How Enterprise Design Thinking Can Improve Data Security Solutions

March 4, 2021
| |
3 min read

“Design must reflect the practical and aesthetic in business, but above all … good design must primarily serve people,” said Thomas J. Watson, a man synonymous with IBM. To no one’s surprise, he was a proponent of good enterprise design.

Design must serve people. It simply makes sense that a well-designed product can meet the needs of the people using it well. This is very key in cybersecurity, and in data security solutions to be specific. When defending against a breach, having a platform that not only works, but is also designed to function smoothly could mean the difference between a quick response or possibly missing the signs of a breach.

Why Use Enterprise Design Thinking for Data Security Solutions?

Forrester Research’s Total Economic Impact of IBM’s Design Thinking Practice, a study commissioned by IBM to explore the value clients gain from using design thinking, found that a human-centered approach to design improved product outcomes, reduced the risk of costly failures and increased portfolio profitability. This, in turn, translates to $18.6 million in increased profits.

That example spans multiple industries and products — the study was built from a survey of 60 midsized and enterprise businesses. Let’s take a look at how data security solutions stand to benefit from an increased focus on design thinking and good design.

Learn more about Guardium Insights

Defining Enterprise Design Thinking

Before we dive into how enterprise design can enhance data security solutions, start at the top: What is enterprise design thinking?

Enterprise design thinking is a framework used to help teams across multiple industries focus on the true purpose of a design: to serve the customer and solve their problems. It involves a human-first approach to designing a product or concept that scales into the enterprise.

Overstuffed or Half-Baked: Current Challenges With Data Security Solution Design

Certainly, that translates well to the data security solution space. Designing a platform with the customer (such as a chief information security officer, data security specialist or team of specialists) in mind is not only needed to keep clients satisfied but also is key in helping to spot and stop a breach from occurring.

That seems like a big leap in logic, doesn’t it? It could be, until one considers the context.

If a vendor is developing a solution based on that vendor’s own assumptions, perhaps stuffing it with the latest buzzy features — solving problems that only exist when one merges magical thinking and too many analyst reports — isn’t the way. The customer is going to have to wade through a trove of unnecessary functions just to accomplish day-to-day tasks. Worse yet, that same vendor could provide too few features. They might provide a solution that solves the problem du jour rather than focusing on the whole of a customer’s challenges.

Where Security Teams Meet Design Thinking

The issue of solutions not being able to do enough, or doing the wrong things, does not solely belong at the feet of data security solution vendors.

In fact, as Forbes Technology Council member Rajat Mohanty says, the current approach that security teams take of trying to “firefight” the crisis of the day “creates its own problems, though — namely a constant state of reactivity and a pipeline of one-off products and programs that add up to an unmanageable jigsaw puzzle where no piece fits perfectly with any other.”

So, rather than vendors answering the whole of a customer’s problems, security teams must resort to managing multiple point solutions and the daily demand of threat alerts. Vendors then create new point solutions to solve part of the problem. Then, new problems arise. On and on it goes.

Where does it end? It ends with developers and designers working with customers to grasp the big picture. They need to truly understand where these point solutions leave gaps and how a better, more effective platform can be designed and rolled out.

That has to be the answer. According to TechRadar, 53% of organizations report they are at a tool ‘tipping point,’ wherein tool sprawl has begun to adversely affect their defensive efforts.

Design the Forest or the Trees

When it comes to design thinking, the experts put it best.

Brady Starr, program director of design at IBM Security, notes, “When we combine insights from frontline product users with Enterprise Design Thinking, we aim to and do deliver innovations that solve the problems keeping data security specialists up at night.”

That should be a given when solutions are designed, but how can a vendor be sure their solution won’t just be another point solution in the graveyard of half-designed defensive tools? Brady goes on to say that, “more importantly, we design experiences that are easy to use, answering the questions of ‘will these innovations solve the right problem?’ Will they actually save time? Will they be easy to use?”

Solving the right problem is the problem as threat landscapes expand in the hybrid cloud. But with data security platforms built on good Enterprise Design Thinking principles, you can tame those threats and curtail tool sprawl.

Learn more about how IBM Security Guardium Insights for Cloud Pak for Security is designed and built. Discover data security in the modern, hybrid multicloud environment.

Ryan Schwartz
Product Marketing Manager, IBM Security Guardium Insights for IBM Cloud Pak for Security

Ryan has been with IBM since 2016 in a variety of roles and across an array of solutions - from sales to marketing and endpoint management to data security. ...
read more