The current state
Today we are offered a myriad of technical solutions to the plethora of threats we face. Each product is focused on solving its particular problem, with the definition of success being mitigating its chosen threat. This threat centric view of the world makes complete sense to the security professional and risk manager, as threats are what keep them up at night.
The user is not the centre of these threat centric products. While users appreciate a safer environment their main concern is a seamless experience as they go about their lives. The product that concentrates on mitigating threats tends to throw hurdles in front of users. Each hurdle degrades the user’s experience and will tend to compel users to circumvent the hurdles in the search for easier lives.
The compromise
This conundrum often leads to security professionals performing a balancing act between user experience and security; sadly often only when complaints are raised by users, rather than in the design phase. I think we have all said that doing something is better than doing nothing.
The solution?
We need to move from that threat centric view to a user centred view. With the user the prime focus of security solutions, we can ensure their experience is frictionless and we can utilise them as part of the solution. A user that has been on security awareness training and understands the value of the data they create and interact with can become a powerful security weapon, with no need to compromise on security.