Consumer convenience critical in security framework

Consumer convenience should be a key consideration in improving the framework for digital security, says senior executive at security device maker Gemalto.

Consumer convenience should be a key consideration in improving the digital security framework, says senior executive at Gemalto.

Martin Mc Court, South Asia president for the Amsterdam-based security device maker, told ZDNet Asia in an interview that it is important to embed components that do not hamper consumer convenience when implementing security tools, such as the two-factor authentication platform currently used by banks in Singapore to fight phishing attacks.

Mc Court said: "It is not just a matter of [providing] consumer convenience... If you don't make it convenient, people are going to bypass the security [tools] by repeating the passwords or writing them down, which defeats the [intended] purpose. So, it's really got to be both secure and convenient for the security [strategy] to work.

It is this focus on convenience that the use of banking cards or mobile phones, that are secured or locked with a PIN (personal identification number), has been so successful, he said. "It's relatively straightforward [and] I think people can manage that," he added.

"But if you end up with 20 institutions to deal with, and each has a different system and uses different passwords, it'll kill [the use of such services]," Mc Court said, adding that there will then likely be "huge resistance from consumers to adopt it".

"I think the challenge for everybody [in the security industry] is [that] you want to make people's day-to-day digital interactions convenient and secure," he said. "You can have [a high level] of security--the defense industry, [for instance], has a huge diversity of security for decades, but it's not exactly convenient. So how do you make it easy-to-use and very secure?"

"[It's] definitely a balance between convenience and risk [and] in the end, the issue is [about] how much risk either you or the institution you're dealing with is willing to take," he added.

Security on-the-go
Gemalto in February launched a new portable USB digital security device that the company said will let online consumers make digital transactions securely.

Dubbed the Gemalto Network Identity Manager (NIM), the "self-contained" browser-based network security device creates a PIN-protected digital safety zone, preventing malware lurking in the PC or on the Internet from launching an attack, according to Gemalto.

Touted to be the first portable security device based completely on existing Internet standards such as TLS (transport layer security) and SSL (secure sockets layer), the USB security device--when plugged in--establishes an encrypted, mutually-authenticated browser session directly between the user and the other party, said Gemalto.