Texas A&M CIO emphasizes user experience in cybersecurity strategy

Per Information Week, Texas A&M University System CIO Vince Kellen argues that organizations must balance robust security measures with user experience to prevent users from circumventing controls.

Kellen highlighted that excessive authentication prompts, such as multiple layers of multifactor authentication, can lead to user frustration and workarounds, ultimately undermining security. He views zero-trust architectures as crucial for his system, which comprises 12 universities and eight state agencies. The core of zero trust, according to Kellen, involves managing access and monitoring network actions in real-time. This approach aims to embed security enforcement within the technology itself, reducing reliance on users to identify and act on every risk.

Kellen also applies this philosophy to securing agentic AI, suggesting that AI agents should be treated similarly to human users, requiring identity verification, visibility, behavioral monitoring, and policy enforcement. He expressed concern over "semantic drift" and "semantic malfeasance" in AI but believes behavioral monitoring, a practice already used for users and devices, can help detect such issues. Ultimately, Kellen stressed that technical controls, when made as invisible as possible to the user, are paramount for effective cybersecurity, compensating for human error and the inherent trust in human nature.

Source: Information Week