“Design must reflect the practical and aesthetic in business, but above all … good design must primarily serve people,” said Thomas J. Watson, a man synonymous with IBM. To no one’s surprise, he was a proponent of good enterprise design.

Design must serve people. It simply makes sense that a well-designed product can meet the needs of the people using it well. This is very key in cybersecurity, and in data security solutions to be specific. When defending against a breach, having a platform that not only works, but is also designed to function smoothly could mean the difference between a quick response or possibly missing the signs of a breach.

Why Use Enterprise Design Thinking for Data Security Solutions?

Forrester Research’s Total Economic Impact of IBM’s Design Thinking Practice, a study commissioned by IBM to explore the value clients gain from using design thinking, found that a human-centered approach to design improved product outcomes, reduced the risk of costly failures and increased portfolio profitability. This, in turn, translates to $18.6 million in increased profits.

That example spans multiple industries and products — the study was built from a survey of 60 midsized and enterprise businesses. Let’s take a look at how data security solutions stand to benefit from an increased focus on design thinking and good design.

Learn more about Guardium Insights

Defining Enterprise Design Thinking

Before we dive into how enterprise design can enhance data security solutions, start at the top: What is enterprise design thinking?

Enterprise design thinking is a framework used to help teams across multiple industries focus on the true purpose of a design: to serve the customer and solve their problems. It involves a human-first approach to designing a product or concept that scales into the enterprise.

Overstuffed or Half-Baked: Current Challenges With Data Security Solution Design

Certainly, that translates well to the data security solution space. Designing a platform with the customer (such as a chief information security officer, data security specialist or team of specialists) in mind is not only needed to keep clients satisfied but also is key in helping to spot and stop a breach from occurring.

That seems like a big leap in logic, doesn’t it? It could be, until one considers the context.

If a vendor is developing a solution based on that vendor’s own assumptions, perhaps stuffing it with the latest buzzy features — solving problems that only exist when one merges magical thinking and too many analyst reports — isn’t the way. The customer is going to have to wade through a trove of unnecessary functions just to accomplish day-to-day tasks. Worse yet, that same vendor could provide too few features. They might provide a solution that solves the problem du jour rather than focusing on the whole of a customer’s challenges.

Where Security Teams Meet Design Thinking

The issue of solutions not being able to do enough, or doing the wrong things, does not solely belong at the feet of data security solution vendors.

In fact, as Forbes Technology Council member Rajat Mohanty says, the current approach that security teams take of trying to “firefight” the crisis of the day “creates its own problems, though — namely a constant state of reactivity and a pipeline of one-off products and programs that add up to an unmanageable jigsaw puzzle where no piece fits perfectly with any other.”

So, rather than vendors answering the whole of a customer’s problems, security teams must resort to managing multiple point solutions and the daily demand of threat alerts. Vendors then create new point solutions to solve part of the problem. Then, new problems arise. On and on it goes.

Where does it end? It ends with developers and designers working with customers to grasp the big picture. They need to truly understand where these point solutions leave gaps and how a better, more effective platform can be designed and rolled out.

That has to be the answer. According to TechRadar, 53% of organizations report they are at a tool ‘tipping point,’ wherein tool sprawl has begun to adversely affect their defensive efforts.

Design the Forest or the Trees

When it comes to design thinking, the experts put it best.

Brady Starr, program director of design at IBM Security, notes, “When we combine insights from frontline product users with Enterprise Design Thinking, we aim to and do deliver innovations that solve the problems keeping data security specialists up at night.”

That should be a given when solutions are designed, but how can a vendor be sure their solution won’t just be another point solution in the graveyard of half-designed defensive tools? Brady goes on to say that, “more importantly, we design experiences that are easy to use, answering the questions of ‘will these innovations solve the right problem?’ Will they actually save time? Will they be easy to use?”

Solving the right problem is the problem as threat landscapes expand in the hybrid cloud. But with data security platforms built on good Enterprise Design Thinking principles, you can tame those threats and curtail tool sprawl.

Learn more about how IBM Security Guardium Insights for Cloud Pak for Security is designed and built. Discover data security in the modern, hybrid multicloud environment.

More from Data Protection

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…