Security and User Experience: Pushing for Change in the Enterprise Environment
Slides from the NUX5 talk by Glenn A. Gustitus, Friday 7th October 2016.
2016.nuxconf.uk / nuxuk.org
Synopsis:
Pushing for change in an enterprise environment is a challenge. Improving the user experience of security solutions that historically have conflated being difficult to use with being more secure, is an even larger challenge. In this talk, Glenn is going to show you why security needs our help, and how to have a positive impact in an environment known for being especially change resilient.
2. “The value of personal financial and health
records is two or three times the value of financial
information alone.” – Post Gazette
http://www.post-gazette.com/news/health/2015/03/16/Healthcare-files-valuable-to-identity-
thieves/stories/201503160013
3. “Stolen health credentials can go for $10 each,
about 10 or 20 times the value of a U.S. credit card
number” – Reuters
http://www.reuters.com/article/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924
4. “Criminals are selling the information on the black
market at a rate of $50 for each partial EHR,
compared to $1 for a stolen social security
number or credit card number” – FBI Cyber
Division
http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-
intrusions.pdf
8. “To make computer systems more secure, a
company often has to make its products slower
and more difficult to use. It was a trade-off
Yahoo’s leadership was often unwilling to make.” –
New York Times
http://mobile.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html
9. “-their requests were often overridden because of
concerns that the inconvenience of added
protection would make people stop using the
company’s products” – NY Times
10. When we aim to improve the user experience of
security, we aren't just challenging convention, we
are challenging culture.
Email addresses, names, phone numbers, birthdates, security questions and answers, and potentially passwords
Threat plus consequence
U
Designers, especially in larger corporations can feel understaffed with too small of a budget. That other disciplines don’t understand the value they present. It’s important for us to remember that these other diciplines that we work with are often in the same place we are.