We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Register today!
Trading usability for stronger cybersecurity is the price vendors have paid for decades to reduce the risk of breaches to their customers. Companies stuck to the logic, assuming that the harder a security application or platform was to use, the more secure and able it was to reduce risk.
Fast forward to today and organizations must now support working-from-home employees, a new hybrid workforce, and roving warriors who require secure, real-time connections from their own devices to local data. most valuable to a business. The pandemic has forever changed everyone’s perspective of a great digital employee experience.
from Ivanti State of digital employee experience (DEX) released this week provides insights into how companies are moving beyond trading usability for security and what’s most important for new, more virtual workforces. From the employee’s perspective, an optimized hybrid work environment allows them to switch seamlessly between devices, whether they’re working in the remote office or even in transit.
Usability trade-offs must go
CIOs and CISOs tell VentureBeat that the worse the usability of a given cybersecurity application, the more workarounds users will find to not use it or find new ways to access what they need without going through authentication.
It’s so common that just under half of executives surveyed (49%) asked to bypass one or more security measures in the past year. Additionally, 72% of all employees surveyed say they have to deal with more security functions. Only 21% of IT managers consider usability and user experience to be the top priority when selecting a new enterprise cybersecurity application or tool.
Other key insights from the study include the following:
- Trading usability for stronger cybersecurity fails. Forcing employees to go through multiple logins and multiple authentication steps reduces overall satisfaction with the digital employee experience. Tighter access controls lead to more workarounds and the possibility of compromising privileged access credentials, including passwords. The worse the user experience of a secure application, the higher the likelihood that malicious actors can hack into it by intercepting passwords and login data. It’s no surprise, then, that 52% of C-level executives say cybersecurity is their top priority for improving employee digital experiences (DEX). Yet 69% of employees struggle to navigate unnecessarily convoluted and complex security measures. Improving the digital employee experience doesn’t mean sacrificing security; it highlights the need for a new approach.
- Cybersecurity apps that deliver security experiences that the user barely sees succeeding. The study results taken together make a compelling case for moving away from decades-old approaches of forcing users to use complicated passwords and authentication techniques. The best security is the type that the user hardly sees or notices. Cybersecurity vendors are adopting zero authentication (ZSO) techniques that consolidate access to all workplace applications under a single login, so that end users do not have to remember multiple login credentials. They also rely on the Zero Trust Network Access (ZTNA), treating every identity, whether human or machine, as a new security perimeter. They combine zero authentication in a zero trust-based environment to protect users without forcing them into lengthy authentication sessions each time they need to access system resources. “Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation,” said Jeff Abbott, CEO of Ivanti.
- Secure-by-design defines the future of digital employee experiences. Along with developing new cybersecurity features while improving the usability of applications and platforms, usability bottlenecks are being addressed. Security by design must achieve the dual goals of defining next-generation cybersecurity products based on zero-trust security standards while improving user experiences. As Ivanti’s research states, “IT and C-suite leaders should focus on delivering a secure digital user experience by design that prioritizes communication and visibility of digital assets and of their various interdependencies and interconnections. In reality, it is not a question of trying to balance the two, but of approaching them as two inseparable elements of any digital transformation. Single sign-on providers are also making progress in this area and include Microsoft Azure Active Directory, Okta, OneLogin, Ping identity, RSA SecurID Access, Salesforce Identity and Zscaler Private Access and others.
- Endpoint visibility and control is a weakness for many organizations. Only 47% of IT professionals agree that their organizations have complete visibility into every device that attempts to access their networks. Supporting Ivanti’s research findings, a Cybersecurity Insiders report found that 60% of organizations know less than 75% of the devices on their network, and only 58% of organizations say they can identify every vulnerable asset in their network. undertaken within 24 hours of a critical exploit. It takes companies a medium company 97 days to test and deploy patches to each endpoint. Additionally, Ivanti’s research found that 32% of IT professionals use spreadsheets to track endpoint assets on their networks, a technique that the majority of machine identities lack. The use of spreadsheets and other manual approaches leaves the majority, if not all, of machine identities unaccounted for and exposed to potential cyberattacks.
Ensuring productivity while enhancing security
The goal should be to make employees productive while securing their devices and connections to a corporate network, regardless of their geographic location. It’s time to abandon the logic of trading bad usability for better security when that approach is proven to fail. The best security is one that no user notices, but secures all assets on a corporate network using zero-connection and zero-trust security.
“In the war for talent, a key differentiator for organizations is to deliver an exceptional and secure digital experience. We believe organizations that don’t prioritize how their employees experience technology are a contributing factor to the Great Quit,” said Jeff Abbott, CEO of Ivanti.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.