Maksim Kabakou - Fotolia

Security Think Tank: Education and automation will up security and cut user friction

How can organisations maintain usability and keep support costs low without compromising on security?

If organisations want to reduce customer support costs without compromising on security or usability, they must minimise user involvement by ensuring that cyber security is “baked into” products and automatically updated throughout the product lifecycle.

Operating systems such as Windows 10 now provide full disk encryption, firewalls and automatic updates, which should be implemented as a matter of course, and these all work with zero user intervention or knowledge. On top of this, tools such as virtual private network (VPN) should be deployed and configured to work automatically when a user connects a device to a non-corporate network, thus providing a secure connection with no user involvement.

Configured carefully, these security features do not overtly impact the user experience, yet provide good, basic security for the user’s (corporate-owned and provided) devices.

The best long-term solution is to build both security (and, where appropriate, privacy) into the design of every service, application or IT-based offering. This requires significant investment from developers, the testing community, security professionals and others. It also requires close alignment between the software development and cyber security professions.

Cyber security should be a fundamental feature of every connected product or service so that users barely notice it, just as drivers don’t need to install their own seatbelts and airbags because these are already built in.

Employees’ mobile devices can also be secured from an organisational perspective by using sandboxing, containers, virtualisation and/or cloud-based systems without adversely affecting usability. Technologies such as Good Technology offer sandboxes for use on mobile devices, while cloud providers can offer impressive functionality and security for use on any device.

In fact, for some organisations, moving to a cloud-based model for email, data storage and application provision may increase security – for example, the two-factor authentication (2FA) built into many cloud services – as the cloud provider can make the investments in security that the organisation sometimes cannot.

Of course, fielding many systems, applications and devices means that they must be supported and this comes at a price, especially if IT helpdesks have been outsourced. Yet it is possible to square this circle.

First, take the time and effort to build in security features at the design stage to decrease the amount of software that has to be supported during the product lifecycle. Second, organisations should adopt bring your own device (BYOD), but only support corporate applications on devices, not the underlying operating system or non-corporate applications. Organisations should also make use of cloud-based services, which often have extensive self-service help pages and, with frequent updates, fix many issues quickly.

Finally, it is vital to educate users about which specific problems can be solved independently and which problems the helpdesk can address, easing demand on customer support services by reducing the volume of erroneous enquiries.


Adrian Davis is managing director for Europe at (ISC)2. ................................................................................................................ ............................................................................

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close