Can UX be more important than security in the SaaS development cycle?

ArchitectureStrategy
657 viewscircle icon4 Comments
Sort by:
CTO4 years ago

It’s unclear whether or not the internet would be as pervasive if it wasn’t so easy to use. I think the great innovation of the last few years has been the trend towards secure but easy to use, like passwordless security, for example. I'm really hopeful that we can continue to innovate. If we had insisted on passwords with a million characters and exclamation points, etc., from day one, would the internet have actually reached its current stage? The internet was originally built on trust, and what we’ve seen growing as a result of greater connectivity is that now you're exposed to everybody and therefore you can no longer trust. It's simply the scale of the internet that has really exposed us to the problem of a broad attack. There is no good tech you use that will not be attacked.

Lightbulb on1 circle icon2 Replies
no title4 years ago

I remember my early passwords. If I was required to use a 15-20 character password back then with no password managers or anything else, I doubt I would have.

no title4 years ago

I think my main concern is that people don’t pay that much attention anymore. Look at the launch of the Sidewalk. When the information about the design of the Sidewalk was released, I went back and looked at all of the Bluetooth vulnerabilities, including BlueKeep and just how those were constructed. That did not make any sense for several reasons, but it's a great use case supporting user experience for sure.

VP, Chief Security & Compliance Officer in Software4 years ago

In her book, The Pentagon’s Brain, Annie Jacobsen tracks the life cycle of the internet and the source of some of our current problems. She maps it back to its original purpose, which was to be a place of trust. Once you met a complex set of requirements and gained access, you could traverse all over the internet because it was designed to facilitate trust between the US government, the Department of Defense (DOD) and universities.

Today we have subscribed to user experience. It’s so critical now that we bypass security. And then when your Peloton is sharing data because the API is not configured correctly, we wonder why. So I question whether we’ve learned that lesson. We were so focused on the outcome that we put aside fundamental components of security by design, which leads to compliance by design, which leads to privacy by design.

Lightbulb on1

Content you might like

Is your budget for HR technology (such as HRIS, payroll, or talent management systems) managed and paid for primarily by the IT department in your organization?

Yes71%

No29%

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

How important is Product-Led Growth (PLG) to your organization's current Go-To-Market (GTM) strategy?

Extremely important19%

Very important49%

Moderately important15%

Neutral10%

Slightly important4%

Low importance1%

Not at all important

View Results

Digital transformation isn’t just about new tools, it’s about changing how teams work. Key lessons I’ve observed: 1. Start with process bottlenecks, not technology 2. Empower cross-functional teams 3. Measure outcomes, not outputs   What has been the most surprising lesson your teams have learned during a transformation?

Read More Comments

Any tips for establishing a security champions program for the software team? If you’ve done this, did you run into any internal pushback or skepticism?