Security sucks: measures often disabled to increase productivity
Security is often pushed to the back of the queue when it interferes with employee productivity, according to new research from Bromium.
Questioning 175 security professionals at this year’s InfoSecurity Europe, the company found that, surprise, surprise, 94 percent of security professionals say users are more concerned with getting their jobs done than worrying about security.
Sixty-four percent of security professionals admitted to modifying security to allow employees more freedom to get their work done, and 40 percent admitted to turning security off to accommodate a request from another part of the organisation.
“While it isn’t a shock that users prioritise productivity and convenience over security, we’ve always assumed the IT security team set the agenda when it comes to protecting IP, customer data and the network. But it’s clear they are often overruled and executive leadership may not be aware of these competing priorities,” said Bromium co-founder, Ian Pratt. “This should not be the case. Security teams should not be put in this position. Security is in place to protect a company’s most valuable assets. Having to fight with peers over when it is applied puts a company at significant risk.”
The survey of 175 security professionals revealed that more than 55 percent of respondents would remove security if they could keep the organisation safe from user-introduced threats.
If they had a wish list of the technologies they could remove, 32 percent said they would start with web proxy services and products that restrict user’s access. A further 31 percent would do away with whitelisting and blacklisting; suggesting security solutions that interrupt end users regular activities tops the list of challenges they face.
Moreover, security professionals feel that when it comes to cyber-security, user education is futile. More than 42 percent admit end-users are educated about how to prevent data breaches, yet their behaviour is often the cause of a breach.
“Security should be invisible, not an obstacle, but so much of today’s security technology inhibits productivity. Putting the onus on employees is hindering innovation and more importantly, it simply doesn’t work,” Pratt continued. “A business’ greatest assets are its intellectual property and its customer data. The idea that business leaders have to choose between productivity and security is frankly ridiculous. We security companies need to do better.”