Google's recent purchase of Divide got me thinking again about how none of the various dual-persona approaches to BYOD security have really taken off in the market. They sound great on paper, but at the heart of the issue is that they favor security over usability - a big no-no in today's world of end user freedom and empowerment.
What exactly do I mean by "security over usability?" A couple of personal examples of frustration that I have experienced with these tools might help:
- I have a personal Gmail calendar and a work calendar. I like seeing both side-by-side, so that I know that I have a family event on Thursday and can't schedule a work dinner that evening. With two personas and two calendars, I have to use two different apps and two separate calendars to figure out my schedule.
- I want to make a phone call and I have no idea whether I stored the person's phone number directly in my personal contacts on my phone, or through my corporate contacts. So I now need to search two different contacts apps in order to figure out how to call this person.
Mild "first-world" annoyances? Yes. Enough to cause me to want to find my own solutions, which bypass IT's security controls? Absolutely.
I came across this article on Infoworld earlier today, and one paragraph really jumped out at me:
"Security is important, and sometimes usability should be sacrificed for it. But most IT organizations and most vendors secure too much too hard, and they devalue the utility of usability too often and too broadly. Corporate execs don't want to be accused of being soft on security, so they support the bad technology and the IT-as-jail-guard mentality while quietly allowing employees to do what needs to be done to get the work done. (That's how PCs, the Internet, Salesforce.com, and iPhones got into the enterprise in the first place!)"
5 years ago, the user experience didn't really matter. If employees didn't want what IT provided, they had no other option. Today, their options are limitless and they are quick to move when IT screws up and slows them down.
The moral of the story? Security solutions that are rejected by users are meaningless. Don't talk about user experience, be about it!