Conference and exhibition season always brings with it a showcase of interesting new approaches to security and authentication. Yet however exciting these innovations may seem, we can be sure that, once the hype has died down, many will not stand the test of time. But why? Chris Russell, CTO at Swivel Secure explores some of the reasons why not all security solutions have staying power.
- The geeks shall inherit the earth, just not yet – Those of us in the IT security game can admittedly get too involved with the numerous clever things you can do with new technologies. It can be tempting to develop an authentication solution that allures our own inner (and outer) geek. Yet, appealing to us techy types is neither realistic nor useful benchmark for how the everyday user will react to a solution.It’s fundamentally important to place user experience at the core of product development, from the drawing board stage to the shelf. After all, they are the ones who hold to key to widespread adoption. Consider carefully how people will respond when faced with your authentication solution within their workplace environments. Plan significant time for beta testing, feedback and further product development. Some solutions will simply not pass the usability test – a key point to realise before you put it proudly on display.
- We just need to figure out how to … – The bright lights of the exhibition floor offer an ideal platform to show off your latest, all-singing, all-dancing solution. When demonstrated under such controlled circumstances the solution is likely to perform as rehearsed. But when the time comes to roll out said solution, more often than not new issues come to light. Eventually, after much head-scratching, consideration and unhappy customers, you realise that these little issues are not only vital to making the solution viable but, are also unsolvable. Just like usability, such issues should have be dealt with at the testing stages, way before a roll-out has taken place. For a solution to be successful it has to work for all of the scenarios that it was designed for. Significant investment in testing, feedback and development is essential.
- Love is blind – The age-old innovator’s dilemma. If you create something, you are inevitably going to love it. However love for ones products is not enough. It’s time to open your eyes and realise that no product is perfect. Most technical people are actually problems solvers at heart. When we see a product with potential, we will often suggest improvements, point out potential drawbacks and call attention to similar, existing products. However if a person is blinded by their own solution and is so confident that it will succeed without modification, the chances are that it will not set the world alight. Getting a second opinion is always the best way forward!
- This time next year we will be millionaires – Sometimes more dangerous than being blind sighted is wrapping up your solution within an inflexible business model. Getting new products to market involves risk and investment before reward. All of these elements need to be considered carefully before you set out to bring to product to market. Had Geocities arrived at just the right time, then maybe Facebook would have been the one that was too late to the market.
- Right solution, wrong time – Timing is everything and the overall success of a solution can be largely reliant on world around it and the adoption status of relevant, associated technologies. For those of us who remember Geocities, you cannot help but wonder whether it failed simply because it arrived too early, before the web, WiFi and mobile technologies, which all would have made it a much more dynamic and interactive experience. In authentication terms, maybe it is too late to invent a new physical token or far too early to build a solution based on wearable technology. Gathering market data from the ground and testing solutions on those who will be using them should help to get the timing just right.
Attending shows are always great to see what fellow IT security bods have come up with, but there is a reason why some solutions have been around forever and others never make it further than the exhibition hall. Whilst innovation should not be stifled, when it comes to security and authentication solutions, it pays to take a holistic approach and keep usability, testing and development time as a core focus. I’m looking forward to seeing which of this year’s innovations make it in the market.