Maximum security requires by definition a “closed system” whereas maximum utility requires “openness.” Is it possible to reconcile these two extremes? Can a highly secure system actually be easy to use?

With the exponential adoption of technology, highly interconnected computer & telecommunications systems have become an indispensible component of modern societies. Our reliance on information technology has penetrated almost every facet of daily life. Our critical services, financial systems, transportation and commerce rely upon the confidentiality, integrity and availability of these systems. Notwithstanding some promising advances, networked systems remain highly vulnerable to attack and exploitation by hackers, cyber criminals and terrorists despite the significant efforts and investments that have been put forth to detect, deter and mitigate these threats.

Most experts agree that the security of any information system is only as strong as its weakest link; the human beings who create and use them. This paper explores some of the root causes of the usability problem and how proper security practices are consistently being ignored or circumvented by the very users and organizations they were designed to protect.

We propose that this reality must be understood and addressed in order for systems engineers to architect effective, easy-to-use security solutions that enhance rather than limit system utility. In our paper, we propose that the security systems of the future must be highly convenient, largely transparent to end users, fully integrated across security domains, threat aware, and able to modify security policies “on the fly” in response to changing threat environments.

In a culture driven by convenience, one-stop-shopping and near universal access to information, system users will continue to find ways to circumvent even basic security protocols if they are too onerous and burdensome. While highly complex, inter-connected systems will always have flaws that can be exploited; the vast majority of attacks on cyber-infrastructure are made possible because of human nature.

Technology has become an indispensible tool for modern societies. Has our reliance upon technology become a two-edged sword? We argue that as hackers, cyber criminals, and terrorists become more technically sophisticated, the very technology that contributed to the rise of the western world is being exploited as one our greatest weaknesses by those with nefarious intent. Our paper concludes that to stem the tide, the security community must address some of these root causes of cyber insecurity.

To cite this article: Vidali, Ari. “Striking the Balance: Security vs. Utility”, 7 February 2009.