Empower security teams to be UX innovators


Article by Gregg Ostrowski, CTO of Cisco AppDynamics.

To bring value to a company and its customers, applications must provide an excellent user experience. If an app’s performance lags, or if a customer doesn’t believe their data is being handled securely, they will eventually delete the app and move on. According to a recent study by Cisco AppDynamics, The App Attention Index, 76% of Australian respondents believe it is the responsibility of the brand to ensure that the digital service or application works perfectly.

In the modern digital landscape, where software increasingly relies on cloud-based and distributed services, the security perimeter has expanded significantly, which means that the need to provide a safe and reliable environment for users is more important than ever, but it can’t be at the cost of making security requirements so punitive that they drive users away.

Security at the heart of the software lifecycle

Technologists understand that there is an opportunity to improve application security by making it a central part of the development cycle, rather than an afterthought. Traditional UX and security teams can no longer afford to work independently, but instead must work together to get a holistic view of the entire IT stack to meet the increased demand for application performance. Other key findings from the Agents of Transformation 2021: the rise of full-stack observability report found that 97% of Australian IT professionals recognize the negative consequences of not using systems that provide insight into the whole of the computer park, integrating performance as well as security.

Instead of just focusing on security, security teams must also contribute to innovation, where they can introduce the latest advancements that can improve user experience while ensuring security. It seems counterintuitive based on previous silo-based IT organizations to suggest that robust security and a positive user experience go hand in hand. From the user’s point of view, the less intrusive an application’s security requirements, the better the experience. For example, if they receive frequent reminders to enter or update passwords, they will be irritated and frustrated. Thus, technologists have the difficult task of finding a balance, which is much more difficult to achieve if safety is not a key consideration early in the development process.

Clearly, in order for businesses to remain competitive and relevant, companies cannot afford to stagnate while their competitors evolve. Like the ever-swimming shark, they must keep moving if they want to survive. Too often, security teams are currently viewed not as innovators, but rather as barriers to speed. The real opportunity lies in using security teams to deliver new innovations that improve the overall application experience for end users.

Meet the expectations of end users

With the explosion of digital transformation, software application users have grown to expect the best. In fact, 63% of Australians say their expectations of digital services have changed forever and therefore will not tolerate poor performance at all. Users need high-performance, always-on services and platforms they can trust to keep their personal data secure.

If data is not handled securely and a breach occurs, customers will feel betrayed, and rightly so – brand loyalty suffers – and once a customer’s trust is lost, it is very difficult to recover it. No mistakes can be made in the application development cycle and security must be tightly integrated directly into an application from the start. This synchronized approach between the UX and security teams will ensure that the user experience is the best it can be. If security is not a priority in the development process, end users are more likely to be the ones discovering bugs, rather than the developers.

DevSecOps and breaking down silos

When application security is executed correctly, software teams are able to respond to threats more effectively, which builds trust and creates a good customer experience. In DevOps, which is the predominant framework for software development, developers and operations teams are combined to provide an agile approach to software iteration and deployment. Although this methodology places great emphasis on optimizing delivery speed, security testing tends to be added after the development process, which makes software harder to debug and takes longer to fix. hence the common belief among development teams that security slows down the development cycle.

DevSecOps is a modern approach that takes advantage of all the benefits of DevOps but integrates security from the start of a development project. When security teams and development teams work together, security issues are even faster to resolve and will often be identified before they impact the end user or business. When security is built into the software architecture, costly and time-consuming security patches or software updates are less likely to be required. A recent report by ESG Research found that 78% of organizations with a mature DevSecOps approach were able to deploy code faster.

The Rise of Full Observability

DevSecOps maturity is largely correlated with better collaboration between teams. But to effectively use the DevSecOps methodology, all team members must be operating on the same page, with the same observability view where every application is built from start to finish. Using a comprehensive observability platform, an organization gets an in-depth view into the behavior, performance, and health of not just its application, but the entire supporting infrastructure.

Instead of DevOps and security teams working in silos with disparate, domain-centric tools that provide disconnected data, comprehensive observability provides a “single window” view of the entire IT estate that aligns teams around a shared common context, accelerating response times and reducing application downtime. Having a system that integrates performance and security data, including real-time threats and exploits, enables teams to effectively address issues that impact the customer experience.

When development, security, and operations teams work together, they can ensure system reliability and exceed customer expectations. More secure applications provide a better user experience, fostering customer loyalty and trust, which can only benefit the business.

Article by AppDynamics Executive CTO, Gregg Ostrowski.


Comments are closed.