As businesses increasingly migrate their resources to the cloud, Google Cloud is looking at opportunities to infuse usability and productivity into the design of security tools.
Security and usability are not mutually exclusive, and effectively combining these concepts can help organizations overcome the cyber skills gap, according to Google Cloud Chief Information Security Officer Phil Venables, speaking at an RSA Conference keynote session.
“I think if security is at odds with usability, then it's probably good security,” said Venables. Through improved usability, productivity and reduced cost of control, “the cloud providers, and the economy of scale that we provide for customers, can actually in the future be a pretty significant contribution to the transformation of security."
To this day, user experience has yet to truly be reflected in the design of security systems and IT management tools – both those used by Google Cloud’s customers and employees within Google Cloud itself, said Venables. “And there's no reason why those things can't be significantly improved from a usability perspective,” he opined.
Venables said that Google Cloud employs a large user experience team that seeks to develop improvements to security products, making sure that security settings make intuitive sense, and that tool output is properly optimized so that users are not bombarded with information, causing data fatigue.
“The great thing about this user experience work is it delivers also on the promise that good security is not just about mitigating risk; it's about providing adjacent business benefits as well, whether it's reducing customer friction in signup processes, [or] reducing the number of false positives that could be annoying alerts in fraud and anomaly detection systems,” Venables said.
Such incremental improvements can help security professionals become even more effective at their jobs, which is important considering how hard it can be to recruit talent.
“We have a cyber security skills challenge where we need more cybersecurity people, but… perhaps what we should also be focused on is 10xing the productivity of the cybersecurity professionals,” through improvements in tools, Venables remarked.