“Design must reflect the practical and aesthetic in business, but above all … good design must primarily serve people,” said Thomas J. Watson, a man synonymous with IBM. To no one’s surprise, he was a proponent of good enterprise design.

Design must serve people. It simply makes sense that a well-designed product can meet the needs of the people using it well. This is very key in cybersecurity, and in data security solutions to be specific. When defending against a breach, having a platform that not only works, but is also designed to function smoothly could mean the difference between a quick response or possibly missing the signs of a breach.

Why Use Enterprise Design Thinking for Data Security Solutions?

Forrester Research’s Total Economic Impact of IBM’s Design Thinking Practice, a study commissioned by IBM to explore the value clients gain from using design thinking, found that a human-centered approach to design improved product outcomes, reduced the risk of costly failures and increased portfolio profitability. This, in turn, translates to $18.6 million in increased profits.

That example spans multiple industries and products — the study was built from a survey of 60 midsized and enterprise businesses. Let’s take a look at how data security solutions stand to benefit from an increased focus on design thinking and good design.

Learn more about Guardium Insights

Defining Enterprise Design Thinking

Before we dive into how enterprise design can enhance data security solutions, start at the top: What is enterprise design thinking?

Enterprise design thinking is a framework used to help teams across multiple industries focus on the true purpose of a design: to serve the customer and solve their problems. It involves a human-first approach to designing a product or concept that scales into the enterprise.

Overstuffed or Half-Baked: Current Challenges With Data Security Solution Design

Certainly, that translates well to the data security solution space. Designing a platform with the customer (such as a chief information security officer, data security specialist or team of specialists) in mind is not only needed to keep clients satisfied but also is key in helping to spot and stop a breach from occurring.

That seems like a big leap in logic, doesn’t it? It could be, until one considers the context.

If a vendor is developing a solution based on that vendor’s own assumptions, perhaps stuffing it with the latest buzzy features — solving problems that only exist when one merges magical thinking and too many analyst reports — isn’t the way. The customer is going to have to wade through a trove of unnecessary functions just to accomplish day-to-day tasks. Worse yet, that same vendor could provide too few features. They might provide a solution that solves the problem du jour rather than focusing on the whole of a customer’s challenges.

Where Security Teams Meet Design Thinking

The issue of solutions not being able to do enough, or doing the wrong things, does not solely belong at the feet of data security solution vendors.

In fact, as Forbes Technology Council member Rajat Mohanty says, the current approach that security teams take of trying to “firefight” the crisis of the day “creates its own problems, though — namely a constant state of reactivity and a pipeline of one-off products and programs that add up to an unmanageable jigsaw puzzle where no piece fits perfectly with any other.”

So, rather than vendors answering the whole of a customer’s problems, security teams must resort to managing multiple point solutions and the daily demand of threat alerts. Vendors then create new point solutions to solve part of the problem. Then, new problems arise. On and on it goes.

Where does it end? It ends with developers and designers working with customers to grasp the big picture. They need to truly understand where these point solutions leave gaps and how a better, more effective platform can be designed and rolled out.

That has to be the answer. According to TechRadar, 53% of organizations report they are at a tool ‘tipping point,’ wherein tool sprawl has begun to adversely affect their defensive efforts.

Design the Forest or the Trees

When it comes to design thinking, the experts put it best.

Brady Starr, program director of design at IBM Security, notes, “When we combine insights from frontline product users with Enterprise Design Thinking, we aim to and do deliver innovations that solve the problems keeping data security specialists up at night.”

That should be a given when solutions are designed, but how can a vendor be sure their solution won’t just be another point solution in the graveyard of half-designed defensive tools? Brady goes on to say that, “more importantly, we design experiences that are easy to use, answering the questions of ‘will these innovations solve the right problem?’ Will they actually save time? Will they be easy to use?”

Solving the right problem is the problem as threat landscapes expand in the hybrid cloud. But with data security platforms built on good Enterprise Design Thinking principles, you can tame those threats and curtail tool sprawl.

Learn more about how IBM Security Guardium Insights for Cloud Pak for Security is designed and built. Discover data security in the modern, hybrid multicloud environment.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today