With more data now available to businesses about their customers, tailored user experiences have changed the online experience in many industries, such as e-commerce. The same has not occurred for security, however, and that needs to change, according to RSA Conference US program chair and author of The Plateau Effect, Hugh Thompson.
"When we think about security, it should be something that truly adapts to individual risk. And we've seen that happen in other industries," he said.
Speaking at the RSA Conference Asia Pacific in Singapore on Thursday, Thompson pointed to the e-commerce and insurance industries, which have already personalised their products and services to the customer's profile and behaviour. Websites such as Amazon provide a different home page for each individual user, he explained, using what information they know about their customers.
Likewise, insurance companies offer different premiums according to a customer's history, home address, and risk profile, he argued.
For security, however, Thompson said that the one-size-fits-all approach is taken, where the same measures are provided or sold to users, regardless of whether they are a paranoid information security professional, or a security-unconscious user at risk.
Bringing up Apple's customer support offering as another example, he said that even though he and his mother have completely different needs, they are both billed at the same rate.
"If they knew more about me, they would know that they could offer me that service for $20 and make $20 pure profit, and I would probably buy it because, hey, it's only $20. But for my mum, this baseline of $260 is probably right."
Thompson said that adopting a better model of security that caters to a customer's needs paves the way for an ideal world where security does its job, but in the background and out of the way.
To get there, he said that one of the necessary tools to use would have to be big data to mine information about how security conscious a customer is, and subtly changing the user experience accordingly.
"I'd ask you to challenge yourself to and say, 'What would the world look like if we're actually able to pull off some of these techniques? What will the experience for the end user look like?'"
Michael Lee travelled to Singapore as a guest of RSA