Insight by Okta

CX Exchange 2023: Okta’s Sean Frazier on why security needs to be like wallpaper

Today, people want digital services to give them access in no more than two clicks in 10 seconds. That’s why, says Okta’s Sean Frazier, security for governm...

When it comes to how agencies improve their services to citizens, cybersecurity should be like wallpaper.

If you don’t notice the wallpaper, it just enhances the room. And you don’t really know why the room is enhanced is how Sean Frazier, chief security officer for Okta, put it.

But if you notice the wall paper, it’s very distracting, he said during the Federal News Network 2023 CX Exchange.

“Users don’t see the security unless they need to see the security because something bad happened,” Frazier said. “Now that we’re all in this interconnected world, we’re basically all connected to the same network so that all the bad guys and all the good guys are sitting on the same network. Attackers don’t have any more hoops to jump through to get to my website than my users do. Because of that and, in that context, you have to think about security from the ground floor. As I’m building this application, what is the best security I can provide, and how can I either use that to enhance my user experience or at least not detract from it?”

Better technology at the network and user levels combined with demand from citizens that government services act more like commercial ones is driving this new view of security and customer experience.

People want easier interactions online

Frazier said people increasingly are demanding that they do no more than two clicks in 10 seconds to get access to the service they are seeking. If it takes more clicks or time than that, a user might balk and quit out of an application.

The challenge comes in addressing the diverse users for many government apps, he said. Users of public services run the gamut: young, old, tech savvy and not so tech savvy.

For the less tech savvy, “they need things to be a little more streamlined for them because they’re having to get access to their retirement benefits or something, and they don’t want to have to jump through hoops,” Frazier said. “The problem with that is that they’re going to create a helpdesk call, or they’re going to not do it, or they’re going to go into a physical building and have to talk to somebody, which is an added cost for the entity.”

Many private sector companies rely on back-end technology to achieve the two clicks in 10 seconds concept now, he said. He cited as examples the use of Fast Identity Online (FIDO) Alliance 2 standards, which were developed by an industry consortium, and Passkey, a password replacement capability that provides fast and secure sign-ins.

Creating apps that empathize with users

Frazier said the other thing companies are doing that agencies should pay closer attention to is how to build in empathy for users into their applications. This requires a cultural shift to make users and security equal priorities.

“What the pandemic did was it lit a fire under the connection between security and customer experience because it forced us to take into account this modality of access that matters completely 100% of the time. We were already heading in that direction, but the pandemic just moved us a little further a lot faster,” he said.

The evolution of technology, with applications and data workloads moving to the cloud and people being more mobile than ever, was already driving toward that need, Frazier said. “Because of all that, we need to as practitioners to adapt to where the users are and meet the users where they are.”

 To read or watch other sessions on demand, go to our 2023 CX Exchange event page.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Stacy Bostjanick and Jennifer Henderson

    Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

    Read more
    Amelia Brust/Federal News Networkcybersecurity

    How should software producers be held accountable for shoddy cybersecurity products?

    Read more