Bromium®, Inc., released results of a survey of 175 security professionals conducted at this year’s Infosecurity Europe, which found that IT security is often deprioritized when it interferes with employee productivity.
Key results of the survey show that:
94 percent of security professionals say users are more concerned with getting their jobs done than worrying about security
64 percent of security professionals admit to modifying security to allow employees more freedom to get their work done because of a request from leadership
40 percent of security professionals admit to turning security off to accommodate a request from another part of the organization
“While it isn’t a shock that users prioritize productivity and convenience over security, we’ve always assumed that IT security teams set the agenda when it comes to protecting IP, customer data and the network. But the results from this survey make it clear they are often overruled and executive leadership may not be aware given these competing priorities,” said Ian Pratt, co-founder and president of Bromium. “This should not be the case. Security teams shouldn’t be put in this position. Security is in place to protect an organization’s most valuable assets. Having to negotiate over when it is applied puts a company at significant risk.”
The survey also revealed that more than 55 percent of respondents would remove security if they could keep the organization safe from user-introduced threats. If they had a wish list of the technologies they could remove, 32 percent said they would start with web proxy services and products that restrict users’ access. Moreover, security professionals feel that when it comes to cybersecurity, user education is futile. More than 42 percent admit end users are educated about how to prevent data breaches, yet their behavior is often the cause of a breach.
“Security should be invisible, not an obstacle. But so much of today’s security technology inhibits productivity and hinders innovation. Putting the onus on employees simply doesn’t work – they should be able to click with confidence,” Pratt continued. “An organization’s greatest assets are its intellectual property and its employees. The idea that business leaders are being forced to choose between productivity and security is frankly ridiculous. We need to do better as a community of security vendors.”
Approaching security differently, with virtually no impact on productivity, is what’s needed to repair this schism. CPU-enforced micro-virtualization isolates applications, email downloads, files and web browsing, providing friction-free security. Employees can work as usual – opening email attachments, clicking on links, and visiting websites – without fear of compromise.
Virtualization-based security with application isolation works silently and unobtrusively, protecting each activity. It can even be used to allow the malware to run because it can’t get out of the micro-VM, and provides real-time introspection and threat intelligence. This way security doesn’t impact the user experience or their productivity, meaning there is no need to “turn it off” when it becomes inconvenient. It allows teams get back to work – improving productivity because security is no longer a barrier to innovation.