Balancing Security and Usability: Procyon's Innovative Approach

Once anyone works in the area of security for a while, a few things start to emerge very quickly: a) everyone wants to ensure their product/deployment is secure, but b) user experience must not be compromised. This delicate balance between security and user experience often poses a challenge. However, this also creates a conflict between security and ease of use.

Traditionally, highly secure solutions often make a product almost unusable because they are difficult to use. For instance, let's consider the login flow (e.g., OAuth), where a very secure solution would involve short-lived Access Tokens generated after user authentication, lasting only a few minutes. However, many systems opt for tokens with extended lifetimes. The reason behind this decision is simple: if users are required to enter credentials every few minutes, it leads to frustration, rendering the product almost unusable. On the other hand, a longer token expiry period introduces a significant vulnerability window, allowing attackers to steal the token and launch remote attacks.

Every security professional has examples of instances where they had to compromise on security to address ease of use. After all, what is the point of having strong security if it renders the product unusable? Nonetheless, it's crucial to remember that the effectiveness of any security measures is only as strong as its weakest link.

At Procyon, we recognized this struggle between security and ease of use from day one. That's why we have implemented continuous authentication of users by utilizing mutual TLS, where the user's private key is securely stored in a TPM/Secure Enclave. This approach eliminates the need for long-lived tokens. With our system, customers can easily disable access to various services (e.g., AWS CLI, AWS console, GCP CLI, Azure CLI, SSH, database, kubectl) in the event of a lost device or when a user leaves the organization. Disabling the device or user takes only a moment, effectively preventing incidents such as accidental or intentional deletion of servers after leaving the organization. For additional information, please visit www.procyon.ai.