This week I am in picturesque Park City, Utah for the annual event, SecurityXchange, which is celebrating its 10th anniversary this year. When traveling to industry events, it is always interesting to see who ends up driving you to your event. This trip I had the pleasure of making the hour drive from the Salt Lake City International Airport with a driver who had a bone to pick with me about a new security system being implemented at the Salt Lake City International Airport.
It started with one of the inevitable first questions a driver usually asks: “Are you here for business or pleasure?” When I answered that I was here for a security event, he proceeded to fill me in on his woes with a new badging system being implemented for drivers at the airport. Drivers were being required to carry a badge and also stop and enter a PIN when entering the airport.
He was frustrated with the process and couldn’t understand why he was being required to take the extra step of stopping his vehicle and entering a PIN as he entered the airport to pick up passengers. “I already carry a badge. Why isn’t that enough?” he asked.
I remembered having a conversation recently about the value of dual authentication security. While sometimes it combines “what you have” and “who you are” (through biometrics), in this case it was combining “what you have (the badge)” with “what you know (the PIN).”
I tried to explain the benefits of the dual authentication to the driver and the light bulb went off. The process of entering his PIN, once only an inconvenience, now had more value.
It just showed me that communication — clear communication — about something’s value and why it done a certain way is very necessary. More importantly, it just can’t be communicated to the end user implementing the system; it also has to be communicated to the "everyday" user — the person actually punching in the PIN, swiping the card in the reader, using the biometric device, etc. The driver hadn’t received clear communication about why he was being required to take an extra stepand its purpose.
Thankfully, at SecurityXchange, there is a high emphasis on communication. With 325 meetings happening over the next two days, it is fairly safe to assume there’s going to be a lot of communication taking place over the next two days about why products are designed the way they are, what their benefits are, etc. I’m sure it is going to make for some very interesting conversations.