Psychology and Security

Of course it always sounds more valid when someone like Bruce Schneier says it (read article here) but psychology as a influencing factor in IT is something that really needs to be understood as we build solutions. Indeed, the randomness and sometimes inexplicable behaviour  humans are prone to exhibit plays a huge part in derailing many would be great IT initiatives. 

I would say that this concept is furthered by the discussion raised by Harvard’s Andrew McAfee in his latest article “Mastering the Three worlds of Information Technology” .  Mr McAfee points out:

“The biggest mistake business leaders make is to underestimate resistance when they impose changes in the ways people work.”

One of the biggest reasons for this resistance is fear, uncertainty, and doubt; some of the strongest psychological factors that affect human behaviour.

So what do we do about this?  How do we deal with or manage the psychological factors?  Well, I cover some of my ideas in my presentations on TRUST and identity management.  But really there needs to be a industry wide re-thinking of how we deploy and manage IT. 

I know you have all heard me say it before but concepts such as Universal Design, Human Interaction, Social Interaction must come to the forefront of our designs.  Indeed, much of the “backend” technology is becoming commodity or disappearing into the realm of Software as a Service/Web 2.0.  This doesn’t meant we do not need to focus on these elements when building our solutions rather we must start to bring the user experience (which has the greatest influence on psychological factors) to the forefront