Security Staff Acquisition & Development, Cloud Security, Leadership

Google Cloud CISO: Usability must be baked into design of security tools

The Google logo adorns the outside of the Google building in New York City. (Drew Angerer/Getty Images)
The Google logo adorns the outside of the Google building in New York City. Google Cloud is looking at opportunities to infuse usability and productivity into the design of security tools. (Drew Angerer/Getty Images)

As businesses increasingly migrate their resources to the cloud, Google Cloud is looking at opportunities to infuse usability and productivity into the design of security tools.

Security and usability are not mutually exclusive, and effectively combining these concepts can help organizations overcome the cyber skills gap, according to Google Cloud Chief Information Security Officer Phil Venables, speaking at an RSA Conference keynote session.

Click here for more coverage of the 2021 RSA Conference.

“I think if security is at odds with usability, then it's probably good security,” said Venables. Through improved usability, productivity and reduced cost of control, “the cloud providers, and the economy of scale that we provide for customers, can actually in the future be a pretty significant contribution to the transformation of security."

To this day, user experience has yet to truly be reflected in the design of security systems and IT management tools – both those used by Google Cloud’s customers and employees within Google Cloud itself, said Venables. “And there's no reason why those things can't be significantly improved from a usability perspective,” he opined.

Venables said that Google Cloud employs a large user experience team that seeks to develop improvements to security products, making sure that security settings make intuitive sense, and that tool output is properly optimized so that users are not bombarded with information, causing data fatigue.

“The great thing about this user experience work is it delivers also on the promise that good security is not just about mitigating risk; it's about providing adjacent business benefits as well, whether it's reducing customer friction in signup processes, [or] reducing the number of false positives that could be annoying alerts in fraud and anomaly detection systems,” Venables said.

Such incremental improvements can help security professionals become even more effective at their jobs, which is important considering how hard it can be to recruit talent.

“We have a cyber security skills challenge where we need more cybersecurity people, but… perhaps what we should also be focused on is 10xing the productivity of the cybersecurity professionals,” through improvements in tools, Venables remarked.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Crowdfense expands exploit acquisition program

Security Affairs reports that zero-day vulnerability research hub and acquisition platform Crowdfense has increased its exploit acquisition program to provide up to $30 million in total rewards, while expanding its scope to cover security issues impacting enterprise software, messengers, and Wi-Fi/baseband.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.