The Importance of UX in Security

In 1993, Apple hired its first User Experience Architect, Don Norman. Today, Norman is considered to be the father of human-centered design — also known as user experience design.

He even coined the term ‘user experience.’ Norman explains, “I invented the term because I thought human interface and usability were too narrow. I wanted to cover all aspects of the person’s experience with the system including industrial design, graphics, the interface, the physical interaction, and the manual.”

User experience isn’t just important for B2C companies like Apple. It’s equally crucial for B2B products and services, like company software programs. Just as Apple products need to be pleasant and easy-to-use for consumers, B2B software needs to be pleasant and easy-to-use for individual employees.

Standing out for having good UX and UI is also crucial for marketing purposes, since the effectiveness of cyber security tools depends on a customer’s ability and willingness to use them. A cyber security platform has to be both functional and user-friendly to attract customer attention and investor funding in the first place. As Hili Geva, COO of product agency Inkod, points out, “When it comes to UX for cyber security, the challenge is to turn the company solution into the most innovative and competitive cyber security platform. Differentiation is essential; the UX and UI of the product should wow customers and investors alike, generating the buzz required to help market the company.”

With UX for cyber security, a lot is at stake; the security of entire companies, in addition to the success of the software itself, hinges largely on the software’s ease of use.

UX and UI challenges in the cyber security industry

Improving cyber security UX and UI isn’t without its challenges. Users are reluctant to comply with security measures that prevent them from enjoying their work and other web browsing experiences. Employees whose companies insist that they not visit certain websites, for example, might only feel restricted and will see the security strategy as a nuisance rather than a help. Even worse, resentful users are prone to resist any security measures that they deem too intrusive, risking their company’s security if they choose to not comply.

Cyber security measures must therefore keep the user experience in mind. Security tools and software should be hassle-free, fairly nonrestrictive, and integrate smoothly with a user’s regular interface and workflow.

In other words, better protection should not mean a worse user experience. With that in mind, here are some important factors to consider for improved cyber security UX and UI.

Balancing security with UX

User experience experts develop their design strategy with the users’ needs in mind. In most industries, maximizing simplicity and ease of use for the customer is an obvious goal. But in the cyber security industry, this raises an interesting question: If there is indeed a trade-off between strong security and good UX, how can security be both effective and pleasant for the user?

Some security measures, like two-step authentication, are rarely user friendly. Users prefer simple, easy-to-use, minimal-fuss processes, and two-step authentication, which is both complex and time-consuming, tends to be the exact opposite.

While companies shouldn’t eliminate these ultra secure methods, they should make a point to focus on UX in areas where they feel the user experience has been compromised. If a company finds that it improves security when it adopts a new strategy, it shouldn’t consider the job done until the new strategy not only makes the system more secure but also is friendly to users.

Designing based on human interpretation

Many UX challenges for cyber security and other software programs happen because they were designed to reflect technical correctness — but didn’t necessarily align with user interpretation.

A particularly illustrative example of this dissonance is the error message pop-up of Microsoft Windows 3.1 through 98. The pop-up read, “This program has performed an illegal operation and will be shut down.” While the message did the job from a purely technical standpoint, the term “illegal” was naturally alarming to non-technical minded users.

Just because something is technically correct, that doesn’t mean it’s necessarily friendly for users. As you change or add new features to your product, double check to make sure the technical adjustments are reflected to the users in a way that they intuitively understand.

Minimizing complexity

When it comes to onboarding a new cyber security system, the software must be smoothly integrated into the existing network infrastructure without the need to remove or restructure existing tools. A new security tool or software shouldn’t disrupt an employee’s workflow or intrude on existing company programs.

Even after the onboarding process, cyber security tools need to be as easy as possible to use. Rather than overwhelm the user with complex technical data, these tools should have at-a-glance dashboards with easy-to-digest information.

When implemented with particular attention to UX, improved security isn’t in tension with user experience at all. On the contrary, it goes hand-in-hand with usability, since employees are more likely to abide by a user friendly security protocol in their day-to-day work. People want to use their devices in more secure ways — provided that doing so doesn’t cause hassle or inconvenience.