Alan Cooper, in his book The Inmates are Running the Asylum, draws a distinction between user-centered design and user-driven design. User-driven design is about collecting, prioritizing and implementing a system to the user requirements – we’ve all been seen software development projects where the requirements spiraled out of control and the project was a painful flop. On a project like that – it’s best to detect the warning signs early on and bail out in order to save your sanity and reputation.
User-centered design, on the other hand, is about listening carefully to the user and implementing friendly, reliable, fast and secure software that meets the user business requirements.
There is a lesson to be learned here for data security and data loss prevention –
Data security compliance is like user-driven design of security systems where the regulator and the card associations are the users and we’re the clients of the security systems they design. It’s spiralled out of control, but no one has the option to bail out. If I had one request to make to President Obama – it would be to take his populist, lets-all-work-together approach to the business of cyber security and corporate governance – and listen to the clients, not the DC lobbyists from companies like Raytheon and VISA. He will hear a message of “Go Tell It On The Mountain” that we need less regulatory compliance and more comon-sense data security.