Modern IT is caught in the throes of a perpetual war between security and convenience. And I’ve got some bad news for you. Security is losing.
You can thank Apple and Google for this, honestly. The advent of the smartphone essentially deep-sixed the old paradigm of enterprise IT. Suddenly, users had completely unfettered access to resources and tools which might traditionally be managed and deployed exclusively by security professionals.
Suddenly, users had access to a completely new level of ease and convenience. And it wasn’t long before they started expecting their employers to deliver to them the same. Those organizations that failed quickly learned the hard way that their users can and will work in their own way if they aren’t given the level of ease they demand.
“Most organizations grossly underestimate the number of shadow IT applications already in use,” explains Gartner Principal Research Analyst Brian Lowans. “A data breach resulting from any individual BUIT purchase will result in financial liabilities affecting the organization’s bottom line. Liabilities can be very large due to a mix of costs that include notification penalties, auditing processes, loss of customer revenue, brand damage, security remediation and investment, and cyberinsurance.”
So … basically, security controls are looked at by many users as the enemy. Cumbersome access processes, irritating best practices, and archaic modes of authentication are all seen as roadblocks on the path to productive work. So employees simply ignore them – and in most cases, their employer looks the other way.
After all, they’re getting work done – and they’re doing so more efficiently than ever.
As an administrator, the first thing you need to accept is that you’re never going to have as much control as you used to. From there, your task is simple. You need to find a way to secure and protect business-critical data without stepping on the toes of your users.
Easier said than done? Maybe. But not impossible. Here are a few steps you can take to start with:
- Enable single-sign-on for SaaS applications.
- Update your authentication processes to be more seamless and accessible to your users.
- Speak to employees about what apps they want to use in the workplace, and find secure versions to equip them with.
- Start making use of containerization to lock off business data from personal data and applications.
- Use a secure Enterprise File Synchronization and Sharing platform to protect your business-critical documents.
- Look into enabling a BYOD program if your organization hasn’t already.
- Ask your users about pain points in your current security measures, and see how you might eliminate them.
In the war of security against convenience, the latter is winning. But I’d like to let you in on a little secret – it doesn’t really need to be a war at all. By working with your users and implementing new security tools and processes, you can both keep your data safe and enable your users to work faster and better than ever.
It’s all in how you approach it, really.