Context-based Personas for Security and User-experience

European Voices4 minutes readAug 15th, 2014

When implementing a mobility strategy, several aspects need to be considered. Most important is that the mobility efforts should support business objectives and should have measurable success factors. The organization itself should be ready for managing the mobile environment and handling all business and technical challenges with the correct structure and policies.

From a more technical point of view the management of the environment, devices, applications and users should be in place. The applications, which are the most important element for giving the actual business benefits to its users, should be provided, with ideally the support of a complete platform to be able to respond quickly to business requests. And within all these aspects, security has to be in place for making sure the right users have access to the right information.

It’s important to recognize that the mobile space is still rapidly changing, and that the different trends in the market and in technology can influence your mobile strategy. A persona-based approach within your mobile strategy is an important best-practice to be able to cope with the differences between users in your organization. Not every approach is right for all employees, and personas help you to differentiate your mobile services for each persona.  For example, BYOD vs. CYOD, application availability and security approaches all can vary by persona.

A “trend” that is in my opinion very interesting and getting more traction is to extend the persona approach by using the context of that specific persona to further refine the services provided to users in that persona. It is only by understanding the full context of a user (where the user is, how they are connecting and even the current time of day, week or month) that the dynamic nature of the user can be fully addressed.

It may make perfect sense for a user to have access to certain functionality and information while working in one context (e.g. secure WiFi in the corporate office), and be completely unacceptable for the same user to access that functionality or information in another context (e.g. unencrypted WiFi in a coffee shop). Gartner has created a nice definition in relation to this:

Context-aware computing is a style of computing in which situational and environmental information about people, places and things is used to anticipate immediate needs and proactively offer enriched, situation-aware and usable content, functions and experiences. More and more we are seeing this in our daily lives as a consumer.

For example, Google Now presents us, based on context, the right information at the right location and time, such as showing a boarding pass. Apple’s iOS8 will provide the user an application shortcut on the lock screen based on the user’s context. There are already implementations with iBeacon, which, for example, can offer consumers sunscreen when walking near a store when it is sunny weather.

Within the enterprise, this can, of course, also be used within the different mobile solutions to further improve the user experience and efficiency. For example, imagine a mobile application that shows a salesperson the right customer information from a CRM system when that sales person is visiting that customer. Beyond end user productivity, context can also be used in the field of security to provide flexibility in a persona’s risk profiles. One can think of, for example, securing a transaction differently for different business values, locations or employee status in real-time.  Some different context-related security aspects that can be implemented for mobile users are:

  • Authentication level, in which, based on the context, more or different factors are needed to authenticate;
  • Functional authorization, in which the user has more or less functionality available based on the context;
  • Information authorization, in which access to information is granted or blocked from the same system, depending on the rules related to the context;
  • Security responses, in which a SIEM (Security Incident and Event Management ) solution uses the context to detect and respond to security incidents;

There are many useful examples of context that can be used, especially within the mobility perspective, such as (indoor) location, connectivity with a device (wearable), online status and type of connection, sensor information, device type and status, etc. This extended with generic context information such as activity (calendar), employee status, and social elements (relationships), can provide a more flexible security approach.

In the near future, I expect to see context-aware security as well as context-enabled user-experience increasingly used in the area of mobile services. It is now the time to think about and discuss its possibilities and to see where it can provide business benefits within your mobile strategy.

Tags-   Mobile services Mobility Persona Security User experience