itb-nz logo
Story image

How user-centred design is reshaping cybersecurity

12 Nov 2019

Article by Detexian chief product officer Andy Budiman

User-centred design and design thinking isn’t a new discipline but its application in cybersecurity is emerging as a new trend that will reshape the industry in 2020 and beyond.

For CIOs and cybersecurity experts, it means championing a culture shift to constantly ensure we’re looking through the lens of the user’s perspective and thinking about what they need, how they use the technology and how to keep up with the pace of rapid change.

A user-centred design approach starts with users and asking them what they want to gain a deeper understanding of their needs. 

Collaborating together, we can then generate ideas with prototypes, which gives users something tangible to interact with and provide feedback on.

This enables us to define the user’s needs more precisely and test assumptions made during the initial stages of the system’s development.

It is a continuous and iterative process to refine ideas and create something that is desirable, viable and feasible for the user and the business.

The human side of agile

This might sound a lot like an agile software development methodology.

But while user-centred design is related to agile software development, its focus is strongly on the user experience rather than the development process.

Every step of the process is dictated by the needs of the user, solving their problems and giving them the information they need at the right time in a desirable form.

It’s not unusual for a business to be using up to 100 different Software-as-a-Service (SaaS) solutions.

Each of these will have its own security settings.

Answering a simple, but important question, such as “is two-factor authentication active for all my SaaS applications?” can be extremely difficult.

Most users will be after a simple yes or no answer.

Or perhaps a red or green indicator on a dashboard with other important questions.

In the past, answering cybersecurity questions resulted in receiving a data-rich, but often an inscrutable response.

By reducing the reliance on dense data and delivering information in a more accessible way, organisations can make better decisions.

Dealing with escalating threat levels

Cybersecurity has always been a data-rich field and the sophistication of threats has escalated.

The number and complexity of security compliance regimes increase and we now collect more data from more places than ever before.

We have moved from having limited visibility of the threats and actions of malicious actors to information overload.

The attack on Target in the USA might have been the first mega-breach to reach the public eye but that event put the spotlight on boards and executives and their responsibilities in protecting organisational data from cyber attackers and it completely reshaped the cybersecurity industry.

The information security industry has always struggled to translate its messaging from complex, technical terms into information that’s useful to boards and management teams focused on risk.

The traditional users of information security-related information have been the technology team.

In order to distil this complex flow of technical data into useful information and insights, a new approach that starts with the users of the data is needed.

Multi-cloud challenges

While all these changes have been taking place, businesses have been turning their technology stack inside out.

Cloud services, whether they are platform or infrastructure services or applications that are developed and operated by third parties have created increasing complexity. 

CIOs are also struggling to deal with dozens of external providers whose systems may make it challenging to monitor the various settings and options they have for securing data.

As the volume, velocity and variety of security-related data continues to increase, making wise decisions is becoming harder.

Focusing on the questions business leaders want to ask and solving the problems they have require putting their needs first.

User-centred design constantly tests assumptions in order to ensure the right questions are being asked so we create a desirable, viable and feasible outcomes.

Story image
Worldwide revenues for AI skyrocket, set to reach $550B by 2024
By 2024, the market is expected to break the $500 billion mark with a five-year compound annual growth rate (CAGR) of 17.5% and total revenues reaching $554.3 billion.More
Story image
The State of Data Virtualisation: Enterprises see data virtualisation as strong alternative to data warehouse solutions
"The rapid growth of data virtualisation is exposing major cracks in the business foundation that supports the technology."More
Story image
Covid-19 sees rapid cloud adoption, rise in double-extortion ransomware
“We need to act now to stop this cyber pandemic spreading out of control."More
Story image
Investing in digital trust for the post-pandemic business landscape
Business leaders in 2021 need to make sustainable investments to give their organisations a much-needed resilience boost to tackle new disruptions, while still enabling growth.More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More
Story image
Video: 10 Minute IT Jams - Who is Logmore?
Logmore is a Finnish company specialising in shipment condition monitoring using an in-house cloud service and QR code tags. With its specialisation in temperature monitoring for food and pharmaceuticals, the company is keeping busy with COVID-19 vaccine shipments.More