Friday, December 11, 2009

The 3 'C's in Mobile Website Design

One of the key movements in ensuring a consistent, meaningful, and overall enjoyable mobile website user experience is subscribing to the principles developed by the W3C - The World Wide Web Consortium - for mobile application development. The W3C is founded on the principles that the web should be accessible to all and on as many devices as possible. To realize this, the W3C body of knowledge has developed technical standards and best practices for the development, design, and content authoring. These standards are in the spirit of creating a "One Web" environment that is available on any device.

Creating mobile-friendly user experience can be challenging . The hardware and network capabilities of the end-user create constraints that should be considered when creating mobile content. The "One Web" principle attempts to level the playing field for all. Remember the 3 "C"s for mobile web development:

  • Content - the page layout and information architecture
  • Context - the reason a visitor is coming to the mobile site and their environment at the time of visit
  • Capabilities - the functionality native to the device for viewing the mobile website
Here are a few best practices to consider before building your next mobile website:

The type of content relevant to the desktop user may not be as applicable to the user on-the-go. Visitors on a mobile device aren't interested in browsing. Forget the notion of the "web browser" and think "web finder". Page layout, information architecture, and content syntax are the pillars of keeping a mobile website relevant and accessible for the mobile user.

Minimal navigation (preferably a top nav bar) is a best practice, so is keeping content as accessible with as few clicks as possible. Don't bury content too deep in the site. Keeping in mind that the mobile visitor has a very specific goal (i.e. an address, account information,traffic reports) put that content up front and make it easy to navigate. Less really is more when navigating a mobile website.

What is the mobile site visitor's goal? Understanding who the visitor is, why they are coming to the site, and the context in which they are arriving at the site is critical. Even the best mobile user experience fails if the content and context aren't spot on. For example, a bank cusomter accessing their bank account from a mobile device are probably not interested in learning about new product offerings. But rather, quickly locating a balance, performing a funds transfer, or paying a bill on-line. Keeping the content layout goal oriented and specific to the goals of a mobile user will create a useful web property for your customers.

Keep the site entry point URIs (Universal Resource Identifier) short. Typing a long string can be cumbersome on a mobile device. And it's important to consider that entry points may be from an email or text received on the mobile device.

Device capabilities are a huge consideration in mobile web development. While the W3C guidelines are based on device-neutral practices they also recognize the importance of checking for device capabilities (whenever possible) and fully exploiting them to enhance the end-user experience. Just as in the desktop world where all sites don't function the same in all browsers, the device a mobile site is accessed on can have a huge impact on the quality of the end-user experience if not handled programmatically. A few things to consider:

  • Not all devices support style sheets. Organize content so that it can be rendered in a an easy to navigate way without style sheets

  • Graphics and scripting capabilities- create text based alternatives for all embedded images and plug-ins

  • Color contrasting capabilities- information should be able to be conveyed with or without color.

  • Bandwidth is another consideration. The more graphically rich and content intense the longer it may take to render the site (and quite possibly,the more it will cost the end-user).

Limit user input requirements as input mechanisms on mobile devices can be small and cumbersome to use. Tabbing and creating pre-selected values are best. Where possible avoid free-text fields.

I've been in web development for most of my career and though the mobile outlet creates new challenges and opportunities, the basic planning and due dilligence required to make a site successful are the same no matter the outlet. Would love to hear about the challenges you've overcome launching your mobile website. Please add your comments below.

Thursday, December 3, 2009

Security sells: leverage your security program to boost sales

In today's competitive environment, with the increasing need to show a unique value proposition, a stellar information security program can offer a company a unique differentiator to discuss with their prospective customers. The information security function (along with IT) is typically viewed as a cost center, not a revenue generating arm of the organization. Security tactics are often viewed as a must-do line item to check off the list, not as a competitive advantage. Well, I'd like to change that mindset.

As an information security professional, it can be frustrating when achievements aren't recognized outside of the immediate team (let alone external to the organization). The problem isn't that security achievements are less important than other project achievements. On the contrary, security projects are often mission critical to helping companies avoid negative press, million dollar fines, and the loss of customers. The problem centers around lack of understanding of the value of security initiatives, and how they tie to servicing customers or generating company revenue.

Here are some thoughts on how information security professionals can shine a light on achievements, and position their work as differentiators a company can use to use to generate more revenue.

Sell Your Strengths: Think about what your company's security strength is and sell it. I'm not talking about giving away the keys to the farm and talking about HOW you are doing things. That would defeat the purpose of having security controls in place. But the basic standard of keeping the bad people out and enabling the authorized users to securely do business has many interesting facets, and there are many ways to achieve this level of security.

I like to call this the art of information security: What your company is doing + How they are doing it = The differentiator

Is it a sophisticated physical security turnstile badging system leveraging the latest technology to reduce manual intervention? Is it enabling your company's regulatory compliance through cutting edge processes and technology? Whether you are in the business of securing bank account information, human resources files, medical records, or customer credit card information, talk about what you are doing that makes your information security program a key to reducing operational waste and gives employees the time to focus on meeting customer expectations.

Case-in-point, one of my clients, a Fortune 500 bank for high net worth individuals and corporations, has a world class access control program in place. Their information security group designed a set of identity management (IdM) processes based on securely enabling business functions. To gain operational efficiencies in system access request and set up, they customized a leading IdM technology and automated much of their IdM workflows.

Why is this important to a bank customer? The SVP of Information Security can tell you why. He can articulate the value that this brings to a bank customer in terms that are meaningful to a customer -- speed of access to critical account reporting applications AND the reassurance that only those authorized are seeing the account information. He's called on by relationship managers to help sell the value of doing business with this bank and communicate the edge this institution has over another. The SVP has the soft skills necessary to navigate a conversation with clients and prospects. And the instinct to know what aspects of the information security program matter most to each client. These soft skills are really the differentiator for his company's information security organization. It's not just about what a security organization is doing but also about how they tie it back to meeting customer expectations.

Develop Soft Skills: Let's face it, information security is technical, and as a result the people that are really passionate about security tend to be very technical. But when that passion comes out in a way that's easy to understand and meaningful to those on the receiving end, you've got a value proposition worth telling would-be customers. The challenge is developing the soft skills necessary to communicate that value proposition. As an information security manager, it's just as important to develop the communication and soft skills in your staff as it is to keep them technically trained and abreast of the emerging threats. These soft skills also come in handy when communicating to executives the funding required to execute your security program goals and why they are important.

I recently had the pleasure of hearing Sara Santerelli, Chief Network Security Officer at Verizon, speak at a conference in October. Sara spoke about the duty that information security managers have to articulate a security program less in terms of tactics and more in terms of long term strategy. This helps executive management understand the drivers, which in turn gains their support and the funding necessary to execute. She also hit on the importance of alignment of your security plan with business goals and defining the trade-off between the cost associated with your security initiatives and the risk of not doing them. All of this articulation requires soft skills and big picture thinking.

Information security is a compelling value proposition if communicated in meaningful terms to prospective customers. In some situations, the CSO can be viewed as an extended arm of the sales team. Whether the title is CSO or VP of Information Security, the people within an information security organization can really help sell the benefits of doing business with the company. In a climate where standing out in the crowd matters, companies should look to their CSO for the extra push needed to turn a prospect into a customer.

How does your information security program help differentiate your company? Comments welcome!