Poor UX undermines security policies
Poor UX undermines security policies
Publish Date: 2026-06-11 15:45:00
Source Domain: www.informationweek.com
As users face a growing number of authentication prompts, security checks and compliance requirements, organizations need to pay more attention to the friction — and security risks — those safeguards can create.
That’s the view of Texas A&M University System CIO Vince Kellen, who argues that implementing high-security protocols at the expense of usability and user experience no longer serves as an effective cybersecurity strategy.
The challenge, he explained, is protecting users without creating so much friction that they look for ways around security controls.
“Unless the [user] experience is wonderful, you can’t have high security,” Kellen said, in an interview with InformationWeek during the recent Cisco Live event in Las Vegas.
Without achieving both high security and high visibility into the network, together with a seamless user experience, “the user will invent ways around you,” he added.
Security suffers from poor usability
Kellen pointed to multifactor authentication as one area where users are becoming frustrated with the hoops they have to jump through to access their accounts.
“You go to sites, and it’s not just two-factor authentication — in some cases, it’s four or five,” he said. Layering multiple security technologies without considering the user experience can complicate cybersecurity programs and diminish their effectiveness.
That concern also affects how Kellen views zero-trust architectures, which he described as a critical part of his security strategy for Texas A&M University System. The network he oversees includes 12 universities and eight state agencies — each with its own CIO.
The key components of zero trust security are access and action — who has access to applications, and what is happening on the network (the action), he explained. For example, by using real-time packet inspection for threat detection and software-defined networking, an organization could…
