Remote work will be a permanent scenario for many organizations, according to the CIO Pandemic Business Impact Survey 2020. This underscores the need for policies that secure remote data access without inhibiting user productivity.\n\u201cGiven the paradigm shift to remote work, companies must protect their IT infrastructure \u2014 including networks, application servers, and VPN access points \u2014 against distributed denial-of-service attacks comprehensively on all levels and across all platforms,\u201d says Mark Wilczek (@MarcWilczek), COO at Link 11.\nWe asked IDG\u2019s Influencer community of IT professionals, industry analysts, and technology experts how organizations can balance strong, secure access with user productivity needs. Striking the right balance can be a daunting task.\n\u201cUsers want to be secure, but even more so, they need to get their job done,\u201d says Larry Larmeu (@LarryLarmeu), Service Transformation Leader at Accenture. \u201cThe prohibitive legacy method of securing networks by blocking \u2018insecure\u2019 methods only led users to seek creative workarounds, often ending up with data breaches due to random unsecured cloud stores or corporate data ending up in personal email boxes.\u201d\n***Microsoft\u2019s Joy Chik and CSO\u2019s Bob Bragdon discuss the best approach to providing seamless end-user experiences without increasing risk to your organization. Watch here.\u00a0***\nProductivity and security begin with access\nThe IDG influencers say that striking the proper balance between security and user productivity begins with defining data and access.\n\u201cFirst, know where all of your digital assets are,\u201d says Tristan Pollock (@pollock), Head of Community at CTO.ai. \u201cList them out: Accounts, IP, photos, domains, etc. Make sure you have a vault of all of this information.\u201d\nNext, make sure the right people have the right level of access to the right data resources. That requires a shift in perception, says Jason James (@itlinchpin), CIO with Net Health: \u201cIf you ask any user, they will quickly respond they need full access to everything to do their job. Even as CIO, I do not have admin or root access to production environments, as there is no valid need for me to have such access.\u201d\nJames advises his peers to do their due diligence. \u201cWhile no one wants to impact user productivity, the greater risk would be to provide unnecessary access to silence a user request,\u201d he says.\nNext, create policies around data access, says Jack Gold (@jckgld), Principal Analyst and Founder at J. Gold Associates. \u201cKeeping data accessible while also keeping it secure and\/or private requires that data have a policy control mechanism, so that only relevant data is able to be accessed by individuals. You don't want to completely restrict data access, as many users can gain meaningful insights.\u201d\nGene De Libero (@GeneDeLibero), Chief Strategy Officer at GeekHive, agrees: \u201cWe've seen many instances where stringent security policies coupled with poorly managed company networks and improperly implemented digital asset management systems have contributed to a sharp reduction in employee productivity.\u201d\nDefining proper access controls is critical, says Ben Rothke (@benrothke), Senior Information Security Strategist at Tapad. \u201cFor example, even if a person has the funds in their account, they can\u2019t just walk into a bank branch and ask for their $100,000 in cash,\u201d he says. \u201cAmounts like that need advance notice, authorization, and preparation. Data needs to be managed, controlled, and secured in a similar manner.\u201d\nHowever, don\u2019t let access and control decisions become stymied. \u201cThe last thing organizations need today is analytics paralysis because no one takes ownership in defining the security and policies around digital and data assets,\u201d says Isaac Sacolick (@nyike), President of StarCIO and author of the book Driving Digital. \u201cA best practice is to assign data owners to define authorization, usage guidelines, data security policies, compliance requirements, and any data privacy, sovereignty, and regulatory concerns.\u201d\nUsing strategy and technology for data access\nThe IDG influencers recommend that once access definitions and policies are in place, IT and security teams can do two things: bake them into an overall data strategy and use modern tools to maintain them.\n\u201cSecurity needs to be part of the digital asset creation and maintaining process \u2014 ideally, seamlessly to not introduce friction and process latency,\u201d says Mike D. Kail (@mdkail), IT Director, Palo Alto Strategy Group. \u201cWhen security is a periodic, scheduled activity, that's when it tends to hinder productivity and cause contention amongst teams and users.\u201d\nWhen it comes to tools, experts recommend starting with a good data asset management (DAM) system.\n\u201cDeveloping a solid strategy for effectively deploying and configuring a digital asset management (DAM) system will go a long way toward providing the security and compliance corporate audit departments demand while fostering collaboration, improving workflow, and enhancing overall productivity,\u201d says De Libero.\nGold agrees: \u201cA good data management toolset will include the appropriate data policy enforcement capabilities, and should be a key part of any data strategy.\u201d\nNext, turn to solutions that make it easy for users to access the data they need.\n\u201cOrganizations can ensure their digital assets are secure without inhibiting user productivity by focusing on user experience first,\u201d says Will Kelly (@willkelly), Technical Marketing Manager at Anchore. \u201cThey should secure digital assets with single sign-on (SSO) or, better yet, a Zero Trust security solution on cloud collaboration platforms.\u201d\nOn the road to SSO, security and IT teams can take a number of incremental steps, such as deploying multi-factor authentication (MFA), to make things easier on users.\n\u201cSome enterprises are implementing \u2018remember me [MFA]\u2019 for 30-day stretches to improve the user experience without a security tradeoff,\u201d says Frank Cutitta (@fcutitta), CEO and Founder of HealthTech Decisions Labs. \u201cBut even more important, CISOs are trying to increase the interoperability of 2FA across disparate databases, warehouses, and edge devices so as to eliminate \u20182Fatigue\u2019 on the user and the system.\u201d\nOn the back end, deploy solutions with baked-in capabilities that help IT security teams more easily manage remote access.\n\u201cWhen it comes to safeguarding digital assets and avoiding business interruptions, it is generally important that modern security solutions are based on AI and machine learning,\u201d says Wilczek. \u201cThis allows any anomalies in traffic patterns to be detected in real time. Through automation, human error in mitigation is precluded\nKayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions, agrees: \u201cMicrosoft 365, for example, allows for automatic classification and labeling of unstructured data, but also permits users to provide a justification when the automation gets it wrong.\n\u201cCombined with automated data loss prevention, this can allow a business to easily enforce and report on policies for sharing non-public data both inside and outside of their organization,\u201d he says.\nAt the end of the day, IT should be an enabler. \u201cOften it doesn't have to be security vs productivity,\u201d says Pollack. \u201cIt can be secure productivity with the right tools. Put the time in upfront and you'll save countless hours on the back end.\u201d\nLearn more about how an identity-based security framework can reduce risk and improve workforce productivity.