How does combining UX with Agility-at-Scale improve security?

by Larry Marine

Solutions are rarely pure and simple; they often are balanced between the systems’ and users’ needs. Take digital security; as the old saying goes, “The best security is to unplug the computer,” except the users can’t get any work done. The opposite is also true: removing the security makes the system more efficient but becomes vulnerable. Achieving equilibrium between these extremes is particularly crucial when integrating digital security measures that must be effective and user-friendly.? Agile methodologies offer a framework that supports this balance, emphasizing early and continuous delivery of valuable software that includes built-in security measures from the start.?

Security that’s too tight or cumbersome invites workarounds. For instance, requiring users to change their passwords monthly seems like an effective security measure. However, in practice, people can’t remember all their passwords and instead write them down somewhere, which nulls this security measure.??

Avoid reinventing the wheel; use what you know already works for other systems. Users are often familiar with common security measures and trust and prefer security features they are already accustomed to. Building your own security systems demands that you constantly maintain them, thus draining resources from those things that create value.?

Tension or mistrust often exists between security architects and application developers when the latter aren’t provided with timely solutions relevant to security risks, controls, and existing architecture standards. This results in poor design or coding decisions up front that requires additional effort later.?? Agile principles advocate for early and continuous delivery of valuable software, which aligns with the need to integrate security from the outset of any project. This approach ensures that security measures are not an afterthought but woven into the development process. It allows for adapting security measures to emerging threats without compromising project timelines, ensuring the delivered software is fully tested, secure, and functional.?

“Inspecting” happens too late in the value delivery process. Researching the users BEFORE building anything ensures that you have built-in quality. You will never get it right the first time, so inspecting after you’ve built something means you will find the problems AFTER you’ve built them into the solution. This requires rework that interrupts the flow of delivering value.??

One solution involves improving your culture of shared responsibility and reward. Creating cross-functional teams that include security experts, developers, and UX designers is essential. This collaborative environment ensures that security and user experience are considered equally and integrated seamlessly into the product. It fosters a holistic view of the project where security measures enhance rather than hinder the user experience, leading to the development of products that are not only secure but also intuitive and user-friendly.?

At LSA Digital, we specialize in helping you implement agile user-centered security methods at the team and Scale.? Contact us to learn more about how we can help your organization achieve this balance and enhance your security posture and efficiency. This is what we do, and we love talking about it.?

Integrating Agile and UX identifies opportunities to optimize processes and develop secure solutions that transform user productivity. We offer a free hour of UX-oriented analysis to identify your potential solution approaches.?

Speak with Larry for your free hour of UX analysis: [email protected]??

Our UX Director, Larry Marine, is a published author with a litany of market leading product successes for various types of clients including American Airlines, Vanguard Investments, Optum Health, and many more. He has 35 years of expertise to draw on and is a recognized thought leader throughout the UX community.?

?

Larry is also a seasoned AI design professional. He has designed and guided the implementation of several AI projects for the Air Force. His Cognitive Science degree included AI and Neural Networking classes and projects. He earned certificates in AI from Stanford and MIT and guided UX research and design for the Air Force’s AI Accelerator at MIT for a year.?