Our Articles

A Monthly Article from our Speakers

Current Article of the month

Articles of 2019

Articles of 2018

Articles of 2017

Articles of 2016

Articles of 2015

Articles of 2014

Articles of 2013

Articles of 2012

Articles of 2011

Articles of 2010

Articles of 2009

Articles of 2008

Articles of 2007

Articles of 2006

Articles of 2005

Articles of 2004

Articles of 2003

Articles of 2002

James HobartDigital Strategy: Finding the Balance Between Usability and Data Security

by James Hobart

March 2019

 

A key strategy for today's digital leader is how to provide engaging, usable interactions with customers on a variety of technology platforms while protecting the organization from data breaches and other security risks. Balancing these needs is key to a successful digital and data management strategy.

As we all know, the utmost priority in today’s security posture should be to insure maintenance of the confidentiality, integrity and availability of sensitive information in a digital environment. Such maintenance priorities must not only occur at the highest levels of the organization, but must simultaneously be balanced against cost factors, user experience and the overall impact on the organization. Traditionally, the focus of most companies is to build expensive and elaborate firewalls around a digital property similar to a medieval castle, in order to protect sensitive information and keep unauthorized persons out. This approach, however, immediately becomes challenging and costly when one begins to secure the data at rest, in transit, and in use throughout the complex business processes that traverse many independent technologies, infrastructure layers, and geographic locations. The reality is we live in a world where key business stakeholders need increased user engagement while simultaneously demanding increase data privacy and security.

The number of data entry forms across corporate websites and intranets is growing significantly, however each form has the potential for a data intrusion attack via sql injection or other potential security threat. How do you monitor and protect each form without cluttering them up with Captcha’s and other measures that often negatively impact user task completion rates? Current solutions often result in slow response times, captcha popups other friction points that negatively impact task performance and the overall user experience. This often leads to low user adoption or even abandonment of the technology solutions deployed.

When working with business stakeholders, they often assume the solutions we deploy will be safe and secure while they focus on delivering great experiences for the end user. For instance, recently when I was working with a global marketing organization, nearly every product or service had a distinct conversion funnel resulting in a "Call To Action" button with a form to learn more or place the user down a conversion funnel to achieve a specific goal. This is a common reality of today's online sales model where we educate consumers on a product or service and then give them the opportunity to express interest and provide information that will eventually lead to a sale.

Internal business forms post another risk where employees and partner businesses in a B2B model are expected to access corporate applications from remote locations often outside of a VPN. Applications from Human Resources to business partner procurement need to be fast, usable and secure since every form we deploy is a potential intrusion point and data breach threat. As a result, most organizations have thousands of forms and no coherent strategy to secure them while simultaneously providing public access to support the growing demand for digital self-service and sales-marketing user forms. Transferring private data between entities is another large issue with government regulations that vary by country. This has been highlighted in strict legislation like EU's Data Protection Directive. Thus, data privacy is critical and must not be compromised.

Mobile applications tied to corporate or enterprise data are another growing trend that allow increased accessibility to corporate data but also introduce new security risks. Users expect instant authentication with their mobile device with easy access and fast, secure transactions to do everything from purchasing goods and services to providing access to sensitive corporate data. In one of client engagements the team worked to create usable, responsive forms to work within a native corporate application, however they failed to make them https. This was not obvious since the actual URL was not visible in the native app. Luckily a security audit of the mobile app identified the issue before the it was released to the app store.

How do we create form that are fast, usable and secure? When creating mobile applications, we have the option of using new methods to authenticate users and their locations of entry and usage. Often, we will use existing location services provided by native app frameworks to validate usage locations, however widespread use of VPN's on mobile devices in some regions has made location authentication challenging. While working with a client last year we had the task of enabling a registration form delivered as a responsive page within a native mobile application. We were able to create a fast, usable registration experience by delivering enrollment forms developed with the React UI framework and authenticating with the native app container. We were even able to capture digital signatures and date/location timestamps provided via the native application using a Docusign integration. To further secure the enrollment and payment information we tokenized all data entered before it was transmitted from the device using a new SAAS based tokenization service from NXT-Security. Finally, to protect against automated bots we deployed the new Recaptcha service from Google significantly reducing the user friction normally associated with Captcha by simply asking the user to click a checkbox and letting the Google service provide additional authentications to validate real users from automated bots.

Balancing usability and data security will continue to be a challenge however these new solutions have really helped us in recent months. There is no single solution, but instead it involves using a combination of tools and techniques to create rich, engaging and secure data entry forms for users regardless of device or platform.

Interested in learning more about creating great customer experiences? Classic System Solutions has been designing mobile and web applications for the world’s leading companies for over 20 years. Our UX (User Experience) professionals work directly with clients on large-scale deployments to assure usable, effective and innovative solutions that deliver significant return on investment.

Upcoming events by this speaker