1 / 12

To Market, To Market: Human Centered Security and LotusLive

To Market, To Market: Human Centered Security and LotusLive. Mary Ellen Zurko, LotusLive Security, IBM mzurko@us.ibm.com. Technology Transfer of Usable Security as a Quality. Security and Usability together in a product Business and market requirement Development process and culture

lcrump
Télécharger la présentation

To Market, To Market: Human Centered Security and LotusLive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. To Market, To Market: Human Centered Security and LotusLive Mary Ellen Zurko, LotusLive Security, IBMmzurko@us.ibm.com

  2. Technology Transfer of Usable Security as a Quality • Security and Usability together in a product • Business and market requirement • Development process and culture • Continuing challenges

  3. Putting Usability and Security Together • Got Usability? • How? Who? • Organization in Lotus with dedicated user experience (UX) professionals • UX lead for all of LotusLive • Got Security? • How? Who? • Initially, security architect working across all of the development team

  4. Business Need • Pain Point or Return On Investment? • Market data on security as an inhibitor to cloud uptake • Some of the security concerns were around user error and security and company confidential information

  5. Organizational Boundary as Core Concept • User experience should support and emphasize what is entirely within the organization and what is outside of it or shared across the boundary • Security policy and actions should support and emphasize restrictions and awareness of activity across the boundaries • Enable sharing to the cloud defined organization • Restrictions on display of email name outside of the organization

  6. Enterprise Scale and Usable Security • Technical controls and compliance reporting for human processes • Transparency and control for administrators and organizations • Market categories drive or define a number of aspects of purchasing decisions • Data Leak Prevention aligns with attention to organizational boundaries

  7. Process and Culture • Align and leverage • “What is usable security?” • Principles to guide early user experience and development • Process integration points

  8. Overarching Principles • Enable UX designers to think about usable security in early functional design • Transparency • Security state obvious and available to all involved • Control • Owners control objects and administrators control organization’s members • No surprises • Know what could happen in the future • Addresses confusion and mistakes

  9. Process Hooks • Agile development • Tasks tagged as security related • Security themed iterations • Security reviews of substantial components and tasks • UX design tasks and reviews • Security participation in UX reviews • UX design of security related functionality

  10. Culture impact • User experience, security, and developer stake holders able to identify usable security issues • New team members surprised at the requirements for usability and security to work together • Cross pollination of usable security into other projects by user experience folks

  11. Challenges • Burden on user experience to drive early security proposals towards more usable alternatives with the same security model • Opacity of indirection through groups

  12. Thank you for your time • Look forward to more success stories in the future • Drive towards useful set of best practices • Questions, Answers, Comments?

More Related