Latest Cyber Security News

You are here: Home / General Cyber Security News / Startup Security Tactics: Friction Surveys
June 21, 2023

When we do quarterly arranging, my workforce categorizes our ambitions in just four evergreen outcomes:

  • Cut down the risk of information security incidents
  • Boost rely on in Vanta’s data security program
  • Lower the friction induced by information security controls
  • Use security know-how to assist the business

    • In this post, I’m heading to concentration on selection 3: decreasing friction.

    Declaring your intentions

    There is value in earning “cutting down friction” an express aim of your security program. It sets the ideal tone with your counterparts throughout the firm, and is one particular stage toward making a positive security lifestyle.

    ✔ Approved From Our Partners
    AOMEI Backupper Lifetime

    Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

    Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

    ➤ Activate Your Coupon Code


    The first time I presented those people results in a firm-large forum, I acquired a Slack message from a senior chief who experienced just joined the organization:

    “great to listen to about the security’s teams aim on taking away invisible security controls. Great philosophy for the security crew

    […]

    its just great

    as well numerous security teams watch security as an unique tradeoff between workforce operating electricity and security”

    Hidden friction

    At times, when introducing new security controls, you are building a effectively deemed tradeoff concerning security and consumer working experience. There are a selection of situations where friction just isn’t so plainly understood:

  • The friction triggered by a security handle is not nicely understood by you or your group ahead of time
  • An individual outside of your group is enabling security controls with superior intentions, but without having informing you or your workforce
  • Personnel attribute an irritating control to the security crew, but it was essentially carried out for totally unrelated reasons

    • Just about every of these scenarios outcomes in hidden friction. Hidden friction corrodes have faith in in your crew, and pushes your security tradition toward negativity.

    A alternative to concealed friction is the friction survey.

    Finding hidden friction

    At Vanta, we operate a bi-yearly employee study to uncover concealed friction. To avoid “study fatigue” when workers are also obtaining polled by means of engagement surveys, we join with two other teams: Company Engineering and Privacy, Risk, and Compliance.

    Each of our 3 teams places jointly a tiny amount of queries to better recognize how the organization views friction induced by our work.

    On the security team, we question 3 concerns:

  • How would you rate the friction brought about by Vanta’s security controls in performing your working day-to-day activities? (1-5 scale)
  • Please describe how and where by security controls have an effect on your get the job done at Vanta.
  • Any other feelings on or feedback about the Security Team or our work? (We might specially really like to listen to from you if you selected 3/neutral or down below for any of the inquiries previously mentioned.)

    • The initially time we ran this survey was in Q2 2022. We obtained constructive ratings, and not substantially actionable suggestions. I are inclined to look at this as a indicator of confined engagement, instead than a rave review.

    We ran the study yet again in Q4 2022, and we experienced significantly much more attention-grabbing effects. We uncovered important sources of friction that had been attributed to security, but had nothing at all to do with our crew.

    We also learned that a lot of people today have been operating into issues with new authentication guidelines we experienced begun rolling out. They didn’t know what the predicted flow was, so when they ran into bugs requiring them to authenticate many times for every day, they assumed it was just aspect of the coverage.

    Using action

    As a end result of the survey, we put alongside one another a document to share with the business summarizing the outcomes and the actions we plan to consider. We want to be as transparent as possible. The intention is to make it apparent when anything has friction due to the fact we manufactured an explicit tradeoff, when we created a miscalculation, and when there is additional context that will support folks comprehend the controls improved.

    Final results

    The friction study is a important device in fighting versus the legacy norms of security lifestyle. By owning favourable doing work interactions with each and every coworker, we will be far much more effective in the other results our workforce seeks to carry out.

    Above time, these success make for a potent method metric and can be tracked as portion of your KPIs.

    Note: This expertly contributed article is prepared by Rob Picard, Security Guide at Vanta. Rob Picard prospects Vanta’s facts security system. Prior to signing up for, he was the founder of a Y Combinator backed security startup, a prolonged-time security specialist, and crafted quite a few security features at Robinhood. He enjoys working with the lessons he has acquired to aid startups create modern, effective, and economical security packages.

    Located this write-up appealing? Follow us on Twitter  and LinkedIn to study far more exclusive written content we write-up.


    Some pieces of this posting are sourced from:
    thehackernews.com

    Reader Interactions

    Leave a Reply

    Your email address will not be published. Required fields are marked *