In Banyan Security’s October release, we announced a new Granular Trust Scoring feature, called Trust Effect. Trust Effect brings transparency to Banyan’s trust scoring process. This new feature also offers admins control over the relative impact of each Trust Factor on a device’s security posture.
The Love/Hate Relationship to Device Trust Scores
In the past, we took a conservative approach to access control, allowing admins to enable or disable Trust Factors, while we determined how much weight each Trust Factor had in the Trust Scoring process. Customers offered us two key pieces of feedback:
- I love the simplicity of enabling Trust Scoring with Banyan.
- I dislike that I’m unable to relatively weigh Trust Factors. Some are more important than others, and I need a way to determine this.
So, we pivoted and made an adjustable trust scoring process: In our new model, admins now determine the weight of Trust Factors.
Introducing: Trust Effect
The Trust Effect feature allows admins to determine how important each Trust Factor is within their environment. The Effect determines which Trust Level (High, Medium, Low, or Always Deny) a device receives if the device does not meet the Trust Factor requirements. For example, if an admin sets the Effect to Low on the Firewall Trust Factor, and the device doesn’t have its Firewall enabled, then the device’s Trust Level will drop to Low. The Trust Level is then used as a criterion for security policies, applied to Banyan-protected services.
Moving away from a numerical trust score simplified the process. Now, the conversation flows simply, as such: “Is Auto Update critical to us?” If the answer is “yes,” set the Trust Effect to Low TL (Trust Level). If the answer is “it’s a little less important,” set it to Medium TL.
There are, of course, situations in which admins would want to evaluate a new Factor without impacting their users’ access. That’s why we created a No Effect setting, which calculates the device’s security posture against the Factor, without influencing the device’s Trust Level.
Standardizing with Trust Levels
In moving away from a numerical score and toward Trust Levels, we also hoped to help standardize trust scoring. Ideally, this should reduce misalignment between admins when configuring policies and it should standardize the end user experience in the Banyan app.
Finding the Sweet Spot of Control
In conversations with our design partners and our customers, we found that the addition of Trust Effect and the standardization of scoring via Trust Levels offered just the right approach to measuring device trust.
Try it out for yourself, and sign up for Banyan’s free Team Edition.
For more information about Banyan’s approach to trust scoring please check out the following resources:
Huge thank you to all the engineers, designers, and many others that we partnered with to bring this feature into fruition.