The Power of the Default

On my way into the office this morning, I was listening to the consistently excellent a16z podcast series. Today’s topic was WWDC, iOS 9, and Apple Music, led by Benedict Evans and host Michael Copeland.

While there wasn’t much at WWDC in the way of security and privacy updates – most of that happened on the sidelines and on Twitter in the days leading up to Apple’s annual developer conference – Benedict did say something around the halfway point that reinforced an idea we’ve been honing here at Vera: the power of the default.

In the podcast, Benedict Evans was discussing Apple’s claim that globally, there are 3.5 times more users of the much-maligned Apple Maps app than Google Apps across active iOS devices. As the default mapping service on iOS, Apple Maps might not be the best possible navigation service, but it’s good enough. And, outside of the power user communities (I see you, Silicon Valley), there just isn’t enough incentive to search out, download, install, and learn to use a new application. As Evans points out, “If all you want to do is drive up and down the 280… and remember where the turnoff is” Apple Maps is all you need.”

In security, we’re always on the lookout for “Smart Defaults.” These are features and design elements that guide people in the right direction, nudging them towards better decisions. One great example of this is how Box sets permissions for newly created links. By default, all new links are set to “Company Only” for enterprise accounts. This is configurable by the admin, but it ensures that access to all documents uploaded is limited by default to known employees and trusted contractors. This both minimizes friction in collaboration and provides a universal level of protection against data leakage for the organization.

There’s more we can do to establish smart defaults for content created in the enterprise. Current defaults depend upon each individual in the organization using sanctioned services and tools consciously to apply the defaults. We believe we can go further, and invisibly apply smarter defaults at the moment information is created, edited, or shared.

Every company will have its own policies and standards for protecting information, but with the right rules in place, it’s possible to protect every document that’s created, attached to an email, or uploaded into a cloud sharing service with a basic level of encryption and protection. The trick to make this tenable for individual employees is to ensure that when every document is encrypted, protected, and trackable that those protections don’t interfere with the normal course of business.

To see how some of our customers are tackling this problem, check out the videos and case studies on our Customers page.

Written on June 10, 2015
by Grant Shirk
Tags:
  • Security