Disruption: Security's worst enemy
Why security solutions should avoid complexity and disruption to both IT teams and all end-users.
)
)
)
)
)
It seems like IT is always finding more needed security solutions to create a layered defense against external and insider threats, malware attacks, ransomware, and the like. Some of the solutions you find are pretty cool and actually get you excited about the prospect of having it running in your environment. It’s going to automate all of the work you do today and will solve all your concerns around that part of security, right?
But, there’s just one problem — if implementing and using it is disruptive, it’s already dead on arrival.
We look at security and productivity as a balance: if security overwhelms and stifles productivity, users can’t do their job and the solution may be in jeopardy. Likewise, if a security solution takes too much work on IT’s part, it’s equally doomed. But, too much focus on productivity (that is, not enough security) and you elevate the risk of downtime, theft, data breaches, and attacks across the organization.
The challenge with this balance is that you may very well require a certain amount of security, period. But, at the same time, every solution (including those focused on security) falls subject to the ever-powerful issue of adoption.
The solution might provide the best security known to man, but if adoption is hard, no one is going to use it.
So, how do you ensure security without disruption?
Non-disruptive security
The answer lies in altering your criteria when selecting a security solution in the first place. By considering the impact disruption may have on the success or failure of a security solution, you increase the chances of choosing a solution that will not only provide great security, but actually be embraced by your user base and IT.
Look for security solutions that tout these disruption-free features:
Easy to implement: A security solution that requires three expensive consultants on-site for two months just to get it up and running isn’t something IT can immediately take ownership of and expertise over. Solutions that take hours or less are better choices that IT will welcome.
Simple to manage: A security solution is only as powerful as the continual focus IT gives it to ensure it is an integral part of IT’s ongoing approach to security. Security solutions with “stickiness” tend to be intuitive, with limited clicks to get any task accomplished.
Integrates with current user processes: Try telling a user that the process they used to perform now has four additional steps. Thanks to your new security solution, of course. A non-disruptive solution will seamlessly integrate with the work the user already performs, leveraging the same interfaces, applications, and methods they’re used to.
Should balance security with productivity: If users are finding workarounds to your security solution (like using webmail to send out files because the DLP solution blocks everything), the solution (or perhaps the implementation of it) has missed the mark.
Ideally, security should be behind the scenes, protecting the user and the environment, never seen until the moment the user truly conflicts with security protocol.
Opt for security solutions that avoid disruption
The goal of every organization is, first and foremost, to have a productive, predictable, and profitable business. Security solutions used should avoid disruption to IT and to users. By selecting a non-disruptive solution, you help uphold the organization’s goal, while simultaneously — and seamlessly — adding the word protected to the mix.