Sacrificing Security For Productivity: The IT Dilemma




It’s an inherent catch-22, a dilemma the IT department is now faced with and will have to worry about going forward: how to balance security while improving productivity.

So now the enterprise is faced with myriad decisions, not the least of which is facing the opportunity to enhance efficiency and improve productivity by allowing for mobile device use, but at what security cost? Without the proper policies and protocols in place, organizations become nothing more than a target, waiting for hackers to attack.

In a recent survey fielded by Enterprise Strategy Group, analyst Mark Bowker shared those findings with Cyber Security Hub, showing a trend in the right direction in the productivity vs. security dilemma, but shows not all organizations are willing to make the sacrifice just yet.

“While recent trends like the consumerization of IT and bring-your-own-device (BYOD) policies were ultimately rooted in and driven by a desire to maximize employee productivity, security still trumps these aspirations,” Bowker said. “Indeed, when survey respondents were asked whether they would be more willing to sacrifice productivity in the pursuit of supporting the application, endpoint device, and data requirements of the organization’s employees/end-users, nearly three-quarters (71%) state that they would sacrifice productivity for improved security.”

While preparation, policies, and protocols can make a major impact and certainly relieve the stresses wrapped around security and vulnerabilities, some attacks are just too quick and widespread to halt before it’s too late. Case in point is the recent “WannaCry” ransomware attack that impacted 150 countries in a matter of hours, or a recent Google Docs phishing scam that infiltrated email accounts by replicating shareable links to malware inside Gmail.

“The skew toward security at the expense of productivity is not surprising given the current threat landscape,” Bowker said. “With employees storing more confidential data on endpoint devices such as desktop PCs, laptop PCs, and mobile devices, organizations are increasingly at risk of failing to comply with any of a growing number of regulatory requirements that govern data security and privacy. And in an increasingly mobile world, this is particularly true in the case of devices such as laptop PCs, smartphones, and tablets.”

ESG’s survey went on to show that 44% of respondents said securing confidential data resident on endpoint devices was their organization’s top challenge, with 39% saying enforcing end-user compliance with regulatory requirements as the second biggest challenge.

“While workspaces and allowing the use of personal devices have been something of a compromise for the BYOD reality, security considerations are still paramount,” Bowker concluded. “Indeed, bad actors exploit not only software vulnerabilities, but also human gullibility via methods such as spear fishing, email impersonation, and drive-by downloads, and then steal credentials, plant malware, and more en route to achieve their objectives.

“Endpoint security, and by extension, workspace security, especially in smaller organizations, is typically the domain of IT operations,” Bowker said. “It is worth noting, however, that the participants in this research were IT professionals responsible for supporting workspace delivery and mobility initiatives, and thus it is telling that this group of participants prioritized security over productivity and cited securing endpoint-resident data as their top concern. All told, the focus on securing workspaces is indicative of the need to improve both the efficacy and efficiency of protecting endpoints and workspaces, as well as the data they store and access, from compromise.”