Why technical architects will never make a solution secure
In one form or another, human error is the overwhelming cause of sensitive data loss, responsible for 75 percent of all occurrences. User error is directly responsible for one in every two cases (50 percent) while violations of policy – intended, accidental and inadvertent – is responsible for one in every four cases (25 percent). Malicious activity in the form of Internet-based threats, attacks and hacks is responsible for one in every five occurrences.
This statistic is worth paying attention to. I’ve worked with numerous clients, and particularly banks, who invest sigificant effort and investment designing complex, expensive (and often over-engineered) solutions to ensure their systems are immune from external threats.
The usability story is generally being won at the customer facing website level, so they invest in usability there. But when it comes to employee facing applications? “They’ll get what they get given” seems to be an all too common story.
The thing is, IT spend is dictated by people whose professional lives are rooted in technical architectures and physical boxes; the message that the real threat to their systems is “information architecture” and boxes on screens is one that will challenge them more than any hacker will.