For as long as cybersecurity has been around, the war between security and usability has been waged, battle after battle.
The longstanding belief that is held within the industry is that you have to choose one or the other. The more secure something is, the less usable it becomes, and vice versa.
The never ending battle between security and usability
Take, for instance, a computer.
The most secure computer in the world is the computer that is unplugged and buried 6 feet underground.
If nobody uses it or connects to it, then there are no concerns about unauthorized access to the data contained on that computer.
For the most part, this system of tug-of-war is real, with security and usability the two players in a zero sum game - and that is primarily because information security requirements often conflict with user experience requirements.
And therein lies the problem.
If you have two conflicting sets of requirements, at some point you have to pick a winner.
On one side of the scale, you have to consider the security requirements of your product or technology architecture.
The first consideration is the level of security required by your application or use case. The more sensitive the information the system touches, the higher the levels of security required.
This can range from public information that is perfectly acceptable to share, up to government information classified as secret. Deciding how secure your system needs to be starts with assessing the sensitivity of the data flowing through it.
This leads next into determining privacy requirements. How do we keep private the data that must not be accessed by the wrong person? Typically this is tackled through authentication or proof of identity in some way or another.
The more secure your system, the more sure you need to be of someone's identity when allowing them access to it.
Once you are satisfied that the person accessing the data is allowed to do so, the next concern is who else might be watching.
This is where we look at the security of the methods for which the information is being transferred. If someone can get in the middle and steal information, or worse, alter that information, we have a big problem.
This is often where usability takes a big hit. The more you restrict physical access to a network where data is being transferred, the less potential there is for prying eyes to gain access.
While physical barriers offer protection, they pose significant hinderances to usability. At the far end of this scale is the computer that is not plugged in to any network and can only be accessed after passing by a physical barrier where proof of identity is verified.
On the other end of the spectrum are the ease of use requirements for an end user.
Usually, the simpler a system or application is to use, the better. However, user experience often competes with the need for granular control by a user.
The more options and settings a user has to know about, the more complex the tool becomes. However, too little control can result in a tool that doesn't allow the user to do what they want.
In most cases, this can be resolved by creating a different user interface or experience for different types of users. Basic users get the "simple" treatment where they have few options or controls, while admin or power users get the "control" treatment where they are provided more options to granularly adjust what they need in the system.
The primary part of a users' experience with the system that competes with security requirements is the convenience aspect.
The ideal experience for any user is easy access anywhere, anytime from any device. In most cases, this directly competes with privacy and identity access management requirements.
Human error is the other pain point in the security versus usability debate. The more complex a user interface or user experience, the more risk there is for error, and the more risk there is for error, particularly around security settings, the higher the security risk.
Striking a balance between security and usability
As you can see, the competition between requirements can makes it challenging to create solutions that effectively balance security and usability.
In many cases, the industry has blamed users rather than trying to find solutions that are both easy to use and highly secure.
Cybersecurity training can help greatly reduce this gap, and bring users and systems toward closer harmony, but it certainly can't be the only way we try to solve usability the problem.
Security technology is partially to blame. We've allowed ourselves to buy into the notion that a secure system requires things to be difficult for end users.
That doesn't have to be the case. We can create usable security.
Organizations need to provide each user with tools that are both easy to use and highly secure. And it doesn't have to be impossible anymore.
Security can be simple
It is our belief here at Attila that security can be simple. And we strive every day to make it a reality.
Get to know GoSilent Cube, a hardware VPN that is both easy to use and highly secure
Secure any user or device simply by connecting to a GoSilent cube. It is compatible with any IP-enabled endpoint (no matter how old), and effective over any connection (no matter how public), with near zero configuration required - security so simple, “it just works.”
Anyone can use it.
The GoSilent Cube can be set up in just minutes with simple plug-and-play functionality. No technical administrator is required to set or configure the device.
Secure Over Any Connection.
Even the least secure connections become incredibly secure. Public Wi-Fi and captive portals are riddled with vulnerabilities that allow hackers to intercept the connection between the user and website they are trying to visit. GoSilent protects you even on these connections.
Connect from Anywhere.
No more worries about where you are connecting from geographically or physically when combined with our GoSilent Global servers.
Outfit Any IP-Enabled Device.
Connect and secure any endpoint that works with an IP address. GoSilent Cube is completely network, platform and operating system agnostic.
Secure Multiple Devices at Once.
Create a cost-effective solution to secure a large number of active devices simultaneously. Securely connect between 5 and 30 endpoints at a time with a single GoSilent Cube.
Top Secret Level Security.
Rest assured that your data will be secured using the most advanced methods to date. Built to adhere to even National Security standards, GoSilent protects your data to the highest levels.
We believe it is our mission to provide organizations with simple, highly secure solutions for protecting data as it moves between people, places, devices and networks.
We believe security doesn't have to be at odds with usability.
We believe that it is possible.
So each and every day, our talented team goes to work finding ways to create solutions that are both secure and highly user friendly.