In the security blogs and conversations I have watched most security people are constantly fighting usability or trying to get people to focus on security rather than usability. I believe this is idea is holding back security from progressing farther and faster than it could. This is also stopping some very impressive security controls from being developed and in many cases may stop companies from implementing the necessary security controls.
I was speaking with someone who had recently presented at a security conference. He told me that there were multiple presentations where the first 5 slides were purely theory and 90% text. In that atmosphere you are going to lose a vast majority of your audience, even if they were originally interested in the project. In contrast, tonight I was at a Masters Thesis presentation. These presentations were about things ranging from User Experience, Supply Chain Management, Security and other Information Management topics. Having previously heard presentations about all of these projects I was amazed at how each project brought it down to the user level and why it was important. After thinking about it, I realized that is what is missing from Security and Usability. People spend all their time trying to do more with security or usability at the expense of the other. I believe that if Security people spent more time thinking about how to make security usable as well as secure companies would buy into security faster than they do now.
While I believe that much of the problem does lie with the security professionals, I also believe that this problem could be made easier if more User Design/User Experience people could help with this problem by actively incorporated security people while designing things. If security and design work together more you would have better applications/networks and less applications like one I have to use that requires a 21 character password with at least 2 uppercase characters and 2 numbers and 2 non-alphanumeric characters.
As I am not a full-time security person and I don’t pretend to be a User Design/UX person I early await your thoughts. Do you think that applications, or other computer related things can be made secure and usable or is it a hopeless cause?