Productivity And Security Don't Have To Be Inversely Proportional
By James Brown, Chief Architect, JumpCloud
Conventional wisdom in the security industry says that as security is increased, productivity decreases proportionately. Everyone’s experienced it. Access to a certain application or server is denied unless the user is within the confines of the organization. Employees are required to log in to a virtual private network (VPN) when working remotely in order to access key corporate IT assets. New IT purchases need to go through a security screening, delaying the purchase process, and at the same time, users are bombarded with cautionary emails from IT to lock their computers, use better passwords, not connect to public hotspots, encrypt their hard drives, and more. It becomes overwhelming for even technical personnel.
Users today are savvier about security requirements, but are increasingly less tolerant of IT making their jobs harder. Today’s workforce is moving fast and leveraging whatever tools and resources needed to get the job done. Employees and contractors are signing up for services like AWS, Heroku, and thousands of others, and they have no hesitation about placing their corporate assets into these services without IT’s authorization or assistance. Those shadow IT assets serve as short cuts to complete tasks more quickly and there is little regard for corporate security controls or protection of digital assets.
The issue isn’t necessarily end users — under intense pressure to accomplish their jobs, employees are simply searching for better ways to work more efficiently. The change that needs to occur is in the IT organization’s approach to security. Security can no longer negatively impact productivity and needs to be embedded into the way employees do their jobs, not as an extra step. Workers need to be able to freely complete tasks from anywhere, using whatever devices and applications required. Secure processes are part of the system and don’t require users to leverage multiple logins, save work in multiple places, or waste valuable time.
While security is being embedded into normal workflows, IT also needs to provide better security. There are several approaches that both significantly increase IT security and enhance productivity. One example is identity management. IT organizations are learning that the centralization of core user identities does not only increase control over user access, but also boosts productivity as users have only one set of secure credentials to remember. Directory services and single sign-on authentication also provide benefits to the end user — no VPNs to log in to, all device types covered, and cloud applications included as well. Suddenly, users now have a central way to access everything that they need, and IT has a way to secure it. Another example is to automate the execution of security tasks on endpoint devices. IT shouldn’t be asking or telling employees what they need to do. IT should execute those policies for them and ensure that employees know how to accomplish their tasks. These policies could be related to passwords, hotspots, encryption, and more.
Of course, it is not always possible to increase security without impacting productivity, but if next generation security tools are to take hold, they need to be incorporated into the daily workflow, and IT needs to provide the correct tools and resources.
James Brown is chief architect at JumpCloud, the first Directory-as-a-Service (DaaS) company. JumpCloud securely connects and manages employees, their devices, and IT applications. Brown provides new product definition, engineering, customer support, and customer deployment architectures. His background is in system administration, software development, security, and product management.