Today organizations are faced with a dilemma when it comes to balancing the need to deliver an exceptional user experience on desktop and mobile devices and protecting company and personal data. Protection can run the gamut from no password needed, inputting a fingerprint or a litany of passwords every few minutes, or the use of more modern and secure innovations such as continuous biometric verification and recognition.
As a “security guy” myself, the idea of vulnerable data gives me cold sweats, but as a “regular guy” who buys tickets, sends email and checks my bank balance through my computer and mobile phone, I have to admit that a constant barrage of security measures is annoying. And it’s not just an inconvenience: companies lose billions of dollars a year as a result of customers not completing transactions because there are too many roadblocks – including security prompts.
Let’s be realistic – nobody likes to deal with remembering usernames and passwords or using multi-factor security. However, with the ever-increasing number of data and public network breaches, internet hacking and the proliferation of malicious software, companies can’t ignore security and the user experience.
As more new security technologies like continuous biometric verification and recognition become more commonplace, IT and UX professionals need to work closer than ever before to create a consistent, scalable and secure solution that meets the needs of their organization and their end-user.
On one hand, you have the IT folks who are paid to be paranoid and risk averse. For them, the best way to fulfill those goals is to proceed with caution and, unless there is a strong business case, they are reluctant to change even though the established solutions may often lack the ability to cope with today’s usage models. Keeping an organization’s crown jewels safe, whether they’re proprietary financial data, customer login information, account numbers, snail mail addresses, billing information and other information that should be kept private, is the team’s priority.
On the flip side of the coin, you have the design teams and ultimately the business people who are focused on making it possible for all current and future customers (and in the enterprise, users) to interact with their products and services as easily, intuitively and quickly as possible.
Not surprisingly, it is common for two teams with equally valid viewpoints to find themselves on opposite sides of the security-versus-UX debate. In fact, this is such a problem that it actually has its own acronym. The link between user experience and security has been closely studied and is known as HCISec (also referred to as HCI-SEC or Human Computer Interaction and Security). Security professionals need to know that while their focus is on system security, they simply cannot overlook user experience.
While their primary objective is to allow authorized users to access to their company’s systems, they also need to keep in mind that the ways in which users interact with their system have broader business implications. Individual customers who have a negative user experience when interacting with a company’s security protocols may simply not log in, or if they do, they may not purchase anything and very likely they won’t return. From an enterprise perspective, intuitive and simplified security delivers improved workflow as well as increased efficiency. Both outcomes directly impact a company’s bottom line and ultimately its long-term success.
Finding Common Ground
Now that we’ve looked at the problem, it’s time for some good news. For most systems, applying smart user experience principles can actually improve their security. But it can only happen if all parties are aware of the overarching guidelines for the two stakeholder groups:
- For user experience designers, the question is: How do you design the security experience to fit the needs of managing a secure digital identity?
- For security professionals, the question is: How do you enable your customers to do business with speed and comfort while feeling secure?
There are three steps that I recommend for designing a state-of-the art security solution that will satisfy both end-user customers and enterprise clients.
- Capture the data – Where is your security solution impacting the company in financial terms – look at abandoned shopping carts, trending around repeat customers, number of related trouble tickets, etc. Post a survey if necessary, but get the information you need to determine the impact of UX on users’ security experience.
- Map the data to potential revenue and cost savings – If everyone who left your site because of a clumsy security process UX had in fact purchased a product or service, what is the potential revenue?
- Establish a Task Force to create an improved solution based on the data collected – Include everyone with skin in the game – line of business execs, IT, marketing, communications, finance, strategy– whoever has an interest in the security solution being successful.
The ultimate goal is twofold: creating an authentication system that provides robust security and that customers believe protects their information, while at the same time providing an easy way to securely do business with your organization through any internet-enabled device.
That’s more than a technical issue – it’s a philosophical one and an organizational one. Forward-thinking leaders need to recognize that security and user experience are not mortal enemies, and that they can actually coexist. And companies that don’t are going to get left behind.