Light Dark
May 13, 2020 By Mike Elgan 3 min read
Data Protection
Endpoint

A positive user experience with security tools is essential to security itself. If a given application or policy is too hard or time-consuming to use, users will simply work outside of company security protocols — they may use their own email accounts and services or choose their own applications and cloud providers, ultimately circumventing entire layers of security technology.

Having solid security measures in place is a necessary condition for achieving your organization’s overarching goals, but user productivity requires both security and usability. When security harms usability, the organization’s overall efforts may be hampered as well. In this way, inconvenience can reduce not only productivity and usability, but also security. It is therefore critical for your organization to balance security policy with usability.

How Security Specialists Can Safeguard Usability

The greatest contributor to eroding usability in enterprise systems is when the security team operates in a constant state of reaction — rush this patch, lock down that app, remove those privileges.

Security threats, vulnerabilities and breaches come at you fast, and it’s hard enough just to keep up. The proactive way to incorporate usability is to replace piecemeal security thinking with an all-encompassing strategy based on coherence and harmony with tools, policies and training.

Balancing security and usability, in other words, is not something that’s achievable on the fly. It is enabled by comprehensive design. Here are the building blocks of a secure enterprise that maximizes usability.

Embrace Unified Policy Management

Employees are heavily burdened by overcomplexity, which makes their jobs harder. Technology that delivers a unified policy can boost both security and usability.

Implement Unified Endpoint Management

With the proliferation of device types — smartphones, tablets, laptops, desktops and a variety of internet of things (IoT) devices — and software and data types, implementing good unified endpoint management (UEM) software can be a huge step forward. Taking a cognitive approach to UEM simplifies and strengthens both management and use. To facilitate bring-your-own-device (BYOD) policies and the emergence of IoT devices, a device-agnostic approach calls for smart UEM.

Take Advantage of Automation

Automation is often framed as a benefit to the IT side, but it can also improve the user experience. For example, an effective and user-enabling patch management system might identify patches that could be automated and then update user systems without interruption.

Consider adopting a security orchestration, automation and response (SOAR) approach to improve security and reduce the mental workload of IT staff and users alike.

Leverage Threat Intelligence

The key to balancing security and usability is to find a way to step off the reaction treadmill and embrace a strategic and comprehensive approach to security at a larger scale. The way to get off that treadmill is to use powerful threat intelligence.

Although threat intelligence can mean different things to different people, it generally means taking an analytical approach to prioritizing and addressing threats. This should provide greater control than the more reactive, “whack-a-mole” method, which tends to distract attention away from the most pressing issues.

Phase Out Legacy Systems

It can be easy for legacy systems management to fall into a pattern of constant patching and updating, which can lead to a number of issues around security and usability. But here’s another way to look at aging IT: It’s a user-experience generational divide within your organization.

Employees who have been around for a while may be extremely comfortable with legacy IT, whereas younger or newer employees may find it extremely vexing. With each passing year, more employees who find legacy systems usable retire, and more employees who find them frustrating are brought onboard.

In general, legacy systems are likely to grow not only less secure over time, but also less usable for employees.

Maintain a Usability Mindset

Avoid and resist a “user blame” mentality. Users are humans, and humans have cognitive biases, impulses, inclinations and other characteristics that are, in fact, predictable. An enlightened security strategy takes all of this as given and works with human nature to promote user participation and partnership with respect to security. To that end, always cultivate an organizationwide culture of security.

Consider Mental Health

Take responsibility for one aspect of the mental health of users in your organization: Their stress level. Stress can have a significant impact on productivity, and it often causes people to make mistakes or take shortcuts. Strive to implement solutions that de-stress users, and make them feel empowered and safe.

Empower Your Users to Improve Security

When you are considering business purchases, be sure to give significant weight to how a new system might affect users. Will it make their lives easier or harder? If the answer is the latter, then this operational cost must be factored into the total cost of ownership to the greatest extent possible.

As a security professional, manager or buyer, doing your job well means enabling employees to do their jobs well. It’s not just about stopping the bad guys; it’s also about empowering the good guys.

 |  |  |  |  |  |  |  | 
Mike Elgan

More from Data Protection
December 20, 2024

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

December 3, 2024

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature