As customers face a rising variety of authentication prompts, safety checks and compliance necessities, organizations have to pay extra consideration to the friction — and safety dangers — these safeguards can create.
That is the view of Texas A&M College System CIO Vince Kellen, who argues that implementing high-security protocols on the expense of usability and consumer expertise now not serves as an efficient cybersecurity technique.
The problem, he defined, is defending customers with out creating a lot friction that they search for methods round safety controls.
“Except the [user] expertise is fantastic, you possibly can’t have excessive safety,” Kellen stated, in an interview with InformationWeek through the latest Cisco Dwell occasion in Las Vegas.
With out attaining each excessive safety and excessive visibility into the community, along with a seamless consumer expertise, “the consumer will invent methods round you,” he added.
Why customers bypass safety controls
Kellen pointed to multifactor authentication as one space the place customers have gotten annoyed with the hoops they’ve to leap by means of to entry their accounts.
“You go to websites, and it is not simply two-factor authentication — in some circumstances, it is 4 or 5,” he stated. Layering a number of safety applied sciences with out contemplating the consumer expertise can complicate cybersecurity packages and diminish their effectiveness.
That concern additionally impacts how Kellen views zero-trust architectures, which he described as a vital a part of his safety technique for Texas A&M College System. The community he oversees consists of 12 universities and eight state businesses — every with its personal CIO.
The important thing elements of zero belief safety are entry and motion — who has entry to functions, and what’s occurring on the community (the motion), he defined. For instance, through the use of real-time packet inspection for risk detection and software-defined networking, a corporation might flag an occasion through which a consumer is making an attempt to share personal knowledge. This method additionally accelerates response time to potential safety threats.
“The community will say, ‘OK, Vince, it appears such as you’re transmitting HIPAA knowledge. We’ll instantly begin to deploy real-time coverage round your flows and your laptop to redirect and alter this,'” Kellen stated.
The aim is to maneuver extra of the enforcement into the know-how itself, he stated — fairly than rely on customers to acknowledge each threat or make the proper safety determination.
AI brokers aren’t a particular safety case
Kellen applies an identical view to securing agentic AI. He stated he would not “fret about brokers” however views them in the identical method as securing human customers.
“I attempt to not get terribly freaked out simply because the factor known as an agent,” Kellen stated.
For Kellen, securing agentic AI builds on lots of the similar ideas CIOs already apply to customers and units. Brokers nonetheless want id, visibility, behavioral monitoring, and coverage enforcement.
He added that he does fear about “semantic drift” — fashions that regularly diverge from their meant habits — and what he known as “semantic malfeasance,” brokers that act opposite to their meant function.
Behavioral monitoring provides one option to determine agent or mannequin drift, Kellen stated, noting that organizations have traditionally utilized such monitoring to customers and units.
With regards to encouraging behavioral modifications in people, Kellen stated that cybersecurity trainings are helpful for nudging customers to adjust to safety insurance policies, however coaching can not carry the complete burden of cybersecurity.
“The technical controls must win,” Kellen stated.
Customers would possibly chastise themselves for falling for a phishing try, however people are naturally trusting by nature, he identified. Because of this, sturdy cybersecurity coverage and applied sciences are wanted to compensate for human error.
Technical controls additionally carry out higher after they’re “as invisible to the consumer as potential,” so measures like biometrics can improve usability.
However, Kellen added, “we’re nonetheless a few years away from an actual seamless [security] expertise.”
