Article 9 — The Trust Problem

from the Application-Aware Networking series

federal-modernization
fedramp-boundaries
application-aware-networking
problems
Author

Michal Doroszewski

Published

April 17, 2026

You’re trying to log in to a system that knows you. You’ve used it for years. You enter your credentials. It pauses. Then it asks for a second factor. You provide it. It pauses again. Then it asks for a third factor you’ve never seen before — something about your shoe size and favorite childhood snack.

You comply. It pauses. Then it denies access.

You try again. This time it lets you in instantly. You haven’t changed. Your credentials haven’t changed. The system hasn’t changed. The only thing that changed was the system’s mood.

That is the Trust Problem. Not the “bad password” kind — the architectural kind. The kind that appears when identity systems are asked to enforce dynamic trust using signals that are missing, delayed, or distorted. The kind that makes access feel like a personality test.

<>

How Trust Became a Moving Target

Modern identity systems don’t just verify credentials. They evaluate behavior. They score risk. They assess device posture, location, timing, and session continuity. Trust is no longer a gate. It’s a mood ring.

In Commercial environments, this mood ring is calibrated with rich telemetry. In GCC‑Moderate, it’s guessing.

Why GCC‑Moderate Makes Trust Unpredictable

The FedRAMP Moderate boundary blocks many of the signals identity systems depend on. Risk scoring is delayed or absent. Device trust is misclassified. Location is distorted. Session continuity is broken. Timing is unreliable.

The system tries to evaluate trust, but the inputs are wrong. It sees instability where none exists. It sees risk where none is present. It denies access based on shadows.

The system isn’t malfunctioning. It’s improvising.

Why Headquarters and Field Offices Experience Trust Differently

Headquarters sits close to identity controllers and cloud egress. Field offices sit behind WAN optimizers, MPLS circuits, and inspection layers. Headquarters sees clean signals. Field offices see noise.

Trust evaluations in headquarters are smooth. In field offices, they’re erratic. The same user behaves the same way but receives different outcomes. The architecture creates two realities — one trusted, one suspicious — and identity systems enforce both.

Why Trust Failures Are Misdiagnosed

When access fails, teams look for culprits. Security blames policy. Identity blames configuration. Network blames routing. Users blame each other. Everyone is correct. Everyone is wrong.

The failure is architectural. The boundary hides the signals trust depends on. The WAN distorts the timing trust requires. The telemetry is missing, so the system cannot explain its decisions.

The system isn’t broken. It’s reacting to a distorted mirror.

Why Modernization Efforts Stall When Trust Is Unstable

Modernization depends on trust. When trust is unstable, everything slows down. Users are denied access. Help desks chase ghosts. Security teams enforce policies without context. Leadership receives reports that contradict each other.

This is not dysfunction. It is architectural misalignment. The system was designed to enforce static rules. The workload is designed to evaluate dynamic trust.

The Root of the Trust Problem

The trust problem is not caused by bad passwords, poor configuration, or user error. It is caused by an architecture that predates dynamic identity.

The boundary blocks telemetry.

The WAN distorts timing.

The region model misleads location.

The inspection layers delay refresh.

The identity system receives partial truth.

You cannot enforce trust without visibility.

You cannot evaluate risk without telemetry.

You cannot stabilize access without continuity.

You cannot modernize identity inside a fog.

The Only Way Forward

Trust must be allowed to see clearly.

The boundary must allow the signals identity systems depend on.

Telemetry must be restored.

Risk scoring must be accurate.

Device trust must be visible.

Session continuity must be preserved.

Location and timing must reflect reality.

Only then can trust behave the way it was designed to behave.

Only then can access become predictable.

Only then can identity stop guessing.

Only then can modernization move forward without suspicion.

About the Author

Michal Doroszewski is a technology strategist focused on cloud architecture, identity platforms, and federal modernization. He writes about the structural and architectural forces that shape government IT, translating complex technical constraints into clear, accessible narratives for leaders and practitioners.

Source: inbox/Article 09 The Trust Problem.docx (round-2 drop, 2026-04-17). This article was drafted before the UIAO substrate was formalized on GitHub; it is published here per the pre-UIAO promotion path in ADR-030 with the byline and body preserved and filename qualifiers dropped.

Book: FedRAMP Boundaries — Articles on Application-Aware Networking · Previous · Next

Back to top