Light Dark
May 13, 2020 By Mike Elgan 3 min read
Data Protection
Endpoint

A positive user experience with security tools is essential to security itself. If a given application or policy is too hard or time-consuming to use, users will simply work outside of company security protocols — they may use their own email accounts and services or choose their own applications and cloud providers, ultimately circumventing entire layers of security technology.

Having solid security measures in place is a necessary condition for achieving your organization’s overarching goals, but user productivity requires both security and usability. When security harms usability, the organization’s overall efforts may be hampered as well. In this way, inconvenience can reduce not only productivity and usability, but also security. It is therefore critical for your organization to balance security policy with usability.

How Security Specialists Can Safeguard Usability

The greatest contributor to eroding usability in enterprise systems is when the security team operates in a constant state of reaction — rush this patch, lock down that app, remove those privileges.

Security threats, vulnerabilities and breaches come at you fast, and it’s hard enough just to keep up. The proactive way to incorporate usability is to replace piecemeal security thinking with an all-encompassing strategy based on coherence and harmony with tools, policies and training.

Balancing security and usability, in other words, is not something that’s achievable on the fly. It is enabled by comprehensive design. Here are the building blocks of a secure enterprise that maximizes usability.

Embrace Unified Policy Management

Employees are heavily burdened by overcomplexity, which makes their jobs harder. Technology that delivers a unified policy can boost both security and usability.

Implement Unified Endpoint Management

With the proliferation of device types — smartphones, tablets, laptops, desktops and a variety of internet of things (IoT) devices — and software and data types, implementing good unified endpoint management (UEM) software can be a huge step forward. Taking a cognitive approach to UEM simplifies and strengthens both management and use. To facilitate bring-your-own-device (BYOD) policies and the emergence of IoT devices, a device-agnostic approach calls for smart UEM.

Take Advantage of Automation

Automation is often framed as a benefit to the IT side, but it can also improve the user experience. For example, an effective and user-enabling patch management system might identify patches that could be automated and then update user systems without interruption.

Consider adopting a security orchestration, automation and response (SOAR) approach to improve security and reduce the mental workload of IT staff and users alike.

Leverage Threat Intelligence

The key to balancing security and usability is to find a way to step off the reaction treadmill and embrace a strategic and comprehensive approach to security at a larger scale. The way to get off that treadmill is to use powerful threat intelligence.

Although threat intelligence can mean different things to different people, it generally means taking an analytical approach to prioritizing and addressing threats. This should provide greater control than the more reactive, “whack-a-mole” method, which tends to distract attention away from the most pressing issues.

Phase Out Legacy Systems

It can be easy for legacy systems management to fall into a pattern of constant patching and updating, which can lead to a number of issues around security and usability. But here’s another way to look at aging IT: It’s a user-experience generational divide within your organization.

Employees who have been around for a while may be extremely comfortable with legacy IT, whereas younger or newer employees may find it extremely vexing. With each passing year, more employees who find legacy systems usable retire, and more employees who find them frustrating are brought onboard.

In general, legacy systems are likely to grow not only less secure over time, but also less usable for employees.

Maintain a Usability Mindset

Avoid and resist a “user blame” mentality. Users are humans, and humans have cognitive biases, impulses, inclinations and other characteristics that are, in fact, predictable. An enlightened security strategy takes all of this as given and works with human nature to promote user participation and partnership with respect to security. To that end, always cultivate an organizationwide culture of security.

Consider Mental Health

Take responsibility for one aspect of the mental health of users in your organization: Their stress level. Stress can have a significant impact on productivity, and it often causes people to make mistakes or take shortcuts. Strive to implement solutions that de-stress users, and make them feel empowered and safe.

Empower Your Users to Improve Security

When you are considering business purchases, be sure to give significant weight to how a new system might affect users. Will it make their lives easier or harder? If the answer is the latter, then this operational cost must be factored into the total cost of ownership to the greatest extent possible.

As a security professional, manager or buyer, doing your job well means enabling employees to do their jobs well. It’s not just about stopping the bad guys; it’s also about empowering the good guys.

 |  |  |  |  |  |  |  | 
Mike Elgan

More from Data Protection
March 27, 2024

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

March 12, 2024

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature