Ease of Use as a Competitive Advantage for Security Products

Historically, information security vendors have focused on features tied to strengthening security features of their products. Unfortunately, this often meant that usability suffered. As the consumer security software market matures, it’s no longer sufficient to rely on the security feature set: vendors must pay attention to the product’s ease of use to remain competitive. They might even turn ease of use into a competitive advantage.

Intuitive User Interface

Ease of use involves putting effort into cleaning up the menu presented to the user and testing other aspects of the interface to make it natural for people to find the desired information and take intended actions. It also involves creating software that can be used without a manual and providing clear context-sensitive help anyway, just in case. But even that’s not enough.

Prompt the User as the Last Resort

Remember from a while back when to update anti-virus signatures, you had to bring up Live Update or its equivalent, then click Next, Next, Next again and then OK? That was bad user interface design.

Security products marketed to consumers need to stop prompting the user with irrelevant messages or asking unnecessary questions. Prompting the user should be the last resort. To paraphrase Luis Corrons from PandaLabs, the user should forget that the product is even installed under normal conditions. Unfortunately, this idea is in conflict with the vendors’ desire to remind the user that the product is providing value, so he appreciates its presence and agrees to pay when it’s time to renew the software license.

Intelligent Decision Making

Consider personal firewall software that prompts the user for any new outbound connection. Most users will find this unnecessary and annoying, and will disable or uninstall the product. Instead, the vendor can make the firewall smarter, so it can make intelligent decisions on the user’s behalf whenever possible. Operating as part of an endpoint security suite, the firewall can incorporate not only vendor-built profiles of known, trusted applications into its decision making, but can also account for other behavioral observations when deciding whether to allow the connection.

The progress of modern computing, in support of the Church-Turing thesis, shows that highly complex of computations can be made by automated systems. Such artificial intelligence far exceeds the simple yes-no decisions that their building blocks are designed for. Computers can do more than merely automate simple repetitive tasks.

When the security product makes informed decisions on the user's behalf whenever practical, naive users are prevented from making decisions that weaken the system's security. Moreover, they are encouraged to install the product, keep it active and recommend it to their friends.

There will always be power-users who will want lots of visibility into inner-workings of the product to derive optimum security from it. From the perspective of the larger market, a strong security product can be made even better by making it as unobtrusive as possible, and then continuing to think about making it even easier to use. In this case, ease of use can become a competitive advantage.


For a different perspective on this issue, take a look at Kurt Wismer's post Security: It’s Almost Like It Isn't There. I incorporated some text from the comment I left at Kurt’s blog in this note.

For more on how security products can stand out, see my post Low Price as a Differentiator for Information Security Products.


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more