Security and accessibility parallels

Padlock over a screenshot of logging code.

Security and accessibility have a lot in common. Not that tackling one necessarily helps the other, but the way you tackle them needs to be similar as they both affect the design and development from the start.

I do not claim to be a security expert, but it is something I keep an eye on and I have often been struck by the parallels with accessibility.

Just google ‘security advice for website development’, and you get lots of tips article like this on on computer weekly. You can then replace the word "security" with "accessibility" and it is just as valid. I'll grab a couple of quotes and replace the security concern with the <del> tag, e.g. security, and add the accessibility equivalent with the <ins> tag and brackets, e.g. (accessibility).

For example, would anyone be surprised if this were an accessibility quote?

"two-thirds of Web applications tested in 2011 were found to be at risk from cross-site scripting (have serious accessibility issues), and nearly one in five were open to SQL injection (completely inaccessible)."

The tensions with visual design are often felt by both sets of experts:

"I am not questioning the dedication or commitment to the initial goals by any of the people involved in the project, but because humans are visual creatures, the influence and requirements of the graphic design team quickly became all-encompassing, with security accessibility pushed down the list of priorities."

The main tips in the article can all be easily translated into accessibility equivalents as well:

  • Design can overwhelm security (accessibility).
  • Early in the project you need to identify processes that have the most potential to introduce vulnerabilities (accessibility barriers), and take strong ownership of them.
  • Separate the data from the view. Once a component within MVC has been tested and security (accessibility) has been checked, the component can be reused repeatedly. This approach enables each team to work with each other, while not holding each other up unnecessarily.
  • Get a two-week cushion. Theory is fine, but achieving security (accessibility) in the face of real-world pressures is a stressful challenge, but one that can be achieved with proper planning and perseverance.
  • Use a framework that has security (accessibility) built in. It doesn’t solve everything, but it makes the process a lot quicker. (I grafted this one in from a linked-to article)

Both security and accessibility are things that can affect the design of a website or app, need everyone to understand the implications, and are very difficult to retro-fit.

There are probably many more parallels but the key thing is that if your company has policies in place for security, shouldn’t it apply accessibility policies in a similar way?


Picture credit: yusamoilov on flickr.

Add a comment

Fields marked with an asterisk (*) are mandatory.