Rawpixel - Fotolia

Conventional security measures hit productivity, study shows

Most IT professionals say context-aware security would improve productivity without compromising security, a survey from Dell reveals

Common access management processes limit productivity and often force employees to find risky workarounds, a survey revealed.

Just over 90% of business respondents reported that security measures hit their productivity, according to a global security survey commissioned by Dell.

More than half said this negative impact on productivity had increased in the past 18 months, while 92% said the use of additional security for remote work had a negative impact.

According to the survey, more than 90% of business respondents use multiple passwords on a daily basis.

Nearly 70% of IT professionals said employee workarounds to avoid IT-imposed security measures pose the greatest risk to the organisation.

However, if a business were to implement a context-aware security approach – replacing traditional, static access processes – 97% of IT professionals polled said they would see the benefits, including improved worker productivity without compromised security.

Context-aware security is an approach that evaluates the context surrounding each access request, and adapts security requirements accordingly, based on an ever-changing threat landscape.

IT professionals said other benefits of the approach include the ability to prioritise threats based on context – such as the types of applications targeted; the ability to gain visibility into the context, when assessing risk; and the ability to address changing security needs in real-time, and assess threats based on potential level of harm.

According to 93% of IT professionals polled, a lack of context-aware security causes problems, such as difficulty in quickly addressing changing security needs.

Other challenges include non-standard access needs that require IT intervention; and the inability to analyse how restrictions are managed.

Employee workarounds ratchet risk

According to Dell Security, traditional security approaches address point-in-time risk with security implemented in silos.

This results in separate passwords for everything, with separate security measures for remote workers and mobile workers, and protection against outside threats.

The outcome of this approach is security that typically obstructs productivity and exposes the business to risk from employee workarounds.

While nearly all IT professionals surveyed recognise the benefits a context-aware security approach would bring, only 28% said their organisations have fully embraced this approach.

More than 60% indicated that a lack of awareness about context-aware security is the greatest barrier to adopting it in their organisation.

“It’s undeniable that IT staff, business professionals and employees struggle with security,” said John Milburn, executive director and general manager, identity and access management at Dell Security.

“The business puts security first above employee convenience, and, right now, IT thinks it has only two options for security: to turn the dial either open or super secure.”

According to Milburn, context-aware security gives IT the ability to adjust the dial in real time, giving users convenience without resorting to risky workarounds.

“This approach gives the security team the confidence they need to keep the organisation both safe and productive,” he said.

According to Dell Security, a context-aware approach alleviates mismanagement of access issues by focusing on the context of the access request to ensure access is appropriate in real-time.

Read more about context-aware security

context-aware security has the potential to make network security a lot smarter. But it also requires legwork many IT shops aren't equipped to handle.

Context-based information security is becoming more important, as cloud and mobile computing erase previously rigid network perimeters. 

Static security is dead, long live business-aware security.

Expert Brad Casey explains why enterprises are turning to context-aware security approaches to improve their APT detection capabilities.

Read more on Hackers and cybercrime prevention