How To Deliver A Great User Experience Without Sacrificing Security

March 21, 2016 · steveverbanic · Security  · Comments

Back in 1964, the World’s Fair had an exhibit on “the wonders of jet flight at 600 miles per hour.” Of course, that was a long-ago era, before security requirements meant getting to the airport three hours before your flight, standing in long, snaky lines, emptying your pockets and tossing out your morning coffee before being screened. The wonders of jet flight today are overwhelmed by the hassles of getting through security.

Network security can have the same overwhelming effect on your customers and employees. You need to give them a smooth and reliable website experience, but providing the necessary network security can get in the way. Word has it that some companies are even disabling advanced firewall functionality to avoid performance impacts on users and applications.

Clearly, that’s a dangerous decision. It’s also unnecessary. You can provide the necessary security without intruding on the end users’ experience.

Determine Acceptable Risk

The first step to providing appropriate security is to face the reality that you can never eliminate all risk. So before implementing security measures, you need to understand the level of risk your organization can tolerate. These risks include business factors as well as legal and compliance factors. On the other side of the equation, you need to determine what performance your users require and what kinds of authentication they’ll tolerate. You’ll most likely find that you have different requirements for different kinds of data and users.

Provide the Right Amount of Protection

The most sensitive information requires more protection, and it’s appropriate to ask users to jump through more hurdles or accept more performance impact before accessing or processing it. Other data may be less sensitive, or the processing requirements don’t tolerate delays. In some cases, providing appropriate protection may require removing layers of protection, not adding them.

Rationalize Your Security Architecture

Your network security implementation may have grown haphazardly. Firewalls and antivirus were easy. Then things like encryption and multi-factor authentication came along. Products may have been deployed without validating how they integrate or interoperate, or whether they’re performing overlapping or duplicative functions. The use of virtual machines and cloud providers may not have been considered when security applications were initially deployed.

Take a step back and review what you’ve got in terms of both your system architecture and your security architecture. Plan to eliminate the overlaps and fill in the gaps. Your security layers should solve specific problems.

It takes work to find the balance between user experience and security. Working with experts can make finding the balancing point easier. SLAIT Consulting is an information technology consulting firm with 400 employees and 25 years’ experience to draw on. We help our customers create appropriate security solutions that work with their infrastructure, whether in local, cloud or hybrid architectures. Our approach will help you find cost-effective solutions to your network security requirements, reducing risk while maintaining performance and delivering satisfaction to users and administrators of your network security implementation.  Contact us today to learn more about security solutions available to you to mitigate your risk.