Latest Technology News

You are here: Home / Cyber Security News / Startup Security Tactics: Friction Surveys

When we do quarterly preparing, my crew categorizes our ambitions within just 4 evergreen outcomes:

  • Minimize the risk of facts security incidents
  • Boost have confidence in in Vanta’s information and facts security plan
  • Lower the friction brought on by information and facts security controls
  • Use security knowledge to help the enterprise

    • In this short article, I am likely to aim on selection a few: cutting down friction.

    Declaring your intentions

    There is worth in building “minimizing friction” an express goal of your security program. It sets the right tone with your counterparts across the firm, and is 1 stage towards constructing a optimistic security tradition.

    The initial time I offered these results in a firm-vast discussion board, I gained a Slack information from a senior leader who experienced just joined the firm:

    “excellent to hear about the security’s groups aim on taking away invisible security controls. Excellent philosophy for the security crew

    […]

    its just magnificent

    way too several security groups perspective security as an exceptional tradeoff in between workforce running electric power and security”

    Concealed friction

    From time to time, when introducing new security controls, you are earning a properly viewed as tradeoff in between security and user experience. There are a number of situations the place friction is just not so evidently recognized:

  • The friction induced by a security manage is not very well understood by you or your crew ahead of time
  • An specific outdoors of your firm is enabling security controls with very good intentions, but devoid of informing you or your crew
  • Staff attribute an troublesome manage to the security group, but it was basically executed for entirely unrelated good reasons

    • Every single of these eventualities final results in hidden friction. Concealed friction corrodes trust in your staff, and pushes your security culture towards negativity.

    A answer to hidden friction is the friction survey.

    Finding concealed friction

    At Vanta, we operate a bi-once-a-year staff study to uncover concealed friction. To stay clear of “study exhaustion” when personnel are also having polled through engagement surveys, we join with two other teams: Enterprise Engineering and Privateness, Risk, and Compliance.

    Each individual of our a few groups puts with each other a smaller variety of questions to superior comprehend how the enterprise views friction brought about by our perform.

    On the security workforce, we request 3 thoughts:

  • How would you fee the friction triggered by Vanta’s security controls in performing your working day-to-working day actions? (1-5 scale)
  • Make sure you describe how and where security controls have an effect on your do the job at Vanta.
  • Any other thoughts on or reviews about the Security Team or our operate? (We’d particularly appreciate to hear from you if you chosen 3/neutral or underneath for any of the questions over.)

    • The 1st time we ran this survey was in Q2 2022. We received positive scores, and not a lot actionable comments. I are inclined to search at this as a signal of minimal engagement, rather than a rave review.

    We ran the study once again in Q4 2022, and we had much much more attention-grabbing effects. We identified big resources of friction that have been attributed to security, but experienced very little to do with our staff.

    We also discovered that many people were functioning into issues with new authentication policies we had started rolling out. They failed to know what the anticipated move was, so when they ran into bugs requiring them to authenticate numerous periods per day, they assumed it was just component of the policy.

    Using motion

    As a end result of the survey, we put with each other a document to share with the business summarizing the outcomes and the actions we plan to get. We want to be as transparent as feasible. The goal is to make it apparent when something has friction because we created an specific tradeoff, when we created a error, and when there is further context that will help folks comprehend the controls far better.

    Benefits

    The friction survey is a valuable software in preventing versus the legacy norms of security culture. By obtaining optimistic functioning interactions with just about every coworker, we will be far additional efficient in the other results our workforce seeks to carry out.

    Around time, these results make for a powerful method metric and can be tracked as part of your KPIs.

    Note: This expertly contributed post is published by Rob Picard, Security Direct at Vanta. Rob Picard qualified prospects Vanta’s information security plan. Prior to becoming a member of, he was the founder of a Y Combinator backed security startup, a lengthy-time security guide, and created various security features at Robinhood. He enjoys applying the lessons he has discovered to support startups build present day, helpful, and efficient security packages. This report was originally posted on LinkedIn.

    Found this write-up intriguing? Adhere to us on Twitter ๏‚™ and LinkedIn to go through extra distinctive material we put up.

    Some parts of this article are sourced from:
    thehackernews.com

    Reader Interactions

    Leave a Reply

    Your email address will not be published. Required fields are marked *