Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
Security is a requirement for modern organizations that must protect their technology assets and corporate data against attacks. But what impact does security have on users within organizations? That's one of many questions Dell addresses in a new study.
Dell sponsored the July survey of 460 IT professionals and 301 full-time business users. One top-line result: A whopping 92 percent of business users feel that additional security measures negatively impact their ability to get work done.
Bill Evans, senior director of Product Marketing at Dell Software, told eSecurity Planet that workers view requirements such as logging into a VPN or having to remember multiple lengthy passwords as a hassle.
"Sure, workers believe security is important, just so long as it doesn’t affect their day-to-day activity, then it’s a nuisance," Evans said. "It’s the age-old battle. Workers are all for security and doing the right thing, but that right thing is not more important to them than doing the right thing of getting their job done."
Securing the Remote Workforce
Remote workers are one area of the workforce that typically faces extra security measures. The study found that 82 percent of users who work remotely indicate they must use additional security measures. In Evans' view that's a good result.
"We are encouraged that 82 percent are required to have some additional security, although I think we all believe it should be higher," Evans said, adding that remote security is often approached in a siloed fashion.
"When treated alone, remote access requires additional security measures that are independent of all other measures already in place," he said.
Evans believes a context-aware approach can better incorporate remote worker security in the same security environment as on-premise and BYOD workers.
The Password Problem
Dell also examined password use. The study found that 85 percent of business users have multiple login/passwords. Dell did not ask IT professionals how many logins/passwords they personally managed, Evans noted. However, he said Dell plans to address the issue of too many administrative passwords in the second half of the survey, which will be released later in the year.
Evans said it's both a good thing and a bad thing that business users have multiple passwords.
"It’s good that everything has a password. It would be bad if all the passwords were the same or, worse yet, written down and placed under the keyboard," he said. "The point is that lots of strong passwords are good for security and troubling to users."
When users feel "put out" by overly complex or cumbersome security requirements, Evan said they will often circumvent security in the name of ease.
"That’s good for users and bad for security," Evans said. "It’s a difficult dichotomy that we think can be addressed, in part, by context-aware security."
Like remote access, multiple passwords are a symptom of security implemented in silos, Evans said. In many cases IT organizations simply add a new password requirement for every new asset they need to secure, creating a fragmented approach to security.
While there are some differences of opinion between IT professionals and business users, Evans said that both groups agree that when push comes to shove, the organization will make access more difficult in order to maintain security. Everyone accepts that this is just the way it is.
"Both camps agree that if there was a way to strike the correct balance and get all the security you need without impeding user productivity, it would be a win-win," Evans said. "A context-aware approach to security helps to achieve this balance."
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.