“The ability to put security into the context of the user and in the flow of their regular interactions with your service makes it less necessary for you to have millions of security engineers to monitor what’s going on, because some of that is now in the hands of the consumer where they are able to make those better decisions.” ~ Adrian Ludwig, Atlassian
Getting Users Involved In Their Security
In this episode of CISO Series Defense in Depth, sponsored by Castle, David Spark and Allan Alford sit down with Adrian Ludwig, CISO, Atlassian. Alan and Adrian dig into how software and our security programs can be better architected to get users involved in their own security.
When issues like reusing passwords, phishing and credential stuffing attacks are a constant problem, when and how do we involve our users? We want to prevent account takeover but ensure we are still providing a good user experience to our customers. How do we involve them in remediation? Can we automate that experience as well to make it as clean as our first notification of suspicion?
The perspectives of Alan and Adrian prove there is a lot more to do in order to improve user experience but getting users involved and better understanding and acting on risk are key components to not only providing better user security but also enabling security teams to be more effective. Solutions on the consumer side are leading the way here with robust risk engines and automation to interact with users for feedback and remediating account recovery.
Listen now to hear this episode on Defense in Depth – User-Centric Security.
Key topics discussed:
- Why users are integral to user security systems and programs.
- Why security needs to be defined in the context of a user and how you can expect them to operate in good faith.
- How to avoid complexity, because as soon as it’s introduced it drives problems everywhere.
- Why it’s important to keep asking: how can I make security more usable.
- How to minimize alert fatigue on your users and make it relevant and actionable.
- How risk engines can allow you to better engage with the user so they can participate in their own security.
Castle enjoyed sponsoring this insightful podcast with CISO Series Defense in Depth. Many thanks to David and Alan from CISO Series, and to Adrian from Atlassian!