It seems like IT is always finding more needed security solutions to create a layered defense against external and insider threats, malware attacks, ransomware, and the like. Some of the solutions you find are pretty cool and actually get you excited about the prospect of having it running in your environment. It’s going to automate all of the work you do today and will solve all your concerns around that part of security, right?
But, there’s just one problem – if implementing and using it is disruptive, it’s already dead on arrival.
We look at security and productivity as a balance: if security overwhelms and stifles productivity, users can’t do their job and the solution may be in jeopardy. Likewise, if a security solution takes too much work on IT’s part, it’s equally doomed. But, too much focus on productivity (that is, not enough security) and you elevate the risk of downtime, theft, data breaches, and attacks across the organization.
The challenge with this balance is that you may very well require a certain amount of security, period. But, at the same time, every solution (including those focused on security) falls subject to the ever-powerful issue of adoption. If there is a lack of adoption by IT or users, the solution in question can provide the best security known to man, but no one is going to use it.
So, how do you ensure security without disruption?
The answer lies in altering your criteria when selecting a security solution in the first place. By considering the impact disruption may have on the success or failure of a security solution, you increase the chances of choosing a solution that will not only provide great security, but actually be embraced by your user base and IT.
Look for security solutions that tout these disruption-free features:
- Easy to implement – A security solution that requires 3 very expensive consultants on-site for 2 months just to get it up and running isn’t something IT can immediately take ownership of and expertise over. Solutions that literally take hours or less are better choices that IT will welcome.
- Simple to manage – A security solution is only as powerful as the continual focus IT gives it to ensure it is an integral part of IT’s ongoing approach to security. Security solutions with “stickiness” tend to be intuitive, with limited clicks to get any task accomplished.
- Integrates with current user processes – Try telling a user that the process they used to perform now has 4 additional steps – thanks to your new security solution. The non-disruptive solution will seamlessly integrate with the work the user already performs, leveraging the same interfaces, applications, and methods they’re used to.
- Should balance security with productivity – If users are finding work-arounds to your security solution (e.g. using webmail to send out files because the DLP solution blocks everything), the solution (or perhaps the implementation of it) has missed the mark. Ideally, security should be behind the scenes, protecting the user and the environment, never seen until the moment the user is truly conflicting with security protocol.
The goal of every organization is, first and foremost, to have a productive, predictable, and profitable business. Security solutions used should avoid disruption to IT and to users. By selecting a non-disruptive solution, you help uphold the organization’s goal, while simultaneously – and seamlessly – adding the word protected to the mix.