This is the month where we are intentionally thankful, and I am thankful for our customers who enthusiastically host UX visits to their place of work. It’s a privilege to be out in the field learning from people who have to effectively manage their organization’s security and regulatory policies across their network environments. Retrospective analysis of what goes into translating high level corporate policies into a something workable set of benchmarks and tests reveals to me what you already know — it is no easy task.There is a need for a better way to manage security policies in dynamic networks. Managing security configurations in networks that span multiple business units, multinational organizations, and multiple administrators is a pain.
I was sitting next to someone at his desk last week, watching him go through the laborious task of cutting and pasting from his policy repository, into another tool, and then into a spreadsheet and then into a power point … and he turned to me and said — “I want this to be easier”.
“Automagical” * – even.
So me, being the “UX Lady”, I like to find patterns and paradigms outside of the subject matter domain that I think relate to the cognitive work domain. (Like, when we were working on a tool that would help people do a better job in managing their risk assessment task needs by tagging their assets so that they could have flexible visibility into what they are managing, — we didn’t look at IT asset management tools, we looked at iTunes).
I have been looking for comparators that have “automagic” goodness. And I have found one that I particularly love. Minty, minty goodness…..
In my research, I came across an article that resonated. It’s written by Mark Hedlund who, in November 2006, launched Wesabe as a site to help people manage their personal finances. In less than a year later, it shut down — losing out to www.mint.com. Here’s what he said about why he thinks Wesabe lost — and I have a ton of respect for his honest assessment BTW – (italics mine) :
“Mint focused on making the user do almost no work at all, by automatically editing and categorizing their data, reducing the number of fields in their signup form, and giving them immediate gratification as soon as they possibly could; we completely sucked at all of that. Instead, I prioritized trying to build tools that would eventually help people change their financial behavior for the better, which I believed required people to more closely work with and understand their data. My goals may have been (okay, were) noble, but in the end we didn’t help the people I wanted to since the product failed. I was focused on trying to make the usability of editing data as easy and functional as it could be; Mint was focused on making it so you never had to do that at all. Their approach completely kicked our approach’s ass.”
So, that’s what we are working towards here in UX land as we look at systematic methods for evaluating and monitoring security properties of large-scale networks. If you are interested in helping. having us visit you, or participating in remote usability sessions, please look us up.
“Automatic, but with an apparent element of stage magic. Commonly used in computer and other technology fields, referring to complex technical processes hidden from the view of users or operators. Includes a connotation of specialness and often implies pride on the part of the process creator (especially when the person using the word is the process creator). Sometimes, also used in sarcastic way, ironically implying an impossible process. A one-size-fits-all approach to automatic controls that replaces rather than supplements manual control, resulting in a product that is less flexible and more difficult to use.”
NOTE: This post was originally published here: http://www.tripwire.com/state-of-security/it-security-data-protection/security-controls/the-minty-goodness-of-security-automation/