So Entrust Datacard had an interesting presentation today about the need for simplicity in the identification (and authentication) of users. I wholeheartedly agree with the need for simplicity in the security solutions we provide, though I think some additional points need to be made to what they are saying.
The presentation focused on how users need to have simple authentication mechanisms so they don’t need to be re-educated as we move away from the mindset of the desktop to one centered on mobility. I agree that this is important; that users need to be able to login in ways that are both obvious and simple, and ideally consistent across the possible set of devices they interact with the service from. Inconsistent interfaces and expectations create confusion and end up limiting the usage of the system in question.
But I think they miss another key point, which is that we also need to simplify the management of these systems. While it is pointed out that there is a need for systems that are flexible, so you can integrate legacy systems with newer authentication methods, or have one system to provide authentication services to a range of services, this doesn’t address how these systems need to be managed. Like everyone else, administrators are being asked to do more with less, and as a result, this means less time being an expert on each system, less time for babying the systems, and the need to streamline the management functions used for those systems.
Today it is not generally possible for an administrator to be an expert on each system they are installing and maintaining, not do they have the time to manage these systems in such a manner even when they are experts. Instead they provide just enough time to get the system to a usable state. This can leave administrators and organizations needlessly exposed since the administrator may not have the time (or expertise) to close gaps in the security of the system.
In short, if we can’t create solutions that provide the administrator with a simple, easy to understand and manage system, one that meets their needs, then we are failing. Without a simple administration capability in place, even the simplest end user systems get bogged down in the management, well before they can ever get to the point of finding out whether the user thinks the capabilities are simple or not. If you can’t deploy it, the simplest end user system in the world can never be deployed.