Is Good Enough Security Good Enough?

The balance of convenience and security is currently one of the most challenging aspects of connected businesses. While governments and entities are currently debating over how encryption hinders the fight against terrorism, companies also face similar dilemmas on a daily basis, often digital security is seen as an inconvenience by the end users.

The same does not apply to the non-digital world, people are used to inconveniences like fastening the seatbelt in a vehicle, or working a complex alarm system to enter or leave their houses, and the reason is that we understand the risks associated with those inconveniences.

But then again, when we deal with the digital world is not always easy to achieve the same sense of balance between inconveniences and security, as users we don’t like to deal with passwords, security questions, multi-factor authentication schemes, or any other stride towards a higher degree of security, in fact we often have difficulty recognizing the benefits of those annoyances.

But the good news is that people are much more conscious nowadays, they adapt more easily to new improvements in technology. It took 62 years since Henry Ford began building cars so the seatbelt became a standard in the US, but the same pace of awareness should not be applied to the digital world, more and more information are being exchanged online, digitally stored and algorithmically sorted, we are still learning how to live with all those data, how to quantify it, how to qualify it, how to store it, and most important how to protect it.

Sometimes digital security has more to do with users interacting with data and systems, than the protections of those systems itself, for instance, if a system demands a very complex password scheme the user will end up writing that password in the notepad at his desk, because users will constantly choose convenience over security if the protection layer demands “too much”.

Now, the real question relies in determining what is “too much” and when it pays to have a specific security feature in place, thus I would like to share just three good practices that will help you to answer that question:

  1. Be aware of the security risks involved, 74% of the companies had a security incident within the previous 12 months, and 71% of those compromises where undetected.
  2. Classify your information, we don’t need to put any security effort to protect ordinary lunch invites or the weekly grocery list. However, if you need to protect sensitive information you may go all the way.
  3. Sometimes the risk analysis can become inconclusive, if that is the case, choose security.

We are starting to accept security into our digital life, there are good technologies out there being developed that aims to protect our information and identity, I’ve been doing this for more than 10 years, with the aim to provide the uppermost degree of security with reasonable fewest trade-offs, at least while waiting for digital security to become a commodity in the future.


By Leonardo Cooper
CTO of SIKUR

Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.