Security Vs. Usability ?

In the security blogs and conversations I have watched most security people are constantly fighting usability or trying to get people to focus on security rather than usability.  I believe this is idea is holding back security from progressing farther and faster than it could.  This is also stopping some very impressive security controls from being developed and in many cases may stop companies from implementing the necessary security controls.

I was speaking with someone who had recently presented at a security conference.  He told me that there were multiple presentations where the first 5 slides were purely theory and 90% text. In that atmosphere you are going to lose a vast majority of your audience, even if they were originally interested in the project.  In contrast, tonight I was at a Masters Thesis presentation.  These presentations were about things ranging from User Experience, Supply Chain Management, Security and other Information Management topics.  Having previously heard presentations about all of these projects I was amazed at how each project brought it down to the user level and why it was important.  After thinking about it, I realized that is what is missing from Security and Usability.  People spend all their time trying to do more with security or usability at the expense of the other.  I believe that if Security people spent more time thinking about how to make security usable as well as secure companies would buy into security faster than they do now.

While I believe that much of the problem does lie with the security professionals, I also believe that this problem could be made easier if more User Design/User Experience people could help with this problem by actively incorporated security people while designing things.  If security and design work together more you would have better applications/networks and less applications like one I have to use that requires a 21 character password with at least 2 uppercase characters and 2 numbers and 2 non-alphanumeric characters.

As I am not a full-time security person and I don’t pretend to be a User Design/UX person I early await your thoughts.  Do you think that applications, or other computer related things can be made secure and usable or is it a hopeless cause?

Advertisements

One thought on “Security Vs. Usability ?

  1. Aditi says:

    Interesting thoughts, Mike.

    My take is that these two skills require different kind of thinking, and its likely that it becomes a either/or situation. For instance, most of the security protocols and architecture are quite heavily math-oriented and require high technical expertise. Perhaps at this in-depth involvement, the UI, design and how lay-man perceives it doesn’t interest the security folks. They are, in my opinion, in a different plane all-together.

    The UI and design folks on the other hand, are so involved with how the look-and-feel is , and how a person navigates through the design.

    Could this possibly be a reason for why the security folks and UI folks don’t see and present in the same way?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s