Posted By: Uniken | Posted On: February 9, 2018
Trading off Security and Usability Creates a Barrier to Digital Transformation, Leaving You on the Wrong Side
Not long after an erroneous missile warning sent Hawaiians into a security panic, the throngs of amateur usability designers on the Internet scolded Hawaii’s Emergency Management Agency for creating a system where an employee could literally push the wrong button and cause a security panic.
What everyone seemed to wonder, though, is how could the state rely on a fundamentally poor user experience for something as critical as missile defense warnings? Now, arguably, citizens of Hawaii will be less secure since trust in the early warning system has been eroded.
This was just the latest high-profile example in a supposed zero-sum game that has been going on for years as companies embark on digital transformation: security versus usability. While most of the focus to date has been on the internal impact at organizations—see the growth of shadow IT, for example—the balancing act between security and usability now impacts customers and ultimately a company’s bottom line.
“In the real world,” argues Tyler Shields, “any security initiative that degrades usability will lead to unintended consequences.” The biggest of which is customers choosing a different company or product because security methods have degraded the user experience to such a degree.
What Transformation SHOULD Look Like
Why are companies of all sizes pursuing large-scale digital transformation strategies? They want to see out-size growth in the number and value of transactions and interactions they drive with their customers. So, in a “Digitally Transformed” world, we should see transactions like the following:
- Use a mobile app to approve sharing your medical records with a spouse.
- Send a text message to your broker to execute a stock transaction.
- Use a mobile citizen app to vote in elections or on referendum.
- Have a fast, easy conversation with your credit card company without going through “What is your favorite flavor of ice-cream?” types of questions.
The reality is that while we’re seeing some benefits of digital transformation for low-value transactions, the true promise of these programs is still largely unfulfilled. This is principally due to the fact that most organizations are still treating security and usability as a zero-sum game, trading one off against the other.
The Barrier to True Digital Transformation
Here’s the problem with subscribing to the zero-sum mentality. Plotting various security approaches on a grid for securing digital transformation looks something like this:
Unfortunately, the approaches that most companies use to secure their transformation initiatives trade security and usability off against one another, leaving companies poor at both, creating a barrier behind which they’re constrained. This barrier prevents them from reaching the ideal state of truly unlocking the full potential of total omnichannel digital transactability with their customers and users.
- Passwords are notoriously insecure, irritating to remember and update, and costly to reset.
- Knowledge-Based Authentication (KBA) is bad across both dimensions. It’s painful for the user to go through KBA authentication in a call center, adds friction (up to 60 seconds per call), and events such as the Equifax breach have rendered KBA all but worthless for security.
- Voiceprints are super easy, but can be recorded and are a frequent target for fraudsters
- Security tokens are extremely strong and difficult to compromise, but they require the user to carry something around, get lost frequently, and are expensive to implement.
So, What is a CDO Strategically To Do?
A Chief Digital Officer (CDO)’s success is dependent on delivering an omnichannel client experience that delights the end user, and still keeps their data (and your firm) safe from attackers and breaches. You need maximum security AND maximum usability, without trading one off against the other.
This vision can be realized by following this three step approach:
- Take a mobile centric approach to security by leveraging the one thing customers always have with them.
- Provide simple and consistent authentication across all channels whether it be biometric access on a mobile app, passwordless web security on a desktop computer, or safe and easy call center security.
- Enable zero fraud and unlock the full potential of your customer channels by enabling omnichannel transaction and interaction verification.
Downlod our resource, The CDO Guide to Omnichannel Security to learn more.