How do I make the trade-off between ease of access to resources and user happiness? Is it possible to have a highly secure environment without overburdening users?
Security should never be a burden on employees or prevent them from doing their jobs. Unfortunately, many employees do not differentiate between their machines at home and their machines at work. Employees, who probably have authority over writing a check at home, still understand and tolerate the need for process and approvals when they request a purchase order at work. But they are often less tolerant of the need for business process and approvals of their computer activities. Computer assets are often seen as expendable because the value is often intangible.
So is a highly secure environment possible without being a burden on users or hindering their ability to do their jobs? Absolutely! Is it possible to have a highly secure environment without the appropriate business practices that control the use of your computer assets? No.
The key is education: If users understand why security is important, it’s much easier for them to grasp how having a secure environment helps the company. Make them part of the team that comes up with the solution. You can’t do that for every employee, but you can do an internal marketing campaign to help them understand why IT security is so important and what role they play in maintaining security.
–Steve Strout, CIO, Morris Communications