researchHQ’s Key Takeaways:
- The concept behind user experience (UX) is to give users the desire to appropriate a tool, assimilate all aspects of it and derive benefit from it.
- UX allows administrators to easily administer agents within an IT equipment pool, implement security policies, monitor events and reduce potential security tool configuration errors.
- UX allows end-users to easily appropriate, understand and want to use a given cybersecurity product.
- There are a number of increasingly common UX initiatives meant to make products more “user-cyber-friendly”, such as UX design sessions and UX testing.
- Key UX trends include new uses such as digital nomadism and teleworking, employee empowerment and digital hygiene.
Maybe we should be viewing cybersecurity not as a restriction, but as a regular habit. However, if we expect the user sitting between the keyboard and the chair to become a strong link in the digital health chain, we need to provide them with tools that make them enthusiastic about this role. And UX can make this an area in which companies can make a difference.
1993 is the date when the concept of user experience was born. Its godfather was Don Norman, who “wanted to cover all aspects of the person’s experience with the system”. The whole approach behind this concept is to give users a desire to appropriate a tool, assimilate all aspects of it and derive benefit from it. This “User eXperience” (UX) can now be applied to any area, and is of particular interest in companies’ digital strategies. When used to promote effective cybersecurity, UX can prove to be a real asset, reinforcing a company’s defensive approach and its employees’ digital confidence.
Successful cybersecurity also involves UX
UX is not solely an issue for “the end user”. It is equally important for administrators to adopt and take ownership of a product. We should therefore identify two main groups of UX beneficiaries in the cyber world: the technical user (administrator) and the end user. “There are interfaces for administrators and interfaces for business. In both cases, the goal of the UX is to ensure they can be used by everyone – remaining simple for an average user and more complex for an expert,” explains Sébastien Viou, Cyber-Evangelist Consultant at Stormshield. An administrator will need a security solution with a good UX to make it easier to administer agents within the IT equipment pool, implement security policies and monitor events. Another key cybersecurity point: a good UX will help the administrator to reduce potential configuration errors for security tools – which immediately become vulnerabilities for the company. And in terms of the end user, the UX must make it easy for them to appropriate a product, understand it and want to use it; and there are even times when the experience should simply become “transparent”. We should therefore be promoting a cybersecurity approach that uses the UX, taking into account the reality of the user requirements on which it is based.
The UX is also assuming an increasingly important role in the design of cybersecurity solutions. And, as Guillaume Poupard, Director-General of the ANSSI cybersecurity agency, stated in 2018: “You have to make digital security sexy; in other words, understandable.” “You need to understand what you are trying to secure, the threats you’re dealing with, and the resources you have, and you need to involve people who are not part of the cybersecurity inner circle.”
Cyber-user-friendly: bringing sexy to cybersecurity solutions
Cyber culture and UX are really the same thing. An effective cyber culture is a culture that provides for the adoption of security solutions by employees according to their sensitivity. Publishers must take this requirement into account in the design of their products and develop them by adopting a business approach, rather than a technical one. Technology is a resource, but the UX must be built around an understanding of users’ day-to-day lives. So how can we make these products more “user-cyber-friendly”? The cyber community and publishers are working towards this goal, and a number of initiatives are already in place.
UX design sessions have started to appear, enabling publishers to work with partners and customers to challenge their solutions. The goal underpinning this approach is to be able to refocus or refine a product during its design, or improve an existing product, to ensure it is efficient and intuitive to use. These sessions are intended to develop a user interface that is more in tune with its users’ business activities and needs. “Before we develop graphical interfaces for our Stormshield Data Security solution, we develop mockups that we test on a panel of users,” explains Jocelyn Krystlik, Business Unit Data Security Manager at Stormshield. “The idea is to bring together people who are cybersecurity product customers, and other people who aren’t, to challenge the publishers.”