User Experience – The Kingmaker for Security Adoption

This is the first in a series of blogs promoting the IDC infobrief: ‘Harnessing Identity to Position Security as a Business Enabler’. This infobrief details the perception and challenges of Security leaders and provides guidance on how to positively influence security perceptions, turn challenges arising out of digital transformation into opportunities and, finally, how best to engage the board. The infobrief can be downloaded below.  

No longer can security be delivered 100% from within a business. The world is changing too fast and the skills needed to address all security needs in-house are extremely rare and very expensive. Many organisations are finding this out at a great cost. Not just through cyber-attacks and high staff turn-over, but also though the inability to scale the business to take advantage of market opportunities. 

If an organisation suffers a breach due to a technical weakness, then the security team are typically asked why this happened.… and they are also the ones who shoulder the responsibility for the weakness being exploited as they should have all the angles covered (even if they weren’t involved in the project that exposed the business!) 

Business models are changing all the time and digital transformation has given rise to blind spots in the security perimeter that security don’t know exist.  

The static security perimeter for managing access is being replaced by a new flexible and scalable security perimeter focused on consolidating technology while providing a smooth user experience. Some may think that this sounds aspirational, yet digital transformation is clearly diving the demand for such solutions. To create this new perimeter, identity and access management (IAM) solutions that integrate with existing infrastructure are being deployed. In fact, in an effort to remove integration challenges and eliminate blind spots in coverage, the preference is to use services and solutions that are available from a single service provider, or at the very least, a service provider with a rich ecosystem of partners that can integrate seamlessly. 

IAM requires a comprehensive set of tools which include Single Sign On (SSO), Multifactor Authentication (MFA) Enterprise Password Management (EPM) which may not exist in the security portfolio at present. Adding these services, may appear to add more resource requirement that are already stretched maintaining the status quo.  

The shift, according to IDC research1, is to Cloud based IAM service – better known as Identity as a service (IDaaS) offerings. This reduces the skills and head count requirement and leverages the core competencies of a dedicated identity provider to provide a more comprehensive service to the business. 

While the tried and tested methods of access control (usernames and passwords) have their challenges, they’re not going away. The growth of SaaS and high workforce mobility demand a solution that can not only solve for the traditional and new IT needs but also embeds security by design and delivers a user experience that just lets people get on and do what they need to do, while security operates in plain view, invisible to all apart from the security team. 

Such business needs have been positioned by IDC as Identity Drivers, of which there are five, that will enable Security leaders to become central to enabling secure growth for the business. 

The first Identify Driver is Optimised User / Customer Experience. This driver details, according to IDC research1, the key priorities of senior business leaders and IT decision makers and provides security leaders with guidance on how to harness this driver to add value to user experience projects, ensuring security by design, while aligning with business goals. 

Download the IDC Infobrief that details the five Identity Drivers, along with challenges that security teams face, how security teams are perceived and how to talk the same language as the board. 

Source1: IDC, European Security Strategies Survey, 2019 (n=700)