Technology analysis: How easy are infosec products to use?
- Article 32 of 33
- SC Magazine, February 2013
The paradox of information security is that while the best products have necessarily complex functions, they must also be easy to use, writes Rob Buckley.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages
Information security is a complicated discipline. It requires a deep understanding of people, processes and technology to prevent an organisation's systems and data from being compromised, either accidentally or deliberately. So, to some, 'ease of use' in security software is a misnomer - infosec should be hard, shouldn't it?
Yet the innate complications of infosec can have negative effects: employees might stop bringing their own devices to work if the kit is made significantly harder to use as a result of security; fed up with attempts to block or restrict their access, they might add cheap WiFi routers to networks; unable to remember many complex passwords, they are likely to duplicate these across multiple, weakly protected websites; and being harassed by endless security pop-ups could well encourage them to unthinkingly click on fake ones.
The problem is not restricted to end-users. Gartner analyst Greg Young says up to 98 per cent of firewall breaches are caused by misconfiguration. Meanwhile, SIEM logs go unread or are switched off because of false positives and the time required to deal with them. Systems are not integrated because they are just too hard to combine. Even jobs are left unfilled because the necessary expertise is either unavailable or too expensive.
So, is there a happy medium between the desire for simplicity and the need to be secure? And how much attention are vendors and CSOs paying to the issue?
Easy living
Every vendor, if asked, would claim that ease of use is important.
"It's of great interest to us," says Ville Hämäläinen, director of R&D at Stonesoft. "We claim to be the most usable in the industry."
Jody Brazil, president and CTO at FireMon, says: "We sweat bullets day in, day out to make sure our software is easy to use."
Andy Jacques, general manager for EMEA at Good Technology, adds: "It's absolutely the core of the Good for Enterprise product."
Of course, no software vendor is going to state that its software has deliberately been made as difficult to manage as possible, or that the concept of usability is not something they bother with. However, clearly some products are harder to use than others.
Morten Stengaard, director of product management and quality assurance at Secunia, has a background in consumer software, which he says is much more user-friendly. "Security vendors have failed in the past to make things easy to use. They have focused on features, not the total cost of ownership and how much work there is for the user," he says.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages