Are usability and security mutually exclusive, or two sides of the same coin?
Security doesn’t need to put obstacles in the way of genuine users.
Data security has too often been on the front pages of the media this year, with major public organisations including rail services and healthcare providers hit by WannaCry malware, while Deloitte and others have been high-profile victims of severe data breaches.
Many have derided the victims for running out-of-date software, and blamed users for poor passwords and clicking on links they shouldn’t have. While I wouldn’t go as far as that – I sympathise with the legions affected by the outages and those working to resolve the problems – there is an underlying lesson to be learnt: To be truly effective, security has to be simple.
Users are human, they click links they shouldn’t, they lose things and frankly, most of the time they just want to get on with their jobs.
And it’s here that many systems fail. By focusing on the worst possible scenario, rather than stopping to consider the wider impact on day-to-day operations and usage, some security platforms obstacles in the way of your users just doing their jobs. But if they’re making the lives of your admins or your end users more difficult, they’re failing to do their job and potentially just kicking the problem into the long grass.
Frustration leads to bad decisions and bad actions. If your admin’s overworked, trying to manage and maintain an inventory of hard tokens, replacing lost ones, updating software and enrolling new users, you run the risk of other patches and updates not being done and warnings being missed. By the same token, and if your users are forced to jump through hoops, they’ll find another way to get the job done – perhaps by downloading data to a personal device to circumventing those security hoops on corporate devices.
It’s easy to be paranoid – in fact, in our industry it’s healthy – but in a world where users expect ease of use to be built in to every device and programme they interact with, security must pay attention to usability if it is to truly integrate with the office environment. And hard tokens, just don’t do that: they require users to keep their devices with them at all times, adding to pockets already bulging with keys, smartphones and office passes – and losing one can affect a user’s productivity for days.
We used to put up with it as a necessary evil, but technology – and our expectations – have evolved.
That’s why, over the past decade, SecurEnvoy have sought to help our clients make their businesses more secure while making their staff’s jobs easier. We’ve pioneered the move away from Hard tokens to more user friendly, more secure soft tokens that simply run on a smartphone as intuitively as any other app.
Many end users probably won’t recognise our name – and that’s the way we want it. They barely notice us because we don’t get in the way. After a simple but highly secure confirmation of their identity – no longer than a standard Windows login – they’re up and running, with access to all the information and applications they need. They don’t even need to remember their passwords for third party applications like Salesforce – SecurEnvoy’s single sign on has done that for them, more securely than the standard interface.
SecurEnvoy believe that the key to better security is better user experience and this philosophy is what has driven our approach to multi-factor authentication for many years. That’s why our software enables our customers to grant secure access to end users using more authentication types than any other tool on the market, and why end-users and admins alike are such fans of ours.
Category: Industry News