A new study from Dell reports that productivity – of 91% of respondents – is negatively impacted by conventional security measures. The findings reveal that many of today’s traditional security policies result in ‘too many passwords, access protocols and employee workarounds that expose the business to risk.’ Fortunately, by an interesting coincidence, using a context-aware security approach, (say one from Dell?), 97% of IT professionals believe productivity would be improved by replacing traditional, static access processes, without compromising security.
There’s no doubt that security is a huge and growing problem, attracting huge and growing budgets (i.e. spending will be up 21% year to year, compared to an IT market that will decline 5.5% to $3.5 trillion this year). By 2019 cybercrime will cost businesses over $2 trillion, almost four times the estimated cost of breaches in 2015. The litany of cybersecurity horrors includes: security compromises increased 64% in 2014; 54% of breaches remain undiscovered for months; 60% of data is stolen in hours; and, 100% of companies connect to domains that host malicious files or services.
Now we can add productivity to the mounting costs of protecting our digital ass-ets. The survey basically reinforced what everybody already knew, said Todd Peterson, Product Marketing Manager, Dell Identity Access Management. “The key thing we learned is that everything everyone expected is true. Security is a higher priority and better funded than increasing user productivity.”
IT understands that’s the way it is, and users understand that’s the way it is, and they are resigned to that, he told IT Trends & Analysis. However, the study also suggested that organizations believe they are much more secure – including further along the context-aware path – than the facts would tend to support, he added.
According to an earlier study this year from Enterprise Strategy Group, many large organizations have IAM tools for user provisioning, SSO, and identity governance, but tracking all the instantiations of user activity remains elusive. Over a quarter – 28% – of security professionals pointed to ‘user behavior activity monitoring/visibility’ as their weakest area of security monitoring, the highest percentage of all categories.
The Dell study – more than 300 business users and over 450 IT technology professionals in the United States, United Kingdom and Germany – provided ample evidence to illustrate the growing complexity of the IAM market:
-more than 90% of business respondents use multiple passwords on a daily basis;
-92% are negatively impacted when required to use additional security for remote work;
-more than half say security’s negative impact on day-to-day work has increased as a result of changes made to corporate security policies in the past 18 months; and,
-nearly 70% of IT professionals say employee workarounds to avoid IT-imposed security measures pose the greatest risk to the organization.
The survey also provides strong support for moving to a context-aware security approach, including the ability to:
-prioritize threats based on context, including types of applications targeted;
-gain visibility into the context when assessing risk;
-address changing security needs in real-time and assess threats based on potential level of harm; and,
-improve worker productivity without sacrificing security.
Peterson confirmed that more money is being spent on security, but it’s not across the board. He sees two camps, those spending proactively, trying to get ahead, and everybody else. “IAM solutions, and ours in particular are meant… to make everything easier.” That means getting things right at the very foundation, knowing who the people are, and if they are doing things they’re supposed to be doing.
There are solutions available from the big-stack IAM vendors, but they are complex, and “probably a prohibitive for a lot of people”. Dell’s approach – the fact that it can be done at the tactical level – makes it easier for smaller organizations “because you’re solving a problem that has to be solved.”
The market opportunity for context-aware security is huge, said Peterson. We are used to gauging risks in our normal lives, he said, and they’d like to handle cybersecurity with the same familiarity. “People are desperate to deal with technology in the same kind of mindset.”
Finally, kudos to John Milburn, Executive Director and GM, Identity and Access Management, Dell Security, for the (hopefully deliberate) ‘Spinal Tap’ reference in the canned quote included in the press release:
“It’s undeniable that IT staff, business professionals, and employees struggle with security. The business puts security first above employee convenience, and, right now, IT thinks it has only two options for security – turn the dial to 1 (open) or 11 (super secure). Context-aware security gives IT the ability to adjust the dial in real-time, giving users the convenience they desire without resorting to risky workarounds, and giving the security team the confidence they need to keep the organization both safe and productive.”