Truth #2 Security Can’t Come at the Cost of User Enablement

I was talking with a customer the other day, an IT guy (yes, I know there are “IT gals” out there – but this one happened to be a guy), and one of his statements struck me. He said…

“The world I work in today is very different from five years ago when I told the business what devices, apps and services they could choose from, and they listened – well mostly listened. Now it’s the business telling me what they need to be successful, driving very specific requirements and making technology recommendations. We in IT have to adapt to the new world and find new ways to be flexible in delivering apps and services.”

I hear this story often from IT practitioners who’ve had to adapt quickly to the changing digital dynamics of cloud, mobility and social technologies. I also hear that, as consumer trends push business technology practices, there is one critical component that can’t be overlooked at any cost: security.

This leads me to the next security topic in my Five Important Truths about Digital Workspaces in a Dangerous World blog series – Security can’t come at the cost of user enablement. Or, what happens when security and individual productivity collide? 

Frustrated Users Will Find a Way. Always.

In principle, IT controls technology resources based on requirements defined by the business. But then there’s reality. With cloud and mobility, users are more capable than ever of making their own technology decisions and purchases, and few have real qualms about using their personal, consumer-market technology for work. The uncomfortable reality of this is:workers aren’t making buying decisions with security, compliance, maintainability, integration or other things that IT cares passionately about, uppermost in their minds. They just want to get work done quickly and easily.

People are placing an ever increasing demand on IT for faster, better and more nimble solutions. So how can IT respond while still driving best practices around security and compliance?

You may think this is rare but recently it was revealed by The New York Times that, while Hillary Clinton served as Secretary of State in the U.S., she didn’t use her state department email but her personal email address. How many of your fellow workers are using DropBox, Google Drive, or other unauthorized cloud technologies for storage and document sharing? Most people don’t want to be their own “IT department,” but if they feel a personal technology like Google will help them get their jobs done a little faster, they’ll use it in a heartbeat. And sometimes – let’s be honest – they do it just because it’s too difficult to get what they need from their own IT department. Either the process is too laborious, the choices are too few, or they just “need it right now.”

Recognizing that each unapproved application or device inside your network opens you up to more vulnerability, IT needs to be able to respond quickly to the needs of the business. Give people the technology they need when they need it, so they don’t go looking for a quick and easy workaround.

Securing the Agile Workforce

It’s true. “Security can’t come at the cost of user enablement.” This means that as you invest in security practices, keep the user experience front and center. For example, consider these questions.

• Speed – Have my security protocols impacted how quickly my fellow employees can access the apps they need to be productive? Or do they actually slow them down – especially when they’re reacting to customer, colleague and partner demands?
• Accessibility – How easy is it for someone to request access to apps and services? Is it as easy as finding a potential solution online, from a consumer website?
• Ease of use – Are my security protocols really seamless? Or do they sometimes cause the worker a moment’s delay?

People today have alternatives – many more than ever before. If you don’t keep the user at the center of your security plans, you’re at risk of them abandoning your own procedures and protocol. So in effect, a new method of locking down a security vulnerability can actually put you at greater risk by creating a new one – by giving your workers a motivation to find a workaround.

For more of the 5 Important Truths about Digital Workspaces in a Dangerous World, stay tuned for my next blog, Truth #3 – Forget about being reactive, or even proactive. Today, IT must become Predictive.