Consumerize Your Security With Better Design
Once upon a time, you went to work and you used information technology. You entered the office, you used the computing device (endpoint) on your desk that was assigned to you by your employer, and you used the software they provided to conduct the company’s business.
Today, of course, that’s all different. You might use a device provided by your employer, but you might also use your own personal device that you purchased. And you might get annoyed when you have to switch back and forth between one and the other as you try to keep them separate. Not only that, but you’re increasingly using the same software for personal reasons that you use for work — email, file sharing, social media, and more. The only difference is what you’re doing with it and why: the context.
These blurred lines between personal IT and business IT have a couple of implications. One is that sometimes the only difference between work and home is the login name you use for that SaaS application. In some ways, this means that the new security perimeter for an enterprise is the identity, which is part of what we talk about with zero trust. The other implication is that when you’re using the same software as a consumer and as a worker, you get used to the ease of consumer-grade experiences and you don’t want to give them up.
The new reality is that we are all consumers — all day, every day. It doesn’t stop when we get to the office. We switch back and forth constantly between a business context and a personal one. What we see on the screen in front of us, and what we pull out of our pockets or purses, are increasingly the same.
For creators of security software, it’s time to stop treating these two contexts as if they belonged to different people. “Engineering-grade” user interfaces have to evolve to meet the same design standards as highly competitive consumer applications. It’s not that we have to “dumb them down” — that’s an outmoded attitude of them versus us, insiders versus outsiders — but rather that we have to acknowledge consumerization as a trend that affects us all.
If you logged into an online shopping site and it looked like an ERP application, wouldn’t you run away and look for something better?
We still need design personas, such as administrators, developers, operators and end users; but we can’t assume that they are different people from an experience perspective. At smaller organizations, staff often take on multiple roles anyway, and with user-facing applications (such as MFA), everyone is an end user.
We can no longer afford to assume that even a technical user of our products will tolerate a complex, clunky, strictly utilitarian interface on a software application these days. Company staff can’t be expected to put up with bad design just because their employer tells them to. They’re starting to revolt, starting with the department heads who launch shadow IT projects and the executives who insist on doing company work on their own devices.
In other words, users are no longer “captive” to what their enterprise organizations choose in security software. They have options and opinions, and those opinions are getting louder. Let’s treat security products as if they were being launched in the worldwide marketplace, on a stage under bright lights, by a CEO in a black turtleneck.
Security software doesn’t have to be painful and can be user-friendly and easy. In order to secure our workplace, we have to compete every day with the design of beautiful and simple software that is on our phones and in our pockets.
Find out how easy security can be for your organization or business, start a free trial of Duo here