Ease of Use as a Competitive Advantage for Security Products

Security products historically prioritized features over usability. Vendors should prompt users as last resort, make intelligent decisions on users' behalf, and let products run unobtrusively—users should forget the product is installed. When security products make informed decisions, naive users are prevented from weakening security.

Historically, information security vendors have focused on features tied to strengthening security features of their products. Unfortunately, this often meant that usability suffered. As the consumer security software market matures, it’s no longer sufficient to rely on the security feature set: vendors must pay attention to the product’s ease of use to remain competitive. They might even turn ease of use into a competitive advantage.

Intuitive User Interface

Ease of use involves putting effort into cleaning up the menu presented to the user and testing other aspects of the interface to make it natural for people to find the desired information and take intended actions. It also involves creating software that can be used without a manual and providing clear context-sensitive help anyway, just in case. But even that’s not enough.

Prompt the User as the Last Resort

Remember when updating anti-virus signatures meant launching Live Update, then clicking Next, Next, Next and OK? That era of security software treated every routine operation as a user interaction opportunity. It was bad interface design.

Security products marketed to consumers need to stop prompting the user with irrelevant messages or asking unnecessary questions. Prompting the user should be the last resort. To paraphrase Luis Corrons from PandaLabs, the user should forget that the product is even installed under normal conditions. Unfortunately, this idea is in conflict with the vendors’ desire to remind the user that the product is providing value, so he appreciates its presence and agrees to pay when it’s time to renew the software license.

Intelligent Decision Making

Consider a consumer security tool that prompts the user for any new outbound connection. Most users will find this unnecessary and annoying, and will disable or uninstall the product. Instead, the vendor can make the firewall smarter, so it can make intelligent decisions on the user’s behalf whenever possible. Operating as part of an endpoint security suite, the firewall can incorporate not only vendor-built profiles of known, trusted applications into its decision making, but can also account for other behavioral observations when deciding whether to allow the connection.

Modern endpoint security has proven that software can handle far more than simple allow-or-block decisions. Behavioral analysis, machine learning models, and threat intelligence data allow security products to assess context, weigh risk factors, and act on the user’s behalf with a degree of nuance that was difficult to achieve when this article was first written.

When the security product makes informed decisions on the user’s behalf whenever practical, naive users are prevented from making decisions that weaken the system’s security. Moreover, they are encouraged to install the product, keep it active and recommend it to their friends.

There will always be power-users who will want lots of visibility into inner-workings of the product to derive optimum security from it. From the perspective of the larger market, a strong security product can be made even better by making it as unobtrusive as possible, and then continuing to think about making it even easier to use. In this case, ease of use can become a competitive advantage.

For more on how security products can stand out, see my post Low Price as a Differentiator for Information Security Products.