In this episode of The Security Strategist podcast, host Jonathan Care, Lead Analyst at KuppingerCole Analysts, speaks with Sudhir Reddy, the Chief Technology Officer (CTO) of Esper, about how to build trust in ‘Zero Trust.’. They explore this paradox in Zero Trust systems, where human trust is essential for the system to function effectively.

Reddy emphasises the need for intelligent friction in security measures, allowing for a balance between security and business operations. The conversation also highlights the importance of understanding user needs and building trust within security systems to ensure effective implementation of Zero Trust strategies.

How to Build Trust in a "Zero Trust" World?

“Security should be a seatbelt, not a straightjacket,” Esper CTO said, describing the nature of zero trust in cybersecurity. For Reddy, zero trust isn’t just about “trust no one.” It’s about verifying everything while still allowing people to do their work.

“Zero Trust is really about verification,” he explains. “But the paradox is that it’s built to create trust among the people using it.” As systems, devices, and AI tools grow, security can’t just mean adding more barriers. “The number of people interacting with systems has increased a lot,” Reddy adds.

“But if the system doesn’t support the business, people will find a way around it.” That, he says, poses a risk where extremely rigid security could defeat its own purpose.

From “Friction” to “Intelligent Friction”

The Esper CTO explains Intelligent Friction designs systems that adjust security based on the situation. “You want the least friction where there is friction,” he says. “Add friction where it matters most, and make it disappear when it doesn’t.”

Alluding to an example of banking apps, Reddy explains intelligent friction as a simple login for checking balances and extra verification for large transfers. “That’s intelligent design — progressive, contextual, and trusted.”

When asked about the key message for CISOs, CEOs and IT decision-makers, he urges them to “stop measuring adherence to rules.” Instead, “start measuring where people are bypassing them — that’s where your friction is hurting the business.”

At Esper, this approach guides everything from device management to enterprise policy design: security that protects without slowing you down. Discover how Esper is redefining Zero Trust through Intelligent Friction. Learn more at Esper.io.

Takeaways

  • Zero Trust is fundamentally about verification at every step.
  • The shift to Zero Trust is driven by increased exposure and sophisticated attack vectors.
  • Human trust is essential for Zero Trust systems to function effectively.
  • Intelligent friction allows for security measures that adapt to user needs.
  • Security should not hinder business operations; it should support them.
  • CISOs should measure rebellion against security rules, not just adherence.
  • Progressive security checks can enhance user trust in systems.
  • Cultural change is necessary for effective security implementation.
  • Feedback from users is crucial for improving security systems.
  • Trust should be the primary driver in designing security systems.

Chapters

  • 00:00 Introduction to Zero Trust and Its Importance
  • 02:07 Understanding Zero Trust: Verification at Every Step
  • 03:03 The Shift to Zero Trust: Why Now?
  • 04:34 The Trust Paradox in Zero Trust Systems
  • 06:10 Real-World Examples of Trust Breakdown
  • 08:15 Intelligent Friction: A Solution to the Paradox
  • 10:48 Implementing Intelligent Friction in Retail
  • 12:40 Measuring Security: Moving Beyond Rule Adherence
  • 14:40 Balancing Security and Business Velocity
  • 16:39 Actionable Insights for CISOs
  • 18:51 Key Takeaway: Embracing Trust in Security Systems