資安洞見：由使用者痛點提煉創新來源

Security Insights: User’s Pain Points As a Source of Innovation

近年來，由於電腦病毒的演進，造成資安事件頻繁，資訊安全市場也因此大幅成長。資安軟體不斷地推陳出新，但是客戶卻對新產品與新服務興趣缺缺。這不但導致軟體廠商損失龐大的開發費用，也使企業持續地面臨電腦病毒攻擊與資安問題之恐懼。然而，為何詢問使用者後所開發的新產品，仍然不是客戶所需要的？本文以質性研究法調查一家電腦防毒廠商的新產品開發過程，分析使用者導向設計的迷思，並強調在地知識對創新的重要性。本研究透過四個案例，分析在地脈絡於創新中的角色，以及如何由在地知識找出使用者在該組織中的獨特痛點，進而找到創新的機會。使用者雖然是創新的來源，但是本研究發現，使用者並不一定能知道自己的需求，唯有瞭解他們的工作實務，以及使用者在特定工作情境中的痛點，才能化痛點為創新的亮點。本研究由在地脈絡之分析補強使用者導向創新理論之不足，同時也點出資安文獻中過度強調資訊安全技術，而忽視人性議題的缺失。最後，本文也將說明如何以在地脈絡進行產品與服務創新的實務做法。

The rising numbers of computer viruses and information security breaches have led to the growth of managed security services market in the recent years. Although security software firms have continued with the development and sales of new products, it has been a constant challenge to design a product that meets the customers’ expectations and requirements. To examine this problem, this research deploys a qualitative approach to analyze the product innovation process in a security software firm. Through the in-depth analysis of four selected case studies, our findings reveal the significance of local context and work practices in capturing the customers’ pain point from the viewpoint of user centric innovation. Furthermore, we demonstrate that the analysis of local context and work practices is valuable in the situation where the user requirements are unclear. We conclude with implications on the area of user centric innovation and information security literature, and for practices on how product developers can incorporate local knowledge and work practice into the innovation process.