“Design must reflect the practical and aesthetic in business, but above all … good design must primarily serve people,” said Thomas J. Watson, a man synonymous with IBM. To no one’s surprise, he was a proponent of good enterprise design.

Design must serve people. It simply makes sense that a well-designed product can meet the needs of the people using it well. This is very key in cybersecurity, and in data security solutions to be specific. When defending against a breach, having a platform that not only works, but is also designed to function smoothly could mean the difference between a quick response or possibly missing the signs of a breach.

Why Use Enterprise Design Thinking for Data Security Solutions?

Forrester Research’s Total Economic Impact of IBM’s Design Thinking Practice, a study commissioned by IBM to explore the value clients gain from using design thinking, found that a human-centered approach to design improved product outcomes, reduced the risk of costly failures and increased portfolio profitability. This, in turn, translates to $18.6 million in increased profits.

That example spans multiple industries and products — the study was built from a survey of 60 midsized and enterprise businesses. Let’s take a look at how data security solutions stand to benefit from an increased focus on design thinking and good design.

Learn more about Guardium Insights

Defining Enterprise Design Thinking

Before we dive into how enterprise design can enhance data security solutions, start at the top: What is enterprise design thinking?

Enterprise design thinking is a framework used to help teams across multiple industries focus on the true purpose of a design: to serve the customer and solve their problems. It involves a human-first approach to designing a product or concept that scales into the enterprise.

Overstuffed or Half-Baked: Current Challenges With Data Security Solution Design

Certainly, that translates well to the data security solution space. Designing a platform with the customer (such as a chief information security officer, data security specialist or team of specialists) in mind is not only needed to keep clients satisfied but also is key in helping to spot and stop a breach from occurring.

That seems like a big leap in logic, doesn’t it? It could be, until one considers the context.

If a vendor is developing a solution based on that vendor’s own assumptions, perhaps stuffing it with the latest buzzy features — solving problems that only exist when one merges magical thinking and too many analyst reports — isn’t the way. The customer is going to have to wade through a trove of unnecessary functions just to accomplish day-to-day tasks. Worse yet, that same vendor could provide too few features. They might provide a solution that solves the problem du jour rather than focusing on the whole of a customer’s challenges.

Where Security Teams Meet Design Thinking

The issue of solutions not being able to do enough, or doing the wrong things, does not solely belong at the feet of data security solution vendors.

In fact, as Forbes Technology Council member Rajat Mohanty says, the current approach that security teams take of trying to “firefight” the crisis of the day “creates its own problems, though — namely a constant state of reactivity and a pipeline of one-off products and programs that add up to an unmanageable jigsaw puzzle where no piece fits perfectly with any other.”

So, rather than vendors answering the whole of a customer’s problems, security teams must resort to managing multiple point solutions and the daily demand of threat alerts. Vendors then create new point solutions to solve part of the problem. Then, new problems arise. On and on it goes.

Where does it end? It ends with developers and designers working with customers to grasp the big picture. They need to truly understand where these point solutions leave gaps and how a better, more effective platform can be designed and rolled out.

That has to be the answer. According to TechRadar, 53% of organizations report they are at a tool ‘tipping point,’ wherein tool sprawl has begun to adversely affect their defensive efforts.

Design the Forest or the Trees

When it comes to design thinking, the experts put it best.

Brady Starr, program director of design at IBM Security, notes, “When we combine insights from frontline product users with Enterprise Design Thinking, we aim to and do deliver innovations that solve the problems keeping data security specialists up at night.”

That should be a given when solutions are designed, but how can a vendor be sure their solution won’t just be another point solution in the graveyard of half-designed defensive tools? Brady goes on to say that, “more importantly, we design experiences that are easy to use, answering the questions of ‘will these innovations solve the right problem?’ Will they actually save time? Will they be easy to use?”

Solving the right problem is the problem as threat landscapes expand in the hybrid cloud. But with data security platforms built on good Enterprise Design Thinking principles, you can tame those threats and curtail tool sprawl.

Learn more about how IBM Security Guardium Insights for Cloud Pak for Security is designed and built. Discover data security in the modern, hybrid multicloud environment.

More from Data Protection

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Advanced analytics can help detect insider threats rapidly

2 min read - While external cyber threats capture headlines, the rise of insider threats from within an organization is a growing concern. In 2023, the average cost of a data breach caused by an insider reached $4.90 million, 9.6% higher than the global average data breach cost of $4.45 million. To effectively combat this danger, integrating advanced analytics into data security software has become a critical and proactive defense strategy. Understanding insider threats Insider threats come from users who abuse authorized access to…