Martin McGregor

Security versus productivity: The dilemma

It’s time to redefine best-practice security in terms of greater productivity and a better user experience. 

Keeping businesses secure is a top priority for CISOs, but best-practice security can often clash with employee productivity.  

On one side of the equation are employees who just want the freedom and flexibility they need to do their jobs. Conversely, IT and security teams need to keep security concerns paramount. 

While requiring complex passwords and two-factor authentication on end-user devices strengthens security, productivity is being negatively impacted. According to a survey by Bromium®, 74% of CISOs say employees have expressed frustration that remote-access policies are hampering productivity. 

This dilemma has been a key driver for the creation of Devicie and the primary reason why device security and management must change so that employees, IT and security teams, and organisations can all win. 

Identifying the CISO dilemma 

According to research by the Australian Bureau of Statistics,  more than 40 per cent of Australian employees regularly work from home. And, while employees need remote access to corporate networks and company data, IT professionals must enforce appropriate and robust cybersecurity measures to protect those networks and information.   

On a subconscious level, employees tend to understand the need for security protocols, including two-factor authentication, but view these measures as a barrier to productivity.   

While enforcing organisational remote-access policies is necessary for security, such controls were not devised to hinder employees from doing their best work. That said, security is critical, but IT systems weren’t built with consideration of employees working remotely on personal devices or with the myriad of applications that employees use to do their job. 

The current best-efforts approach involves inconveniently timed updates, employee workarounds so they can access preferred apps without IT knowledge, and people using unapproved personal devices to access corporate networks. 

This approach makes compromised devices a large target for cyberattacks. According to IBM Security’s Cyber Resilient Organization Report 2020, in the past two years, 51 per cent of organisations reported a significant business disruption because of manual management. Additionally, the OAIC Notifiable Data Breach Report: January–June 2020 identified 34 per cent of breaches were because of human error. 

The biggest attack vector for cyberattacks 

Bring-your-own-device is as much an opportunity as it is a challenge for organisations. Employee devices are the barrier that most need protecting, particularly considering research suggests employee devices are the biggest attack vector for cyberattack 

The Ponemon Institute’s 2020 Cost of Insider Threats: Global Report found that 62 per cent of insider incidents came from negligent employees or contractors, with an average cost of around US$307,111 per incident.  

The cost of such incidents is expected to grow by 15 per cent on an annual basis over the next five years. According to analyst firm Cybersecurity Ventures, global losses from security breaches, including lost productivity, are forecast to cost USD 10.5 trillion annually by 2025

While user training is an important consideration for organisations, these attacks are becoming more sophisticated, and employees can't be expected to be 100 per cent perfect when it comes to their cybersecurity behaviours. 

So, what is the best way to protect against these attacks? 

Balancing organisational productivity and device security 

User training, stringent policies and procedures, and restricting access are all vital to keeping businesses secure. However, the educate and prohibit approach to security is frustrating to employees and hinders productivity. 

Devicie has solved this dilemma with an automated security and management solution that requires no human intervention or software agents. It is designed to champion productivity by keeping end users protected within a closed agentless ecosystem built atop the foundational power of Microsoft Intune. Devicie is compatible across popular operating systems, including Windows, macOS, iOS and Android. 

We created Devicie, not as a replacement for user training in secure ways of working, but to make uncompromising security protection on end-user devices a seamless and empowering part of the way organisations work.  People can be onboarded painlessly, anywhere in the world, and work productively from where they choose, on any device. At the same time, IT teams are liberated from the time-consuming and costly process of manual configuration, while increasing their control and visibility over the entire fleet. 

Employees can focus on just doing their job, while Devicie automates all provisioning, packaging and on-going patching of devices, operating systems and apps, plus the configuration of settings, without human or agent involvement, or inconvenient IT interruptions. 

Jason Fairburn

A Zero Trust security model for the modern workplace

Securing end-user devices can quickly uplift organisations towards Zero Trust while also facilitating a positive end-user experience. 

Martin McGregor

Meeting security challenges in the remote workplace

As we enter the post-pandemic world, it’s time to address how to meet security challenges in our new remote workplace. 

Martin McGregor

Why organisations are failing to close the gap on ransomware

Despite ransomware being a prevalent global threat, many businesses fail to have sufficient ransomware protection or the measures to address it effectively.