It is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex to fulfill the business needs or it is simply not possible to run a business within the limits of the security policies. Do not get me wrong: Security always comes with a certain level of inconvenience – but the question is always whether we are able to find the balance between usability, the business needs and the risk management of a company.

Butler Lampson, a Technical Fellow with Microsoft Research, wrote an article on ACM called Usable Security: How to Get It which is definitely worth reading.

Roger

Digg This