In an effort to lock down agency data and control access points, cybersecurity professionals in the federal government fail to consider the experience of end users, who say security policies are burdensome and often resort to workarounds. Are strong security protocols actually making the federal government less secure?According to a new study by MeriTalk, federal cybersecurity professionals are so focused on implementing rigid policies to lock down data that they often ignore how those rules will impact end users within their agencies.The result, perhaps predictably, is that many government workers resent the burden that security protocols impose, complaining that they are time-consuming and hinder productivity, while nearly a third say that they regularly use a workaround to circumvent the security roadblocks. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Respondents to the MeriTalk survey, which was underwritten by cloud provider Akamai, noted a direct correlation between onerous security policies and a lack of compliance. Small wonder then that security professionals said that nearly half — 49 percent — of federal security breaches can be attributed to end users not complying with the policies in place at their agencies. “More security rules, more security tasks and more security delays have done little to drive more user buy-in for cybersecurity,” Tom Ruff, vice president of Akamai’s public sector division, said in a statement.Security Is Important, but &. For the survey, the government IT consortium MeriTalk polled 100 cybersecurity professionals within the government and another 100 non-cyber workers to arrive at a comparison between policies and the ways that they are put into practice. It’s not that government workers don’t appreciate the importance of security. Ninety-five percent of respondents — cybersecurity workers and end users alike — agreed that maintaining strong security is critical to their agency’s operations, and 98 percent said that security is everyone’s responsibility.So if the spirit of shared responsibility is there, the new report argues that cybersecurity professionals need to better attune themselves to the day-to-day challenges that agency workers face.“Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries. It is a team game, and better support for users will deliver better results for security,” Ruff said.The increasing sophistication of cyber threats and the new IT initiatives agency CIOs are pursuing across the government add a sense of urgency to harmonizing security policies with end user behavior. For instance, 74 percent of the cybersecurity professionals polled said that they are unprepared for an international attack, and an equal number said they aren’t equipped to adequately secure access to mobile devices. Then 70 percent said that they aren’t prepared to secure cloud environments, and 70 percent also said they aren’t ready to fend off a denial-of-service attack. At the same time, half of cybersecurity workers polled said that they anticipate that their agency will be the victim of a DoS attack in the coming year.The severity of those challenges, along with the general feeling of unpreparedness, has impelled cybersecurity professionals to implement more rigid policies to lock down agency data and restrict access. Seventy-four percent of security pros said that preventing data theft is a top priority, meaning that it merits a nine or 10 on a 10-point scale. More than half of respondents said that a secure Web strategy, maintaining and upgrading security systems, rolling out fresh cybersecurity protocols and mitigating DoS attacks were each similarly important. But just 40 percent named a user-friendly experience as a top priority.That apparent imbalance has been a source of frustration within federal agencies. In the polling of end users, 66 percent described their agency’s security protocols as burdensome and time-consuming, and just a shade more said that it takes longer to complete certain tasks because of the security roadblocks. Thirty-one percent of respondents said that they navigate around their agency’s security protocols at least once a week.Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow Kenneth on Twitter @kecorb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Related content news CIO Announces the CIO 100 UK and shares Industry Recognition Awards in flagship evening celebrations By Romy Tuin Sep 28, 2023 4 mins CIO 100 IDG Events Events feature 12 ‘best practices’ IT should avoid at all costs From telling everyone they’re your customer to establishing SLAs, to stamping out ‘shadow IT,’ these ‘industry best practices’ are sure to sink your chances of IT success. By Bob Lewis Sep 28, 2023 9 mins CIO IT Strategy Careers interview Qualcomm’s Cisco Sanchez on structuring IT for business growth The SVP and CIO takes a business model first approach to establishing an IT strategy capable of fueling Qualcomm’s ambitious growth agenda. By Dan Roberts Sep 28, 2023 13 mins IT Strategy IT Leadership feature Gen AI success starts with an effective pilot strategy To harness the promise of generative AI, IT leaders must develop processes for identifying use cases, educate employees, and get the tech (safely) into their hands. By Bob Violino Sep 27, 2023 10 mins Generative AI Innovation Emerging Technology Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe