations there are, because if you have UBI key or something similar, yeah. You can at least do several things to a certain amount, but mostly what's what's on, on norm, on a regular basis can, can be covered with, with the UBI key. Okay. Yeah.
Paul, if you don't mind, I I'd like to build on that. Yeah, sure. You know, I'm actually, I have a key plugged into my, my laptop here. I'm, I'm actually working at home, but what what's beautiful about it is, you know, I touch it gets me into the machine, but then building on that, this principle of consistency across experiences, especially if you're in our productivity scenario, like, like we are day to day, SSO is still a really important technology to have. So the key in effect identifies or verifies who you are, it's that verify piece of zero trust, but then being able to drive that consistency across experiences across applications is really, really vital, you know, in, in order to kind of fulfill user's expectations and sort of take away that, that interference or, and drive up that user acceptance.
Yeah. Okay. Let's talk a little bit about the pandemic and how the, you know, the shift of home working, et cetera, which obviously, you know, is not new, but what impact has that had on user behavior and also on zero trust Alexei? Yeah. So we see a lot of initiatives coming through the pandemic because people are yeah. Working from home, working remotely, which have has different security levels, which need to be in place then working from, from office, from secure environment. So this also is implicated with zero trust initiatives and yeah, so the, the acceptance, again, here is very important from, from the end user and the yeah. The cross application usage, the same experience on, on what you're doing. This is also important, make it easy for, for employees and customers on both sides on, on enterprise and on consumer side Robin, what what's.
Yeah. You know, I, I couldn't agree more and I, I wanted to add that, you know, we, one of the ways in which zero trust will be critical is, is also in enabling this kind of hybrid workplace, you know, which is, which is starting to be implemented, you know, with, with more than like 81% of the orgs. We talk to have already begun the move towards this kind of, you know, half in the half in the building and, you know, and half remote. And this includes collaborators, you know, from across different organizations. So, you know, having a, a, a fluid experience, you know, that also upholds a good zero trust architecture principles is, is really critical to main, you know, to sort of help maintain security and, you know, amid the it complexity, which actually goes up a little bit when, you know, when, when you sort of add in this hybrid scenario to the mix.
And recently a couple of months ago, president Biden issued a new executive order on cybersecurity, which is mostly aimed at improving security in federal agencies, but there was some, you know, some good stuff in there, and there was some great, you know, suggestions. Do you think that will have an impact on private sector as well? Alexei? So we, we see an impact right now, already, especially in, in the us market. So a lot of people are engaging with us and discussing how to move forward. And I'm expecting the same in Europe was a certain time delay, but it'll influence decisions for sure. Yeah. Robin Europe, maybe a bit closer to it. What, what's your view? Yeah.
Well, I mean, definitely like the order itself, you know, which, which sort of mandates multifactor authentication. And if we're talking about user experience and how the impact, you know, will, will manifest, you know, one of the things is a mandate around multifactor authentication and also end to end encryption of data. And, you know, these, these mechanisms along with the other measures in, in sort of section three around the cybersecurity policies we wholeheartedly embrace. And, you know, it's one of the things we've been looking to to see how we can find solutions for even our own authentication experiences. So this, this notion of end to end encryption of data, you know, and I think, you know, at rest and in transit is, is sort of the definition of that. You, you see that for scenarios like this verifier imperson is impersonation use case where, you know, you know, I dunno if you guys, you know, if you follow Alexei weer my colleague, you know, he wrote a, a, an interesting blog on this, you know, maybe about a year back, but essentially, you know, what it says is MFA alone isn't enough, right?
Because you know, the bad guys, they're gonna figure out how to get in these, these impersonation attacks where it's essentially a man in the middle, you know, means that, you know, any device to device scenario or, or anything that's sort of not cryptographically protected is still subject to, you know, tokens being attacked, you know, on the way in and on the way down and on the way up. So, you know, for us mechanisms like windows, hello, you know, support for 5 0 2, you know, and the, the UBO Yubico keys and, and others like them, this is really important in terms of the ability to create kind of a fish proof scenario. And so we think this order is going to, you know, kind of normalize the expectations around that and, and probably, you know, drive some pretty interesting innovation around it.
It did feel a bit different from previous kind of presidential orders in that it felt like there was a bit more urgency about it, and mostly perhaps around ransomware, you know, which is it's having a serious impact on, on business Alexander. Yeah. So I fully agree on this and it's absolutely serious. And from, from our point of view identity and the trusted identity, or the proven identities moving to a more central key within getting access to resources and not only in, in enterprise business, but also in government and, and, and consumer organizations, I think it's across all Porwal loads and access scenarios, we will see. Okay. So just before I wrap up any questions from our audience here, doesn't look it, no. Okay. We have no online at the moment. Okay. So let's just finish on a sort of note of optimism then given that, you know, ransomware and everything else that's going on, are you optimistic about the future Robin?
You know, I'd say so. I think, you know, one of, one of the things I'm optimistic about, you know, first of all, about organizations and when companies taking this seriously and, and, and also understanding the balance that needs to be struck, you know, between securing the business and, and sort of creating a trust relationship with the end user, and I'm seeing more realization of this. So that, that gets me cause for, for, for optimism, you know, and as we design our experiences, you know, we find that users are receptive to also more positive messaging around this experience and it, and it helps them kind of accept additional tools. Like, you know, for example, we, we try to promote the use of authenticators or mobile authenticators, particularly the Microsoft authenticator, you know, for password list scenarios. And we're learning to use language, you know, about how this helps users, which, which seems to be accepted, you know, versus kind of, this is for your own good, or, you know, do this for our security people really place a value on their content and on their data. And so I, you know, seeing this trend towards this is this is good for you and people understanding that definitely, you know, makes me feel good about the future.
Okay. And a final word from you, Alexei. Yeah. Thanks. So I'm, I'm optimistic as well because we see more awareness when it comes to security, we have the different, higher level of quality in our conversations. We see more initiatives, more budgets spent in, in this area. And on the other hand, security is getting easier to use. So the user acceptance is increasing as well. Passport less is one thing rowing mentioned also here. That's very important to make it as easy as possible. And so that's also makes me, makes me optimistic that we are on the right way to move forward. Great. Well, I I'm optimistic as well, just to, just to round off. So with that, thank you so much, Robin and also Alexander for panel. Thank.