Modern workplace security is not ‘all or nothing’ – it’s a balance
- Posted on July 16, 2019
- Estimated reading time 3 minutes
Modern workplace solutions are designed to unleash productivity, innovation and engagement. But without a balanced security approach, you can seriously hamper those objectives, or put your organization at risk.
Security must be part of the workplace experience equation from day one. As organizations move to platforms such as Microsoft Office 365 or Windows 10, they need to decide whether to activate the built-in security features of those platforms, invest in third-party security solutions, or re-configure legacy solutions.
Problems arise when security controls get in the way of the workplace experience, particularly with third-party and legacy solutions designed without the cloud or mobile in mind.
One frequent example of this is when organisations force a user’s internet traffic back through the internal network for inspection. This additional step leads to sluggish performance and, consequently, adoption barriers of cloud applications. Another example is blocking employees from accessing services when out of office, severely diminishing the ability to get work done, flexibly.
Simply put, when you ignore the user experience when designing security, you can expect a degraded experience. This constrains the ability to deliver the value identified in the business case for the investment in the first place. In addition, it encourages shadow IT, as employees seek outside services to get their work done and meet the increased pressure to become more productive.
The flip side of this is no better. Some organizations will do nothing, or almost nothing. This approach often arises due to a lack of understanding of the threat landscape or the organization’s role in the shared security model. There is often an assumption that the vendor is taking care of it all, an issue highlighted by some recent research sponsored by Microsoft.
This reactive approach means there is no strategic investment in security and threats are not actively identified nor mitigated. It also significantly increases the risk of breach and financial and reputational damage. While organizations cannot control if they get attacked, they can control their ability to detect and respond. Gartner research shows that more CEOs are being blamed and punished for cybersecurity related events. It is unfortunate that it takes a breach to prioritize cybersecurity, when the damage is already done.
Balance workplace experience with modern security
A balance is needed. I think everyone will agree having a system that is kept turned off, stored in a safe, in a secure building, with no network connectivity will be highly secure. But it will also be useless and devoid of business value.
Our advice is for organisations to focus on simplifying the security landscape by leveraging the built-in advantages offered already in modern workplace platforms.
As a first step, you must clearly understand the shared security model. Without doing this, organisations rely too much on cloud vendors to protect them, without keeping their own backyards in order. This awareness gap also leads to wasted investments in ad hoc security tools and integration hell which becomes worse over time with evergreen services. Vendors, such as Microsoft, are building security capabilities directly into their platforms. If you aren’t aware of how these capabilities can help you, you might buy additional security products without adding any material advantage over the tools you already own (and never use).
The fact that Microsoft is spending more than $1 billion a year in security investments also means organizations can “stand on the shoulders of giants” and make choices where they can leverage that investment, and focus on areas which will have more impact.
In our experience, this intrinsic, or pre-integrated approach to security helps make the security elements to a solution less visible to the users and cause less friction. As a result, employees waste less time trying to circumvent controls, and get more work done in the process.