Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security and User Experience (by Glenn A. Gustitus at #NUX5)

210 views

Published on

Security and User Experience: Pushing for Change in the Enterprise Environment

Slides from the NUX5 talk by Glenn A. Gustitus, Friday 7th October 2016.
2016.nuxconf.uk / nuxuk.org

Synopsis:

Pushing for change in an enterprise environment is a challenge. Improving the user experience of security solutions that historically have conflated being difficult to use with being more secure, is an even larger challenge. In this talk, Glenn is going to show you why security needs our help, and how to have a positive impact in an environment known for being especially change resilient.

Published in: Design
  • Be the first to comment

Security and User Experience (by Glenn A. Gustitus at #NUX5)

  1. 1. Security and UX Pushing for Change in the Enterprise Environment
  2. 2. “The value of personal financial and health records is two or three times the value of financial information alone.” – Post Gazette http://www.post-gazette.com/news/health/2015/03/16/Healthcare-files-valuable-to-identity- thieves/stories/201503160013
  3. 3. “Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number” – Reuters http://www.reuters.com/article/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924
  4. 4. “Criminals are selling the information on the black market at a rate of $50 for each partial EHR, compared to $1 for a stolen social security number or credit card number” – FBI Cyber Division http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber- intrusions.pdf
  5. 5. Secure From the Start
  6. 6. Yahoo
  7. 7. 500 million email accounts
  8. 8. “To make computer systems more secure, a company often has to make its products slower and more difficult to use. It was a trade-off Yahoo’s leadership was often unwilling to make.” – New York Times http://mobile.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html
  9. 9. “-their requests were often overridden because of concerns that the inconvenience of added protection would make people stop using the company’s products” – NY Times
  10. 10. When we aim to improve the user experience of security, we aren't just challenging convention, we are challenging culture.
  11. 11. Involve Development from the Beginning
  12. 12. Involve Security from the Beginning
  13. 13. “Design happens when designers aren’t there.” – Jarod Spool https://articles.uie.com/designing_without_a_designer/
  14. 14. To solve these problems, we need to have a common language.
  15. 15. Risk
  16. 16. Risk is any event that could result in the compromise of assets.
  17. 17. We make a series of design decisions that make assumptions about risk.
  18. 18. 1. Hard to guess (or find out) 2. Easy to remember 3. Doesn’t change over time
  19. 19. Multifactor Authentication
  20. 20. A thing you have. A thing you know. A thing you are.
  21. 21. https://arxiv.org/pdf/1309.5344.pdf
  22. 22. Authentication
  23. 23. Authorization
  24. 24. Globalization & Privacy
  25. 25. https://www.dlapiperdataprotection.com/#handbook/world-map-section
  26. 26. 1. Share your process.
  27. 27. 1. Share your process. 2. Understand the limitations of the other disciplines.
  28. 28. 1. Share your process. 2. Understand the limitations of the other disciplines. 3. Build those relationships.
  29. 29. Success Story (with a dash of failure)
  30. 30. PAM (Privileged Access Management)
  31. 31. 1. Observe your users.
  32. 32. 2. Craft Personas. 1. Observe your users.
  33. 33. 2. Craft Personas. 1. Observe your users. 3. Integrate into your user’s workflows.
  34. 34. “The Paranoids, the internal name for Yahoo’s security team, often clashed with other parts of the business over security costs.” – NY Times
  35. 35. Empathy
  36. 36. Thank you.

×