Striking a balance between usability and security

By Simon Campbell-Young for Phoenix Distribution
Johannesburg, 28 Jul 2015

There are several facts that any organisation wishing to secure itself against hackers needs to face. Firstly, if a threat actor really wants to access your system he will. There are too many layers - called the attack surface - each containing their own vulnerabilities, essentially rendering total protection impossible.

Secondly, there is no silver bullet. There is not one, single solution available on the market today that offers 100% protection, and anyone telling you differently is lying.

So says Simon Campbell-Young, CEO of Phoenix Distribution. "Another harsh reality is that implementing security tools and solutions is only one piece of the puzzle. Too often, security severely impacts on usability, forcing businesses to tread a fine line, doing trade-offs between the two. Security is most often the loser in this fight, meaning that security without usability simply won't work."

The first thing security professionals need to look at, he explains, is a way to enable the business to do what it needs to do, safely. "This goes over and above making the activity itself secure, it must be secure in a way that doesn't impact on a user's ability to actually do what he or she needs to."

"Herein lies the fundamental paradox relating to information security. As security increases, the usability of the secured system decreases. Let's look at a cellphone. To completely secure a device, you'd need to turn it off and lock it in a secure place. 100% security achieved yes, as the cost of rendering the device 100% unusable."

He says finding a balance between effective security measures and usability of the data or system being secured is key. "While protecting an organisation's information is crucial, a workable, effective approach to security must ensure that the systems on which that data resides and the networks through which the data is accessed are both secure."

Some businesses adopt an 'in-depth' security approach, which sees multiple layers of protection being deployed at all layers - the network, e-mail, endpoint and suchlike. "All critical and proprietary data must be identified and accounted for when formulating a cyber security plan. Moreover, it is no use looking at data assets within the organisation only, but also data assets held by third-party partners such as suppliers and vendors. Too often a breach occurs because a third-party partner has been lackadaisical about security measures."

When deciding on security solutions and approaches, a business must bear in mind that any tools must address not only the security of the data, but its accessibility and integrity too. And paramount, is that security must not render systems or processes unusable, he says.

"Security officers need to identify the most critical assets and be aware of what measures are already in place to protect them. From there, they need to decide which risks are acceptable, and strike the balance between these risks versus reward. Ultimately they are on a mission to find a balance between business enablement and protection. Too often, usability is sacrificed, giving security a bad rap," Campbell-Young concludes.

Phoenix Distribution

Phoenix Distribution is currently the leading Value Added distributor of software, accessories and peripherals across the African continent, covering software publishing, localisation and product distribution across multiple territories in multiple languages.

The business is segmented into two divisions, namely corporate software licensing and retail product distribution, and Phoenix Distribution dominates the consumer and SMB security sectors through key brands which include: Norton/Symantec, AVG, Kaspersky and Bitdefender. Additional brands within the consumer-focused range include, Microsoft software and peripherals, Beats by Dr Dre, Trendnet Wireless products, Monster Cables and mobile accessories.

The corporate licensing division sells volume licensing into the enterprise and SMB reseller environments, as well as covering architecture and implementation. The ESD division delivers download content into all channels, including B2B and B2C.

The retail division delivers physical product into the retail environment, covering all mainstream ICT, CES, telco, lifestyle, fashion and sports outlets, as well as independents and online stores. This division delivers direct to outlets and or customers across sub-Saharan Africa.

Phoenix Distribution is growing at 70% per annum, with additional acceleration coming from development within the greater African marketplace, as well as the acquisition of significant high-end product lines within the enterprise arena. In addition, the company's UK business, PX Security, is firmly entrenched within the UK retail and SMB reseller environments, shipping product through trusted distribution partners into mainstream retail outlets and direct engagement with B2B resellers. The UK operation publishes and distributes Bitdefender, Webroot and Avast.

Additional bespoke services offered to partners include Electronic Software Distribution within the B2B and B2C environments, category management, training and end-to-end merchandising.

Phoenix Distribution, including the UK subsidiary PX Security, was recently acquired by First Technology Holdings.

For more information, visit www.phoenixsoftware.co.za, Www.pxsecurity.co.uk and www.pxsoftware.co.za.

For purchasing information in Africa, visit www.kasperskyafrica.com, www.kasperskyangola.com, www.kasperskybotswana.com, www.kasperskymozambique.com, www.kasperskynamibia.com, www.kasperskysouthafrica.com, www.kasperskydrcongo.com, www.kasperskyzimbabwe.com, www.kasperskyzambia.com, www.antivirusangola.com, www.antivirusbotswana.com, www.antivirusmozambique.com, www.antivirusnamibia.com, www.antivirussouthafrica.com, www.antivirusdrcongo.com, www.antiviruszimbabwe.com, and www.antiviruszambia.com

Editorial contacts

Striking a balance between usability and security

There is a fundamental paradox relating to information security in that as security increases, the usability of the secured system decreases, says Simon Campbell-Young, CEO of Phoenix Distribution.