Ideal User Experience vs. Security
Many of my client partners articulate their “Ideal User Experience” as one that enables users to function within their work duties in a manner that the technology is virtually transparent; that the technology is simply a tool that facilitates their work and is NOT a set of hurdles that users must jump over or navigate through in order to perform their job. I have witnessed these non-ideal user experiences in the form of slow processes, inefficient access, binding users to a specific desk location or technology, multiple layers of authentication and access, non-standardized architectures, etc. Ultimately, some users develop a negative connotation to the technology and consider it useless red tape. Users talk and when this happens, substantial discord typically follows.
So…, considering that the User Experience is important and Compliance and Governance are as well; how do you balance the User Experience with Security?