{"id":230239,"date":"2026-06-11T15:45:00","date_gmt":"2026-06-11T19:45:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/11\/poor-ux-undermines-security-policies\/"},"modified":"2026-06-11T16:00:25","modified_gmt":"2026-06-11T20:00:25","slug":"poor-ux-undermines-security-policies","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/11\/poor-ux-undermines-security-policies\/","title":{"rendered":"Poor UX undermines security policies"},"content":{"rendered":"

Poor UX undermines security policies<\/a><\/p>\n

https:\/\/www.informationweek.com\/cybersecurity\/poor-ux-undermines-security-policies-says-texas-a-m-university-system-cio<\/a><\/p>\n

Publish Date: 2026-06-11 15:45:00<\/a><\/p>\n

Source Domain: www.informationweek.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. As users face a growing number of authentication prompts, security checks and compliance requirements, organizations need to pay more attention to the friction \u2014 and security risks \u2014 those safeguards can create.That’s the view of Texas A&M University System CIO Vince Kellen, who argues that implementing high-security protocols at the expense of usability and user experience no longer serves as an effective cybersecurity strategy.\u00a0The challenge, he explained, is protecting users without creating so much friction that they look for ways around security controls.\u00a0“Unless the [user] experience is wonderful, you can’t have high security,” Kellen said, in an interview with InformationWeek during the recent Cisco Live event in Las Vegas.\u00a0Without achieving both high security and high visibility into the network, together with a seamless user experience, “the user will invent ways around you,” he added.Related:Cisco’s Jeetu Patel on overcoming the ‘AI trust deficit’Security suffers from poor usabilityKellen pointed to multifactor authentication as one area where users are becoming frustrated with the hoops they have to jump through to access their accounts.”You go to sites, and it’s not just two-factor authentication \u2014 in some cases, it’s four or five,” he said. Layering multiple security technologies without considering the user experience can complicate cybersecurity programs and diminish their effectiveness.\u00a0That concern also affects how Kellen views zero-trust architectures, which he described as a critical part of his security strategy for Texas A&M University System. The network he oversees includes 12 universities and eight state agencies \u2014 each with its own CIO.\u00a0The key components of zero trust security are access and action \u2014 who has access to applications, and what is happening on the network (the action), he explained. For example, by using real-time packet inspection for threat detection and software-defined networking, an organization could flag an instance in which a user is attempting to share private data. This approach also speeds up response time to potential security threats.”The network will say, ‘OK, Vince, it looks like you’re transmitting HIPAA data. We’re going to immediately start to deploy real-time policy around your flows and your computer to redirect and change this,'” Kellen said.The goal is to move more of the enforcement into the technology itself, he said \u2014 rather than depend on users to recognize every risk or make the correct security decision.\u00a0Don’t fret about securing agentic AIKellen applies a similar view to securing agentic AI. He said he doesn’t “fret about agents” but views them in the same way as securing human users.\u00a0Related:Anthropic’s Mythos forces a rethink of vulnerability management”I try not to get terribly freaked out just because the thing is called an agent,” Kellen said.\u00a0He added that he does worry about “semantic drift” \u2014 models that gradually diverge from their intended behavior \u2014 and what he called “semantic malfeasance,” agents that act contrary to their intended purpose.\u00a0\u00a0Behavioral monitoring offers one way to identify agent or model drift, Kellen said, noting that organizations have historically applied such monitoring to users and devices.\u00a0For Kellen, securing agentic AI builds on many of the same principles CIOs already apply to users and devices. Agents still need identity, visibility, behavioral monitoring, and policy enforcement.\u00a0When it comes to encouraging behavioral changes in humans, Kellen said that cybersecurity trainings are useful for nudging users to comply with security policies, but training cannot carry the full burden of cybersecurity.\u00a0“The technical controls have to win,” Kellen said.\u00a0Users might chastise themselves for falling for a phishing attempt, but humans are naturally trusting by nature, he pointed out. As a result, strong cybersecurity policy and technologies are needed to compensate for human error.Related:Confidential computing resurfaces as security priority for CIOsTechnical controls also perform better when they’re “as invisible to the user as possible,” so measures like biometrics can increase usability.\u00a0But, Kellen added, “we’re still many years away from a real seamless [security] experience.”
<\/p>\n","protected":false},"excerpt":{"rendered":"

Poor UX undermines security policies https:\/\/www.informationweek.com\/cybersecurity\/poor-ux-undermines-security-policies-says-texas-a-m-university-system-cio Publish Date: 2026-06-11 15:45:00 Source Domain: www.informationweek.com Author: Using…<\/p>\n","protected":false},"author":1,"featured_media":230240,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt69509c9116440be8\/blt73c998857af3263e\/6a2afe47931d5bcf42f7938f\/kellen_vince_1280x720.png?disable=upscale&width=1200&height=630&fit=crop","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,25,27],"class_list":["post-230239","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230239"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=230239"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230239\/revisions"}],"predecessor-version":[{"id":230241,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230239\/revisions\/230241"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/230240"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=230239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=230239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=230239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}