Our Blog

where we write about the things we love



Security versus Usability – conundrum or continuum?

It was my pleasure to recently share lunch and a Microsoft Enterprise Mobility Suite (EMS) discussion with a group of IT leaders. For starters, any meeting chaired by our own energetic and innovative CTO, Chris Auld, is always going to get interesting, but the fundamentals were also at the centre of the conversation. It’s easy to get excited about devices and modern, intuitive applications for our increasingly mobile staff and customers, but the less “sexy” fundamentals are also important.   

What are the basics?

 Multi Factor Authorisation (MFA) and securing sensitive data are hot topics. The good news is, MFA is getting easier to deploy and fund. Whereas primary authorisation is generally something you know (like a user name and password), secondary authentication often centres on something you have (like a mobile phone). There was general agreement that this is a good development.

Security versus usability

We also discussed the “Front Page” test, aka “what if a security breach lands us on the front page of the newspaper (or home page of the news website)?”  The answer is: it depends. If a rogue employee surfaces sensitive data that would probably attract some sympathy. But an unsecured device being hacked would just be publicly embarrassing. The challenges are where to store sensitive data and how to manage it so that it’s usable but safe. That’s regardless of whether it’s held on a laptop, iPad, phone, USB key or home computer.

Is CX our new frontier?

 How do you strike a balance between the internal customers’ experience of IT (usability) and the nature of controls deployed (security)? One goal is to make the experience seamless so that the controls needed for security don’t intrude. A good example of this is BitLocker as delivered within the Windows 8.1 roll out. Once it’s set up, files are automatically encrypted without any effort on the user’s part. Good stuff!

Perimeter and epi-centre risk?

Hackers are bad. Except when they’re paid by you to test your security via a regular penetration test. Better to discover a weakness that way than through a malicious attack. Companies that don’t engage someone to test their security this way are at risk.

So are those that grant their epi-centre (admin team) “god-like” access to files. A lot of the time, much of the access granted isn’t truly required for them to do their jobs. Bad stuff!

So where did Chris and other folk take the conversation?

App development

We often hear the agile term “fail-fast” (or should that be “learn-quickly”?)  But if your first experience of a consumer app is poor, will you really give it a second chance?  The app consumer world is training us to demand the best from day one. Given that, what principles are IT leaders applying in the enterprise app space? 

Number One: Start simple and get it right. Minimum usable product is a good mantra, followed by learning from how the app is used. 

A second principle is skunkworks and stealth. That is, quietly passing your new application to influential, well-connected individuals to trial before unleashing it on the world. One customer cited a Lync rollout using stealth as an absolute winner, stating that Lync has been “the gift that keeps on giving and is a no brainer”.

Internet of Things (IoT) and Drones

Let’s start with drones. We’ve seen a smart application in asset management and maintenance where a drone is used to complete asset surveys. Put that against the cost of a helicopter to do the same work, and you’ll be enjoying an excellent ROI. The use of drones will only increase, surely.

IoT will continue to invade and investigate our lives in ways we will either love or hate – or maybe both. Legislation may struggle to keep pace too – right now it offers almost dangerous levels of latitude.  Business will have a big say in where the boundaries are drawn between usability and privacy. They’ll consider things like corporate social responsibility, brand equity and what customers are willing to accept in the never ending pursuit of convenience. That doesn’t mean the answers will be simple: ask yourself, how comfortable will you be to have machine learning assess your behaviour across various channels and present an offer to you before you’ve even had a chance to recognise such an offer might be relevant!    

Whatever your response to any of these issues, one thing is sure: EMS is how you have everything hang together effectively. Keep your eye on that principle, work out where you need to sit on the continuum of risk versus usability, and you’ve got every chance of appearing on the front page for the right reasons!


Image CC BY 2.0

Posted by: Steve Scarbrough, General Manager Business Applications | 11 March 2015

Tags: mobility, Security, Internet of Things

Top Rated Posts

Blog archive

Stay up to date with all insights from the Intergen blog