Defining a 'user-centric' approach to security
Sudeep Venkatesh is the Chief Product Officer (CPO) at Egress Software, leading its Product Management, Product Strategy and Technical Services functions.
Here at Egress Software, we have been very excited and energised about bringing a 'user-centric' approach to our data security platform. The Egress user-centric platform at its very core cocoons the user with privacy and risk management tools that enable them to securely share and store unstructured data.
However, it is important to take a step back and understand the four primary reasons as to why Egress has adopted a user-centric approach in the development and design of its data security platform.
1. The user is the only constant: The rapid adoption of the cloud has completely changed the technology landscape of most organisations. Our email systems are now hosted by cloud providers such as Microsoft and Google. Fundamental technology resources such as computing, storage and networking are rapidly moving to AWS and Microsoft Azure. We already use SaaS products such as Salesforce and Microsoft Dynamics and increasingly rely on platforms such as Workday for our HR functions. There will be no arguments when I claim that the only entity remaining in an organisation within the next 3-5 years will be the user. If so, shouldn’t we focus on bringing privacy and risk management tools as close to the user as possible?
2. Users are unpredictable: Users are people, and we humans often commit mistakes. Emails sent to the wrong person account for a large proportion of data breaches. A local London council was recently fined £120,000 for accidently releasing sensitive data to journalists. Last year, Newcastle City Council admitted to accidently attaching an internal spreadsheet to emails inviting adoptive parents to the council's annual adoption summer party. This attachment contained personal details relating to 2,743 individuals, including adopted children. A user-centric approach enables organisations to build a safety net for user behaviour to prevent accidental as well as malicious breaches of data.
3. Empowering the user: I have heard some amazing stories these past few months at Egress. A police force in the UK is using our products to enable members of the public to submit video and photographic evidence of driving offences that they may have witnessed. This has directly resulted in fostering a safer driving environment that has saved dozens of lives! A charity uses our email protection platform to securely communicate with victims of abusive relationships, thus empowering them to seek help and safely extract themselves from life threatening situations! At the end of the day, we provide “a button in Microsoft Outlook” or a “web browser interface that stores files”. However, having a user-centric approach helps us bring these stories and usability issues into the core of our product design and development process.
4. Providing the best ROI for security investments: Buying a house is an investment decision that is made with a 20-year horizon in mind. While buying a car, we typically accommodate lifestyle changes and plans for the next five years. Why shouldn’t an organisation apply the same rigour when it comes to investing its often-scarce security budget? If the user is the only entity remaining over the next few years, shouldn’t security and risk management investments be focused as close to the user as possible? These would include solutions that:
• Help an organisation discover and classify user-generated sensitive data
• Prevent the accidental send of sensitive information
• Enable the secure sharing and collaboration of information for legitimate business purposes
• Provide organisations with detailed reports and analytics to understand the risk of sensitive data leakage by users
I hope that this post starts building a case for always putting the user at the centre of an organisation’s security tools and risk management processes. We look forward to providing you with additional thoughts and updates over the next few months!
You can also check out our datasheet.