The Friction Affliction

Author: 1 Comment Share:

Reformed burglars will tell you that leaving the TV on at night is a better theft deterrent than the best alarm system.

Most of us don’t think of our television as a security device, let alone a better security device than an alarm system, but let’s walk through its cascading impact:

A would-be burglar looking for a home to rob, upon seeing the TV light through window curtains will assume someone with a vested interest in protecting their property is present, will likely choose a different target.

Beyond locks, there are incremental investments that can be made in security, but each carries a cost. While I don’t believe anyone has done an ROI analysis of nighttime TV-as-theft-deterrent power consumption costs vs. the monthly price of an alarm system, we are talking about defense in depth. The Greenwich Study of Residential Security found that those “Protected by ACME alarm” lawn signs are over 66% more effecting at deterring burglars than the alarm itself, because thieves would be deterred by the idea of an alarm prior to actually breaking in and setting the alarm off.

Ownership of an alarm system brings with it financial and physical obligations: A monthly monitoring fee, and the physical commitment to turning the thing on when you leave, off when you get home. So you are introducing some friction into your life in order to protect yourself and your belongings.

Same goes with getting a guard dog.

And hiring a personal body guard.

And putting up an electric fence around your house.

Each additional investment incurs friction in your daily life. What are the productivity sacrifices you are willing to make in order to be secure “enough”?

When it comes to endpoint protection, incremental security technologies and policies have introduced so much friction to the end user experience in enterprise IT that employees feel handicapped by them. In a survey of executives, 84% of respondents said they believed cybersecurity was making it more difficult to work, most saying timely access to information and the basic performance of their computers were the biggest obstacles.

It shouldn’t come as a surprise then that the respondents confessed they often circumvented information security tools and policies when time or location-sensitive tasks arose:

“When denied access to information they need for work, 65% of executives admit to using at least one unauthorized method to get the job done. By a wide margin, the most popular workaround to cybersecurity restrictions is the use of a non-agency device to access sensitive information or data that would otherwise be blocked by a government machine or would take too long to access. Forty-two percent of respondents say they have done this.”

Circumvention is the greatest security risk of all, and friction is its catalyst.

At Bromium, our goal is to create low-friction, defense-in-depth solutions that both protect endpoints from attacks and enable end users. Our vSentry product was designed to be un-cumbersome, enabling employees to browse to any site or open any document without fear of compromise to enterprise information or infrastructure. Our approach is holistic, focusing on user requirements rather than infrastructure layers. We want to help reduce the friction between employees and IT, and to avoid circumvention by providing an ergonomic, inherently secure endpoint.

Previous Article

The Absolute Impossibility of White-listing

Next Article

ISSA Journal: Heap Sprays to Sandbox Escapes

You may also like

1 Comment

  1. Friction is a great way of describing user pushback to security controls, great article Tal. The analogy you give and terminology can be applied to many of the technologies that IT is implementing today.

Leave a Reply

Your email address will not be published. Required fields are marked *