Does Customer Experience Drive Security, or Vice Versa?

If ever an idea caused security professionals to lose sleep, it’s the thought that end-users, not experienced security professionals, are calling the shots when it comes to security. The buzz-phrase for web and mobile applications (and even for internal business apps) now appears to be “customer experience,” and it’s the culmination of a multi-year, omni-everything focus on the user. Everything an organization says and does centers on the customer and ensuring that they walk away from every interaction with a feeling of positive satisfaction.

All sorts of factors—both personal and environmental—influence our experiences with products. The Interaction Design Foundation lists seven high-level experience influencers, and within each of those, there are probably dozens more depending on the situation. In the case of designing mobile applications that users will love, experience challenges are compounded by factors completely out of a brand’s control, mobile device performance and WiFi speeds topping the list.

Sometimes, security can stifle the experience. Users of applications and how they experience an organization’s presence and brand drive the applications we build, the frameworks that support them, and the technologies delivering them. Because ultimately, making the user happy is what’s most important, developers face tough decisions around accessibility, usability, and even basic UI design and functionality when it comes to limiting the threat landscape. Conventional wisdom urges a gathering of the minds (IT and security) to create secure software and applications, but for a variety of reasons, that isn’t always feasible.

In Ernst & Young’s 2018 Global Information Security Survey, 92 percent of respondents indicated having concerns around their own information security functions in key areas. Skills shortages and budget shortfalls comprised 55 percent of the top concerns. Still, though, only about 40 percent of consumer-facing companies have their own security operations center (SOC) and of those, many still outsource basic SOC functions, such as penetration testing (80%), threat intelligence collection (64%), and real-time network security monitoring (60%). 

The good news is that Forrester predicts:

  • Digital businesses will not be able to prevent incidents from happening.

Wait...that’s not good...

  • Infrastructure will break and systems will be attacked

Oh come on, this isn’t good news...

  • Digital transformation efforts will outpace organizations’ ability to accommodate changes related to security.

OK, so the GOOD news is that, much like antivirus software in the 90s automated virus threat monitoring and prevention, security automation built into low-code platforms can similarly help organizations focus less on the security minutiae and more on building great customer experiences.

How OutSystems Helps Automate Security

In addition to getting the best low-code development platform on the market, on every application built on it, OutSystems automatically applies more than 200 (and growing) risk and security controls covering the following categories:

  • Application protection
  • Continuity and availability
  • Data protection
  • Infrastructure protection
  • Policies and procedures

And by “application,” we mean any and all types of applications including web and mobile apps, and core software such as ERP and CRM systems.

Just for starters, OutSystems application, infrastructure, and data protection controls protect your applications from the OWASP Top 10 Most Critical Web Application Security Risks, as well as the OWASP Top 10 Mobile Threats. The policies, procedures, and governance in place ensure OutSystems compliance and the security of your software supply chain.

But as Forrester recognized, some organizations, “...will need to consider outsourcing commodity security monitoring and/or detection and response to third parties.”

For these organizations, OutSystems offers Sentry. Reinforced with additional security, risk management, and monitoring for a SOC2 Type II compliant low-code cloud platform (aka, certifiably really, really safe), OutSystems Sentry lets you further safeguard your most sensitive data, the apps that use it, and the business that depends on it.

But, enough talk. We’d like to show you exactly what OutSystems protects in our new interactive security infographic. Feel free to explore all of the ways OutSystems works to answer, “how secure is low-code?”

how secure is low-code - infographic

Now that you see how secure low-code can be, learn more about OutSystems enterprise-class features, including security, on our website.

Visit us here for more information about OutSystems Sentry.