October 11, 2016

Security doesn’t happen by accident – it must be by design

Maria Nordgren

VP, Sales, Security Services, Tieto

We often do data security like we're in Game of Thrones’ Winterfell and the winter is coming. We brace ourselves, build heavy walls and widen the moats. Comfort be damned, but we're gonna be secure!

What would you think if every time you get home from work you'd have to lower the drawbridge, lift up a heavy latch to open the gates and remember to give the correct password to armed guards? Not very convenient, is it?

Even though it’s nice to say that one’s home is one’s castle, the locking mechanisms of medieval fortresses wouldn’t fit in well with our modern lifestyle. We much rather use a reasonably sized key to open a reasonably sized door and just get in or out.

We have traded thick walls and wide moats for less secure but much more comfortable solutions that provide a reasonable level of protection for whatever we hold dear.

Often, we take the “castle approach” to end user security. There are demands for complicated passwords that must be changed in regular intervals (was this week’s password 4ZX!#ab% or p=,89WtF?) or for cumbersome additional measures (“after having established VPN connection and given your SecurID key, enter the PIN code provided in a separate message”).

One reason for this situation – besides wanting to play it safe – is that implementing security is much too often an afterthought. When a system isn’t inherently secure, the easiest thing to do is to build a wall around it and make entry as difficult as possible.

The new age of security

We have written also before that security measures that make work more difficult are bad security measures. We must build security from the ground up, designed into the system. And this is where user experience plays a crucial role.

Security Intelligence says in their article about biometric authentication that frictionless authentication methods can increase both security and customer satisfaction, when they are well implemented.

As we are entering the age of IoT, the importance of seamless security becomes even more important. When the connection between people and information systems happens directly without traditional computers acting as middlemen, also security must be approached in a new way.

It must be stressed that having a great user experience doesn’t mean that you should skimp on security. To survive in this new age, it becomes mandatory to think of security at all stages of design – from the start of the project all the way to the acceptance tests.

When security is implemented by design, there is no need to have any trade-offs. Why don’t we just stop thinking about user experience and security as separate entities? It’s time to start speaking about the Security Experience.

Read more about our security approach here.

Stay up-to-date

Get all the latest blogs sent you now!