Reinforce Values – Design Monday

Archive for April, 2021

Reinforce Values – Design Monday

Posted by

Bas van Abel found his personal values in conflict with his technology use. Namely, his phone. He set out to bring these two into alignment and, in doing so, designed a phone and launched a company in 2013.

The Fairphone aims to be as socially conscientious as possible throughout the supply chain and throughout the lifecycle. Fair mining of raw materials. Fair manufacturing conditions. Fair trade. Also, dear to the hacker ethic? Repairable and modifiable. Build a fairer phone, build a fairer world, that was the design inspiration. You can listen to Bas van Abel on the TED stage: Changing the Way Products Are Made.

People have strong personal values. Companies have corporate values. Hopefully, these values are in alignment. Ideally, people and companies follow their values. If they don’t, well, then values aren’t much of a design consideration. But when we have stakeholders with strong values or a value-driven corporate culture, adoption of our security controls goes much faster and much farther when the security design reflects those same values. Before you think IT security can’t reflect values, remember people thought the same about phones before Fairphone.

It will take work to frame the initiative in terms of values. For example, imagine our initiative is a Zero Trust Architecture and our corporate values include an open culture and a culture of trust. At first glance, the security and the value are at odds. But hold on. What if we position ZTA to increase the openness where possible, while reducing access only where risky? Good. What if we use ZTA as a technology to codify a culture of trust? Better. This example is one initiative but the idea scales. We can design a full security program, say with NIST controls, tied to strongly held corporate values.

If it can be done with a smartphone, it can be done with a security capability. Reinforce organizational values to gain support, speed implementation, and further adoption.

Design reflects values. Photograph: Fairphone

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Good security is like a good coffee pot – Design Monday

Posted by

Coffee. Coffee fuels hackers, coders and security wonks alike. For hackers of my generation, we tackled many a problem and brewed many a pot with a Braun. And within its hourglass shape lies a lesson for today’s security professionals.

The chief designer at Braun from 1961-1995 was Dieter Rams. He was behind the ubiquitous Braun coffeemaker from the 1980s. (I had a hand-me-down pot in my workshop in the 1990s.) Now you might think the shape was for decoration. Makes sense. One of Dieter Rams’ ten principles for good design is that good design is aesthetic. You’d be wrong.

Attractiveness for the sake of attractiveness isn’t Dieter Rams point. His design aesthetic was first solving the problem, and then solving the problem in a beautiful way.

The hourglass coffeemaker’s shape stemmed from a problem with the plastic. Plastic casings were still relatively new at the time. The process wasn’t producing plastic that was strong enough. The fluting provided strength and structure. As Dieter Rams wrote, “what was often misunderstood as some kind of post-modern decorative element had in fact a definite structural function.”

Applying this to cyber security: first design to meet the security requirements, then redesign using the same elements to provide a good experience.

Braun KF 157 Coffeemaker, Photography via WorthPoint.

Good Design is Aesthetic

I’m nostalgic about Braun KF 157 coffeemaker. But I’m in love with the Braun KF 20.

The KF 20 was ahead of its time. It looked like science fiction. In the futuristic world of Alien set in 2122, there was the Braun KF 20.

Florian Seiffert designed the coffeemaker in 1972. Following Dieter Rams direction and principles, every stylistic element has a functional purpose. The end result is well-designed, well-intentioned, beauty.

“It is truly unpleasant and tiring to have to put up with products day in and day out that are confusing, that literally get on your nerves, and that you are unable to relate to.” Dieter Rams spoke of products like coffee pots. But he just as easily could have been describing security controls.

Good security has a design aesthetic that is relatable and understandable.

Braun KF 20 Coffeemaker, Image via Dan Gorman

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.