873 views1 Upvote3 Comments

SVP in Finance (non-banking), 1,001 - 5,000 employees
You have to actually use it internally as you're designing it so that you can see the experience. It will add a layer to the current process if you don't have any security—we all know how much security two-factor authentication (2FA) provides, but people hate it. And some people who just want to be ignorant about the security risks out there continue to believe that 2FA's annoying and they shouldn't have it. So how do you get that persona to listen to the benefits of security and yet make it easy enough for them so that they can use it on a daily basis? That's a challenge that every company is facing. 

The way I have handled it is by trying to minimize the number of clicks and the number of times that people have to move from one app to the other—how often you have to look away and do other things in that workflow. Try to simplify the process because there are simple ways of doing it. A lot of companies have solved for it, so you don't have to be a rocket scientist. There are a lot of use cases where it actually works, so replicate them, steal them and do it yourself. This is all about being efficient and being productive.
Sr. Director of Enterprise Security in Software, 5,001 - 10,000 employees
I think we're getting better. We're adding in security at the beginning of a product’s development rather than at the end. But security apps are still largely made by security people, for security people —that's the wrong way to go about building an app. We need to build security apps and processes with the assumption everyone doesn't want to be slowed down by security, rather than assume that everyone is willing to jump through a thousand hoops just because it's a security app.
CEO in Manufacturing, 11 - 50 employees
A security person designing an app for another security person is very different from designing it to be easy enough for a grandmother to use. To do that you need to be right there with the user to understand what they're doing. If you're not putting yourself in their shoes to understand how they’re impacted by your multi-factor authentication and the loop you just walked them through, then the issues that pop up are pretty big ones.

Content you might like


Cyber Security39%


Information Security8%


1.4k views3 Upvotes1 Comment

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.3k views131 Upvotes319 Comments