Typically, product managers are responsible for three things: strategy, execution, and user research. But this isn’t always the case. Some businesses might conceive of the role slightly differently.
For example, a strategy or executive team may decide what new products get built and leave the day-to-day execution and user research to product managers. At other organizations, like startups, the sales of marketing teams might determine a product’s direction based on feedback from prospects.
Regardless of how strategy, execution, and user research are distributed within an organization, a successful product manager should be able to understand all three of these functions.
Why?
Because every phase of product development is an opportunity to mitigate potential issues later on. Making security a key component of your worldview could mean the difference between a successful product release or a major delay in production.
Why Information-Driven Design Matters
In the old worldview of product development, data and security were considered an afterthought. To demonstrate, let’s examine Veracode’s State of Software Security Vol. 10 report.
Veracode found that 83% of 85,000 tested applications contained at least one security flaw. Many had more, as the research uncovered a total of 10 million flaws, with 20% of all apps containing at least one high-severity flaw. Big yikes.
All this to say, the sooner you can find security issues and fix them in the development process, the safer your enterprise will be. And other companies will take notice, as your brand becomes synonymous with trust.
That’s why today’s product development includes data scientists and cybersecurity experts. These individuals help by contributing data-driven insights while restricting the information that is revealed to the outside world for potential misuse.
What Product Managers Can Do to Empower Their Company’s Security
If you work at a smaller company or startup, chances are you may not have a data scientist or security expert on your team. Product managers aren’t typically security experts. That said, understanding where to address security concerns during product development is crucial.
So, let’s go back to the three major responsibilities of a product manager and identify where security can be assessed.
The Strategy Phase
Strategic thinking means looking at the big picture and asking some big questions. What are we trying to achieve? What do we want our end-users to achieve? From the beginning, the driving force behind value creation, like competitive analysis and market research, is strategy. It’s also where potential ideas are developed and eventually tested.
So where does Information security play a role? Simple—always consider the security of every feature or function that you’re building into your application. More specifically:
- How is this going to touch my data?
- How is this going to impact my infrastructure?
- How do I protect this new piece of data that I’m going to be collecting?
Whether you’re looking at building a mobile app, a B2B SaaS platform, or adding an API, the same questions apply. Other ways to define security considerations are to leverage your company’s InfoSec Policy. This will ensure your team is aware of how to handle customer data, especially if you’re dealing with very sensitive data like health information or PII.
Execution
This phase of development is about ensuring products get made. While digital design and software engineering are big components of this phase, a product manager’s overall technical proficiency is necessary. Having technical proficiency provides context and allows you to understand your technical limitations.
For example, if you work in e-commerce, you need to understand payment technologies. In order to implement information-driven decisions, many product managers are required to be proficient in tools like Google Analytics, JIRA, GoodData, Tableau, etc. And many of these tools handle customer data. Here, data awareness is critical.
When your team is executing a product and collaborating, you need to make sure customer information is always secure. Data awareness doesn’t need to be complicated. It’s can be as simple as understanding where certain data lives, who touches it, who has access to it, and making sure only the appropriate people have that access. Some basic safeguards you can implement right now include strong passwords, secure laptops, and strict email usage practices.
User Research
Lastly, let’s take a look at the user research phase when a product manager seeks to understand and measure user intent and action. By implementing information-driven design, you can gather plenty of the rich, contextual information you need without compromising privacy or security.
Whether you’re conducting a focus group, useability test, or survey, there are many ways to collect and store valuable information safely and securely. By assigning a unique code to a user, for instance, you can conceal their identity and any information that isn’t personally identifiable. Another technique is to use a one-time link generator with links that expire after the assessment starts. This is a great way to understand user behavior through an unbiased lens while also maintaining secure practices.
The Benefit of Information-Driven Design
As discussed at the beginning, security is now an integral part of the product development process. Using the principles of information-driven design has some great benefits:
- Faster time to market: By identifying potentially sensitive information early on, you can put controls in place that mitigate attackers from getting access.
- Better insight into your target market: Implementing tools that make users anonymous allows you to get unbiased, and therefore, more accurate information.
- Win trust with vendors and customers: Data breaches are top-of-mind for many people, so businesses that can prove they’re taking security seriously are going to differentiate themselves and earn more trust with consumers.
Your company’s security shouldn’t be an afterthought. True security is continuously compliant, which means you need tools that are constantly evolving to meet the ever-shifting security landscape today.