In an effort to lock down agency data and control access points, cybersecurity professionals in the federal government fail to consider the experience of end users, who say security policies are burdensome and often resort to workarounds. Are strong security protocols actually making the federal government less secure?According to a new study by MeriTalk, federal cybersecurity professionals are so focused on implementing rigid policies to lock down data that they often ignore how those rules will impact end users within their agencies.The result, perhaps predictably, is that many government workers resent the burden that security protocols impose, complaining that they are time-consuming and hinder productivity, while nearly a third say that they regularly use a workaround to circumvent the security roadblocks.Respondents to the MeriTalk survey, which was underwritten by cloud provider Akamai, noted a direct correlation between onerous security policies and a lack of compliance. Small wonder then that security professionals said that nearly half — 49 percent — of federal security breaches can be attributed to end users not complying with the policies in place at their agencies. “More security rules, more security tasks and more security delays have done little to drive more user buy-in for cybersecurity,” Tom Ruff, vice president of Akamai’s public sector division, said in a statement.Security Is Important, but &. For the survey, the government IT consortium MeriTalk polled 100 cybersecurity professionals within the government and another 100 non-cyber workers to arrive at a comparison between policies and the ways that they are put into practice. It’s not that government workers don’t appreciate the importance of security. Ninety-five percent of respondents — cybersecurity workers and end users alike — agreed that maintaining strong security is critical to their agency’s operations, and 98 percent said that security is everyone’s responsibility.So if the spirit of shared responsibility is there, the new report argues that cybersecurity professionals need to better attune themselves to the day-to-day challenges that agency workers face.“Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries. It is a team game, and better support for users will deliver better results for security,” Ruff said.The increasing sophistication of cyber threats and the new IT initiatives agency CIOs are pursuing across the government add a sense of urgency to harmonizing security policies with end user behavior. For instance, 74 percent of the cybersecurity professionals polled said that they are unprepared for an international attack, and an equal number said they aren’t equipped to adequately secure access to mobile devices. Then 70 percent said that they aren’t prepared to secure cloud environments, and 70 percent also said they aren’t ready to fend off a denial-of-service attack. At the same time, half of cybersecurity workers polled said that they anticipate that their agency will be the victim of a DoS attack in the coming year.The severity of those challenges, along with the general feeling of unpreparedness, has impelled cybersecurity professionals to implement more rigid policies to lock down agency data and restrict access. Seventy-four percent of security pros said that preventing data theft is a top priority, meaning that it merits a nine or 10 on a 10-point scale. More than half of respondents said that a secure Web strategy, maintaining and upgrading security systems, rolling out fresh cybersecurity protocols and mitigating DoS attacks were each similarly important. But just 40 percent named a user-friendly experience as a top priority.That apparent imbalance has been a source of frustration within federal agencies. In the polling of end users, 66 percent described their agency’s security protocols as burdensome and time-consuming, and just a shade more said that it takes longer to complete certain tasks because of the security roadblocks. Thirty-one percent of respondents said that they navigate around their agency’s security protocols at least once a week.Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow Kenneth on Twitter @kecorb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Related content feature 5G ready or 5G really? Industry CIOs face hard truths about private 5G Some enterprises are building private 5G networks for their industrial environments, only to find they have to initially settle for 4G service. So what is private 5G ready for, and what can it really do? By Peter Sayer Jun 06, 2023 8 mins CIO Network Appliances Network Switches opinion 5 tips for startup partnership success Corporate venture investments provide IT leaders with new engines for IT innovation, broader networks for emerging opportunities, fuel for in-house transformation, and improved career prospects — if done right. By Isaac Sacolick Jun 06, 2023 8 mins Startups Digital Transformation IT Strategy feature 14 organizations that support LGBTQ+ tech workers Offering networking, mentorship, and career development opportunities, these 14 professional orgs foster community for LGBTQ+ workers in an industry that isn’t always welcoming. By Sarah K. White Jun 06, 2023 9 mins Diversity and Inclusion brandpost ChatGPT and Your Organisation: How to Monitor Usage and Be More Aware of Security Risks By Hayley Salyer Jun 05, 2023 7 mins Chatbots Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe