Understanding and solving the security versus productivity dilemma
by Marty McGregor, CEO and Co-founder, Devicie
It’s time to redefine best-practice security in terms of greater productivity and a better user experience.
When it comes to the dilemma of security versus productivity, there are three competing interests: employees just looking to do their job, IT and security teams seeking to keep security concerns paramount, and the organisational objectives looking to balance the two, while making a profit.
Siding with employees means boosted productivity but also the risk of security black holes. Prioritising the goals of IT and security teams is great for protection, but it can create downtime and hamper both productivity and employee happiness. Finding a balance to meet organisational goals means compromises in both security and productivity; it may be “best efforts”, but it is far from ideal.
Currently, the best you can hope for is to pick one—security, productivity or a best-efforts compromise—even if productivity is more important. After all, if you don’t have a business, you’ve got nothing to secure.
This dilemma has been a key driver for the creation of Devicie and the primary reason why device security and management must change so that employees, IT and security teams, and organisations can all win.
Identifying the dilemma
Employees tend to be aware of the security-vs-productivity dilemma on a subconscious level. In reality, it’s the frustration of dealing with security essentials like the annoyance of two-factor that are seen as a barrier to productivity.
In employee surveys, IT is consistently flagged as the biggest pain point, from lengthy device onboarding processes and security features through to service-desk interruptions. Security may be critical, but it was never meant to hinder employees from doing their best work. That said, security is also important, but IT systems weren’t built with consideration of employees working remotely on personal devices, or with the myriad of applications which employees use to do their job.
The current best-efforts approach involves inconveniently timed updates, employee workarounds so they can access preferred apps without IT knowledge, and people using unapproved personal devices to access corporate networks.
This approach makes compromised devices a large target for cyberattacks. According to IBM Security’s Cyber Resilient Organization Report 2020, in the past two years, 51 per cent of organisations reported a significant business disruption because of manual management. The OAIC Notifiable Data Breach Report: January–June 2020 identified 34 per cent of breaches were because of human error.
Securing end users
Bring-your-own-device is as much an opportunity as it is a challenge for organisations. Employee devices are the barrier that most need protecting, particularly considering research that suggests employee devices are the biggest attack vector for cyberattack, more so in COVID-19 times. The Ponemon Institute’s 2020 Cost of Insider Threats: Global Report found that 62 per cent of insider incidents came from negligent employees or contractors, with an average cost of around US$307,111 per incident.
While user training is an important consideration for organisations, no one can rely on employees to be 100% perfect with regards to their cybersecurity behaviours.
Devicie has solved this dilemma with an automated security and management solution that requires no human intervention or software agents. It has been built to champion productivity by keeping end users protected within a closed agentless ecosystem built atop the foundational power of Microsoft Intune. Devicie is compatible across popular operating systems, including Windows, macOS, iOS and Android.
We created Devicie, not as a replacement for user training in secure ways of working, but to make uncompromising security protection on end user devices a seamless and empowering part of the way organisations work. People can be onboarded painlessly, anywhere in the world, and work productively from where they choose, on any device. At the same time, IT teams are liberated from the time consuming and costly process of manual configuration, while increasing their control and visibility over the entire fleet.
Employees can focus on just doing their job, while Devicie automates all provisioning, packaging and on-going patching of devices, operating systems and apps, plus the configuration of settings, without human or agent involvement, or inconvenient IT interruptions.
The Devicie difference
Devicie is a bespoke digital replacement for building your own custom architecture or hiring an external agency to build one for you. We test all updates before they are released, based on the advice from the security community.
Think of Devicie as the automation of tasks that are otherwise manually handled and prone to human error and/or extensive downtime, which are unfortunate side effects of manual maintenance. Devicie has a commitment to best-practice security alongside user-centric device management to ensure an exceptional experience for employees.
We all have the same amount of time and you can’t create more of it. Devicie saves time in initial device setup, machine replacement and update rollout, winning back hours that we feel are better invested in productivity. It’s time to turn best efforts into best practice.
If you’d like to chat to me about how Devicie can help you radically improve your security posture while giving your employees and It teams a much better experience, please contact me.