More and more enterprises are considering security firewalls and guidelines as impediments to employee productivity, say security professionals.
Security professionals are being forced to modify or turn off security settings to enable user access and to boost employee productivity.
A survey of 175 security professions from across Europe has revealed that as many as 94 per cent of users prioritize employee productivity over security concerns, thereby indicating that the focus is always on getting the job done, no matter how risky it may be.
At the same time, 64 percent of security professionals admitted that they have modified security to allow employees more freedom to work and 40 percent have even turned off security firewalls to accommodate requests from various departments.
This trend not only makes it clear that employees consider security firewalls and processes as hindrances towards their productivity, but also that security professionals do not have the final say when it comes to choosing between getting work done or adhering to security guidelines.
“While it isn’t a shock that users prioritise productivity and convenience over security, we’ve always assumed the IT security team set the agenda when it comes to protecting IP, customer data, and the network. But it’s clear they are often overruled and executive leadership may not be aware of these competing priorities,” said Ian Pratt, co-founder at Bromium.
“This should not be the case. Security teams should not put in this position. Security is in place to protect a company’s most valuable assets. Having to fight with peers over when it is applied puts a company at significant risk,” he added.
Security professionals who were part of the survey confirmed the fact that security firewalls and do's and do not's play havoc with employee productivity, which is the reason why they aren't loved by a majority of users. 32 percent of security professionals said that if they were given a choice, they would remove web proxy services and products which hinder user access, and another 31 percent said they would do away with whitelisting and blacklisting of websites.
Bromium, the security firm that conducted the survey, believes that there is a need to introduce new security guidelines and processes that do not interfere with user access and employee productivity. Employees can check emails, download and open attachments and click on website links without worrying about phishing attacks if CPU-enforced micro-virtualization is in place. This technique isolates applications, email downloads, files and web browsing in a disposable environment, thereby protecting users from malicious attacks.
'Virtualization-based security works silently and unobtrusively protecting each activity and can even be used to allow the malware to run because it can’t get out of the micro-VM. This way security doesn’t impact the user experience or their productivity, meaning there is no need to ‘turn it off’ when it becomes inconvenient,' the firm said.
Considering that employee productivity is key to a business's success and its survival, it is essential for businesses to ensure that security firewalls do not impede productivity. However, ensuring the security of customer data and internal databases is also paramount. The GDPR will impose heavy fines on enterprises that fail to protect such data and as such, compromising security practices to boost productivity may backfire in the long run.