Cyber security product development and user experience are sometimes at odds, but they shouldn’t be. In developing a security product, the focus is often concentrated on perfecting the code on the back-end over the customer experience on the front end. But prioritizing code over the user could mean a company is managing the development process poorly.
Putting code before user experience can lead to product adoption challenges, higher failure rates, and customer abandonment of the platform – and ultimately a loss in revenue. To avoid losing money later, companies need to consider the user experience from the start.
Focusing on user experience means integrating all aspects of a software product, from branding to design, and usability to function, to make the front-end user experience transparent and intuitive. Here are four things UX and Cyber Security experts say you should consider:
- Onboarding UX enables security from the get-go.
In early 2020, Hypori had a first-class product, a virtual smartphone solution for organizations in healthcare, finance, and government that enabled employees to securely bring and use their own devices (BYOD). The product, however, was challenged by a subpar customer onboarding and usability experience, and it was impacting the company’s ability to scale and make money.
Hypori teamed up with digital product development services partner, 3Pillar Global, to audit their user experience and develop recommendations to create a more seamless onboarding process. The initiative identified opportunities for improvement based on user experience research, which led to crafting a more efficient information architecture, a consistent interaction pattern, and intuitive visual design. “These improvements reduced time-on-task and barriers of entry during product onboarding,” says Kim Mirazimi, Vice President, Technology, 3Pillar Global. “Together, we turned a developer-driven design into a product with significantly increased revenue potential. The result was greater user adoption, which means more secure data and devices.”
- Make UX and security two halves of the same development coin.
Businesses are built to serve their customers, but a business without security serves no one. “We need to stop talking about Cyber Security for ROI. It’s about managing a level of risk,” says Sam Curry of Cybereason.”
That’s also why companies should focus on combining security and UX. Even in the development phase, UX and security should be seen as complementary. The point of agile development is to design products that suit the user, and not the other way around. If the product’s design keeps user ease at the forefront, the experience will be natural. That natural experience makes security a habit, rather than an imposition on your customer. “The ideal,” Curry notes, “is users don’t have to change how they work to use the tool on top of it.”
Investing in security is not about making a return on investment but about making a sound investment in what the team has already built. Especially in security products, overlooking UX risks the security that’s supposed to be the product itself.
- Use metrics to keep the user first.
Developers sometimes blame the user for a product problem, instead of the tool itself; this is the wrong approach. If code isn’t able to function intuitively, it should be fixed or removed. This is also why it’s important to continually make incremental improvements to a product.
3Pillar, for example, uses data insights to provide actionable processes, like growth, profitability and brand equity. “We gauge success with metrics like average daily user count, task completion rate, revenue, customer conversion, cart abandonment rate, unsubscribe rate, and more,” says David Sawatzky, Chief Delivery Officer at 3Pillar Global.
Metrics should be able to survive over multiple stages of a product and each phase of growth. This requires a lot of foresight. Developers have to pick their metrics carefully, particularly KPIs, and devote a significant amount of time to getting them right upfront. For example, some products, in their development stages, even track where users are looking on a page in order to develop the best user experience and measure when someone is getting frustrated, versus when they are more relaxed.
- Invest in UX early to save your developers — and your sales team — later.
Starting design with the user in mind enables companies to avoid costly problems for their developers later. That’s what MK Foley, head of user experience at VMware Carbon Black, has found. “It’s cheaper and easier to make changes earlier, rather than lots of support tickets later,” Foley says. “It’s so much easier to change a prototype than it is to change a feature once it’s coded.” VMware Carbon Black has taken its user-first approach and created a program that’s making things easier for customers and coders alike.
The VMware Carbon Black Design Partners program connects customers and engineers in the design stage to foster collaboration in a product’s early stages. “We set it up so that the customers are interacting with our design early on and our developers are listening,” Foley says.
As part of the Design Partners program, customers talk to both engineers and cognitive scientists at VMware Carbon Black, commenting on software during the prototype stage. This is especially useful in designing a technical product, Foley explains.
“For products aimed at technical users, developers often assume that the users think like they do,” but in the case of security professionals there are different thought processes and user expectations. A mismatch in cognitive approaches can result in a UX that doesn’t actually work for target users, and that can mean a series of down-the-line fixes and updates. When engineers and designers build with the user and experience in mind, the end product costs less later on, because intuitiveness has become an intrinsic part of the design.
Ease-of-use for a customer is also ease-of-use for a company’s sales team. It’s much easier to sell the product if it’s intuitive, because this lowers the expertise required to use it. The ability to pitch ease-of-use in the evolving threat landscape is key for enabling successful sales.
UX is increasingly important as our human tasks become more complex. If a user is focused on the tool, they’re not focused on the task. That’s why the UX goal for security products should be for the software to work the way the user thinks, as seamlessly as possible.
With any security product, user experience should be held to the same standard as high quality code. Prioritizing investment in user experience will ultimately grow your company’s revenue, profitability, brand recognition and customer loyalty.
About the Author
Gary S. Miliefsky, CISSP, is the publisher of Cyber Defense Magazine. Learn more about him at https://www.cyberdefensemagazine.com/about-our-founder/.