Table 5.
Balancing security and usability with Zero Trust.
| Users | Model | Number of User Involved | Key Findings | Ref. |
|---|---|---|---|---|
| Non-expert users | Key-Directory Encryption Systems | 52-person | The study diverges from previous research, which mostly focused on tradeoffs related to user-interface design. The findings indicate that individuals possess a certain amount of comprehension regarding high-level security attributes and are capable of making rational trade-offs between these attributes and aspects such as convenience. | [72] |
| Employee in the HR department of an enterprise | Contextual TA may send an alert system | 20 to 30 employee records | When creating and implementing trust algorithms, it is crucial to consider the equilibrium between security, usability, and cost-effectiveness. The repeated request for a subject to undergo reauthentication, in accordance with their mission function and organisational role, might result in usability challenges due to the alignment with historical patterns and established norms. | [4] |
| Users of IS/IT services n five prominent US organisations across several industries | Developing value-based objectives | 35 experts | The goals provide a valuable foundation for evaluating the degree to which systems have achieved security and usability. The objectives additionally serve as a foundation for making decisions on the trade-off between security and usability. Computation and space operating costs must be discussed in order to achieve the optimal balance for optimum system performance. |
[73] |
| Users of financial services industry | Single-factor and two-factor authentication in automated telephone banking | 62 telephone banking users | The objective of this study was to investigate user perspectives on the usability and security of single-factor and two-factor authentication techniques within the framework of an existing automated telephone banking service. The findings reveal notable disparities between the two authentication methods. These disparities, along with the preferences expressed by participants during the interview, can provide valuable insights for making informed decisions regarding the implementation of two-factor authentication. | [74] |
| Internal security teams | User specific security policy through the formal modeling of user behavior | -- | One of the advantages of using a Zero Trust approach is the notable augmentation in the level of effort required by intruders to accomplish their goals. However, the implementation of Zero Trust will also result in heightened management complexity for internal security teams. These teams will require a mechanism for gathering data and implementing policy decisions based on analysis. The proposed procedure must be executed across all organisational systems and data, encompassing all access situations. | [75] |