Built-in versus bolt-on – why security should never be an after thought

We are all looking to do more, be more productive, efficient and organised. With a plethora of unified communication solutions promising to boost productivity by using time in a smarter way, it’s easy to see how these applications are appealing. But are they secure?

Not all applications are created equally

We often hear of high profile security breaches and the resulting financial and reputational issues they cause. This alone should be motivation for product creators to implement adequate security controls into their solutions. However, speed to market and functionality improvements can often take precedence over security.

When purchasing a new car, we take for granted that safety features have been built in, we don’t ask whether we need to retrofit seatbelts and air bags. Car manufacturers have reinvented the way cars are designed, with passenger safety at the heart of the critical thinking design process. The net result is a product that is secure by design with features that work in unison.

Education not blame

Too often employees are cited as the ‘weakest link’ and are blamed for being the cause of security incidents. In reality, these incidents are often caused by users just trying to get their work done, but in the face of complex and poorly designed applications, they are being put in the position of understanding and making complex security decisions beyond their realm of expertise. Secure communications should be just that, secure by default. Security should be there without the user having to think about it, they are not the experts and we should not expect them to make decisions like one.

For example, a secure messaging application might be required to block pasting text out of the app and perhaps even pasting in. However, from a usability point of view, if the message is a phone number or email address, the user probably wants to be able to paste that across into their dialler or email app, rather than having to retype it. Security and usability have to be carefully balanced.

Businesses need to ensure their employees have the right tools required to carry out the job. If users need to have conversations where the content must remain confidential, then organisations need to provide the appropriate solution that enables this transparently. Which means by default removing burden from the user and ensuring that information is not put at risk.

The way forward

It’s time to stop apportioning blame and seeking to ‘fix the user’ but instead design technology to fit the business process and how people behave, rather than asking employees to adjust themselves.

Users shouldn’t have to be security experts and bear the burden of using solutions where security has been bolted on as an after thought. Employees should take security seriously and be an educated user – but they shouldn’t need cyber security credentials to do their day job.

Choosing a secure communications solution such as an Armour product is a positive way to address this issue. Armour Mobile solutions are cost-effective, easy to use with technology that is always designed to be government-grade level secure – proven assurance to our customers that we take security seriously.

It’s time for the tech industry as a whole to step up and start thinking about the needs of the user and not hiding behind ‘user error’.