It’s time to stop sacrificing usability in the name of security

It’s time to stop sacrificing usability in the name of security

Sébastien Roques-Shaw, Director of Partnerships, Virtru, discusses the emerging Open Trusted Data Format standard and how it can now be implemented by enterprise organisations of all types, allowing CISOs to provide secure Zero Trust data protection across cloud applications and file sharing tools – without compromising ease of collaboration between employees, suppliers and customers.

For many years, securing data came at a high cost: ensuring sensitive information remained secure and protected meant locking it down or limiting its shareability. People had to jump through hoops to securely share sensitive information — and even then, once that data left your environment, it was completely out of your hands.

But we lose too much when we lock data down – we reduce collaboration, we create silos and we prevent brilliant people from ‘connecting the dots’ that can spark important insights.

We desperately need those insights to solve big problems like securing critical infrastructure, fighting climate change and collaborating with global partners.

Thankfully, with the technology and open standards we now have, tech leaders no longer have to sacrifice usability for security. They can — and should —have both.

Solving the data conundrum

In the SaaS ecosystem, usability is king. You can have a stellar application, but if it’s clunky, outdated, or difficult to use, people simply won’t use it.

When it comes to cybersecurity, usability is especially crucial because it only takes one person, making one mistake, one time to potentially cause a devastating data breach. According to IBM, the average cost of a data breach in 2022 is US$4.35 million.

Security leaders undergo the constant battle against human error, often encountering resistance from their employees when security tools are too difficult to use – think portal-based email security: users don’t want to add an extra step, or an extra set of login credentials to their workflow, so they’re likely to circumvent difficult security processes instead of actually using them.

Thankfully, easy-to-use security tools are gaining traction and giving people the ability to securely share information without changing their current workflows. Security leaders are also implementing ‘data safety nets’ in the form of data loss prevention (DLP) rules and email gateways that operate behind the scenes, independent of the user. These platforms are getting more sophisticated every day, leveraging AI to continually inform and advance their DLP engines.

The paradox of sharing and control

Historically, sharing data outside your organisation meant relinquishing control. When you sent a piece of data beyond your perimeter, it was gone. You just hoped for the best.

But now it’s possible to leverage encryption and attribute-based access controls in a way that gives you persistent control over your data. Encryption wraps the data in a layer of security and cryptographically-bound access controls put true authority back in the hands of the data owner.

This unlocks the ability to share information without concern about where it will end up. Managing access on a granular, individual level (rather than based on broad role-based access controls) is a foundational element of Zero Trust security. A data-centric approach to security, rather than a network-based approach or a role-based approach to managing entitlements, is the strongest way to ensure that your most important assets — your data — remain protected.

Open standards and the future of data sovereignty

As global tensions rise and cyberattacks escalate, many organisations and governments are eager to ensure their intellectual property remains under their control. But in a global economy, sharing data across borders is still essential. Open standards, such as the Trusted Data Format (TDF), are foundational to an equitable future in data sharing. Whereas proprietary solutions lock users into a single experience that may or may not be interoperable, open standards extend usability across senders and recipients, giving organisations additional control over how their information is shared without limiting recipients’ ability to consume that information.

When you think about the broad scope of data that organisations are entrusted to protect — from emails to files, to entire SaaS ecosystems, to data lakes, to IoT data relaying packets from sensors — versatility and interoperability are essential to creating a unified framework. Open standards will help us get there.

We as technology leaders have a long path ahead for implementing Zero Trust security and data controls across the broad spectrum of data that needs to be protected and shared — but thankfully, we have the tools to fortify security without sacrificing a positive and intuitive user experience.

Browse our latest issue

Intelligent CISO

View Magazine Archive