Kristen Smith 
ECS is positioning zero trust as a model that should operate in the background, surfacing only when risk changes, rather than interrupting users at every step.
In an article ECS published Thursday, Scott Hoge, the company’s vice president of cybersecurity, argued that many organizations have implemented zero trust in ways that create unnecessary friction through repeated logins, constant multifactor authentication prompts, virtual private network barriers and frequent session disruptions.
Hoge said that the approach not only slows productivity but can also weaken security by driving risky workarounds such as shadow IT and MFA fatigue. He emphasized that mature zero trust environments should focus on continuous assessment rather than constant user challenges.
The Potomac Officers Club’s 2026 Cyber Summit on May 21 will bring together government and industry cybersecurity leaders to discuss current threats and federal cyber priorities. With the Department of War’s 2027 zero trust deadline approaching, the event will examine where agencies stand and the steps still needed for compliance. Register now.
What Is Invisible Zero Trust?
Hoge described “invisible zero trust” as shifting verification away from end users and toward infrastructure-driven trust signals, such as device health, behavioral patterns and network context, which can be evaluated continuously in real time.
Rather than relying on static roles or one-time authentication events, ECS’ model centers on contextual enforcement that stays out of the way unless conditions change. Security becomes visible only when risk shifts, such as an unmanaged device, an unusual login pattern or an untrusted connection.
Hoge pointed to National Institute of Standards and Technology Special Publication 800-207, which reinforces the idea that access decisions should be dynamic and based on multiple live attributes.
Which Technologies Support ECS’s Zero Trust Approach?
Hoge outlined several building blocks required to support the invisible zero trust model, including continuous adaptive risk and trust assessment, passwordless authentication using standards such as FIDO2 and WebAuthn, and moving away from full-tunnel VPN architectures.
He noted that modern zero trust network access can enable application-specific micro-tunnels that activate automatically when policy requirements are met.
ECS’s emphasis on modernizing security models comes as the company expands its role across federal cyber programs.
In December 2025, ECS partnered with Elastic under a potential $130 million Cybersecurity and Infrastructure Security Agency contract to create a unified security information and event management-as-a-service platform designed to consolidate telemetry, close visibility gaps and strengthen real-time threat detection.
