A positive user experience with security tools is essential to security itself. If a given application or policy is too hard or time-consuming to use, users will simply work outside of company security protocols — they may use their own email accounts and services or choose their own applications and cloud providers, ultimately circumventing entire layers of security technology.

Having solid security measures in place is a necessary condition for achieving your organization’s overarching goals, but user productivity requires both security and usability. When security harms usability, the organization’s overall efforts may be hampered as well. In this way, inconvenience can reduce not only productivity and usability, but also security. It is therefore critical for your organization to balance security policy with usability.

How Security Specialists Can Safeguard Usability

The greatest contributor to eroding usability in enterprise systems is when the security team operates in a constant state of reaction — rush this patch, lock down that app, remove those privileges.

Security threats, vulnerabilities and breaches come at you fast, and it’s hard enough just to keep up. The proactive way to incorporate usability is to replace piecemeal security thinking with an all-encompassing strategy based on coherence and harmony with tools, policies and training.

Balancing security and usability, in other words, is not something that’s achievable on the fly. It is enabled by comprehensive design. Here are the building blocks of a secure enterprise that maximizes usability.

Embrace Unified Policy Management

Employees are heavily burdened by overcomplexity, which makes their jobs harder. Technology that delivers a unified policy can boost both security and usability.

Implement Unified Endpoint Management

With the proliferation of device types — smartphones, tablets, laptops, desktops and a variety of internet of things (IoT) devices — and software and data types, implementing good unified endpoint management (UEM) software can be a huge step forward. Taking a cognitive approach to UEM simplifies and strengthens both management and use. To facilitate bring-your-own-device (BYOD) policies and the emergence of IoT devices, a device-agnostic approach calls for smart UEM.

Take Advantage of Automation

Automation is often framed as a benefit to the IT side, but it can also improve the user experience. For example, an effective and user-enabling patch management system might identify patches that could be automated and then update user systems without interruption.

Consider adopting a security orchestration, automation and response (SOAR) approach to improve security and reduce the mental workload of IT staff and users alike.

Leverage Threat Intelligence

The key to balancing security and usability is to find a way to step off the reaction treadmill and embrace a strategic and comprehensive approach to security at a larger scale. The way to get off that treadmill is to use powerful threat intelligence.

Although threat intelligence can mean different things to different people, it generally means taking an analytical approach to prioritizing and addressing threats. This should provide greater control than the more reactive, “whack-a-mole” method, which tends to distract attention away from the most pressing issues.

Phase Out Legacy Systems

It can be easy for legacy systems management to fall into a pattern of constant patching and updating, which can lead to a number of issues around security and usability. But here’s another way to look at aging IT: It’s a user-experience generational divide within your organization.

Employees who have been around for a while may be extremely comfortable with legacy IT, whereas younger or newer employees may find it extremely vexing. With each passing year, more employees who find legacy systems usable retire, and more employees who find them frustrating are brought onboard.

In general, legacy systems are likely to grow not only less secure over time, but also less usable for employees.

Maintain a Usability Mindset

Avoid and resist a “user blame” mentality. Users are humans, and humans have cognitive biases, impulses, inclinations and other characteristics that are, in fact, predictable. An enlightened security strategy takes all of this as given and works with human nature to promote user participation and partnership with respect to security. To that end, always cultivate an organizationwide culture of security.

Consider Mental Health

Take responsibility for one aspect of the mental health of users in your organization: Their stress level. Stress can have a significant impact on productivity, and it often causes people to make mistakes or take shortcuts. Strive to implement solutions that de-stress users, and make them feel empowered and safe.

Empower Your Users to Improve Security

When you are considering business purchases, be sure to give significant weight to how a new system might affect users. Will it make their lives easier or harder? If the answer is the latter, then this operational cost must be factored into the total cost of ownership to the greatest extent possible.

As a security professional, manager or buyer, doing your job well means enabling employees to do their jobs well. It’s not just about stopping the bad guys; it’s also about empowering the good guys.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…