Soap Box: Making security tech more people friendly
Aug 12, 2024
auto_awesome
Ryan Kalember, Chief Strategy Officer at Proofpoint, dives into making security technology more user-friendly. He discusses the importance of improving how security tools interact with users, advocating for clearer communication to bridge the gap in cybersecurity. Kalember highlights the need for enhanced user risk profiling and the integration of security tools to boost incident response. He also touches on the challenges of identity management in SaaS and the rise of enterprise browsers designed to better protect users.
Enhancing security tool communication can transform user interactions, improving understanding and fostering a culture of proactive security awareness.
Integrating user telemetry and browser-based solutions allows organizations to effectively manage identity risks and educate users on security practices.
Deep dives
The Need for Improved User Interaction in Security Technology
Security technology has traditionally failed to effectively engage with users, resulting in a lack of understanding about important security practices. Many common tools, such as VPN and endpoint detection and response (EDR) solutions, have not evolved in terms of user experience, rendering them as uninformative as they were decades ago. Users often encounter vague error messages that offer little insight into security risks or necessary actions, which merely enforces an unfavorable stereotype of security technology personnel. Enhancing how security tools communicate with users can not only make the tools more intelligent but also educate users on their security behaviors, potentially reducing overall risk.
Power of Real-Time Feedback and Positive Reinforcement
By providing real-time feedback, security teams can significantly improve user awareness and behavior regarding security practices. Instead of relying solely on infrequent training sessions or assessments to educate users, ongoing interactions such as nudges can help guide user behavior when they engage in risky actions. For instance, when a user tries to transfer sensitive data, a timely alert could effectively remind them of corporate IT policies, fostering a culture of awareness rather than punishment. This shift in approach can help bridge the gap between security teams and end users, positioning security as a helpful ally rather than an ominous overseer.
Identity and Shadow IT Challenges
The landscape of identity management and shadow IT has drawn attention as organizations grapple with the increasing issue of users creating accounts with non-corporate credentials. This identity sprawl can lead to substantial security risks, especially when credentials become compromised or when users forget about these accounts altogether. New approaches leveraging user telemetry and web browser integrations are emerging to manage these identity risks more effectively. By tracking user activity and ensuring visibility into non-compliant behavior, companies can better protect sensitive data from being mishandled or exposed.
Integrating Communication and Security in Real-Time
To strengthen the connection between security and the end user, organizations need to rethink their communication strategies, especially as threats evolve. Implementing web browser-based solutions can provide users with coherent contextual information about the security implications of their actions, allowing for a more informed decision-making process. This proactive engagement can not only alert users to potential threats but also offer educational insights that translate into effective security practices. Ultimately, cultivating a relationship where users feel valued and informed can transform them into a vital asset in the organization’s security posture.
In this sponsored Soap Box edition of the show we talk to Proofpoint’s Chief Strategy Officer Ryan Kalember about making security tech more people centric.
We often talk about how we can use signals from users to drive some of our security tech. But what about using our security tech to drive user behaviour?
Ryan thinks there are some opportunities here, particularly around identity security.
Get the Snipd podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share & Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode