We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Trading off usability for more hardened cybersecurity is the price vendors have been paying for decades to reduce their customers’ breach risks. Enterprises bought into the logic, assuming the more challenging a security app or platform was to use, the more secure it was and capable of reducing risk.
Fast-forward to today and organizations now need to support work-from-home employees, a new hybrid workforce and road warriors that require secure, real-time connections from their own devices to the most valuable data a business has. The pandemic forever changed everyone’s perspective of an excellent digital employee experience.
Ivanti’s State of the Digital Employee Experience (DEX) study published this week provides insights into how enterprises move beyond trading off usability for security and what’s most important to new, more virtual workforces. From the employee’s perspective, an optimized hybrid work environment allows them to seamlessly switch between devices, whether working in the office remotely or even in transit.
Usability tradeoffs need to go
CIOs and CISOs tell VentureBeat that the worse the usability of a given cybersecurity app is, the more workarounds users will find to either not use it or find new ways to access what they need without going through authentication.
This is so common that just under half of the C-level executives interviewed (49%) have requested to bypass one or more security measures in the past year. In addition, 72% of all employees surveyed say they must deal with more security features. Only 21% of IT leaders consider usability and the user experience to be the main priority when selecting a new enterprise cybersecurity application or tool.
Other key insights from the study include the following:
- Trading off usability for more hardened cybersecurity fails. Forcing employees to go through multiple sign-ons and adhere to many authentication steps reduces overall digital employee experience satisfaction. The tighter controls on access lead to more workarounds and the potential for compromised privileged access credentials, including passwords. The worse the user experience using a secure app, the higher the probability bad actors can hack it by intercepting passwords and login data. So, it’s not surprising that 52% of C-level executives say cybersecurity is their top priority for improving digital employee experiences (DEX). Yet, 69% of employees struggle to navigate unnecessarily convoluted and complex security measures. Improving digital employee experiences doesn’t mean sacrificing security; it highlights the need for a new approach.
- Cybersecurity apps that deliver security experiences the user barely sees succeed. The study’s results taken in total make a compelling case for getting away from decades-old approaches to requiring users to use passwords and complicated authentication techniques. The best security is the type the user barely sees or notices. Cybersecurity vendors are adopting zero sign-on (ZSO) techniques that consolidate access to all workplace apps under a single login, so end-users do not have to remember multiple login credentials. They’re also relying on the Zero Trust Network Access (ZTNA), treating every identity, whether it is human or machine-based, as a new security perimeter. They combine zero sign-on in a zero-trust-based environment to protect users without forcing them into lengthy authentication sessions whenever they need to access system resources. “Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation,” said Jeff Abbott, Ivanti CEO.
- Secure-by-design is defining the future of digital employee experiences. Paralleling the development of new cybersecurity features while improving the usability of apps and platforms solves usability bottlenecks. Secure-by-design needs to accomplish the dual goals of defining next-generation cybersecurity products based on zero trust security standards while improving user experiences. As Ivanti’s study states,” IT leaders and the C-suite must focus on delivering a secure-by-design digital employee experience that prioritizes communication and visibility into digital assets and their various interdependencies and interconnections. In reality, it should not be about trying to balance the two, but about approaching them as two inseparable elements of any digital transformation.” Single-sign-on providers are also making strides in this area and they include Microsoft Azure Active Directory, Okta, OneLogin, Ping Identity, RSA SecurID Access, Salesforce Identity and Zscaler Private Access and others.
- Endpoint visibility and control is a weakness for many organizations. Only 47% of IT professionals agree that their organizations have full visibility into every device that attempts to access their networks. Supporting Ivanti’s research findings is a Cybersecurity Insiders report that found 60% of organizations are aware of fewer than 75% of the devices on their network, and only 58% of organizations say they could identify every vulnerable asset in their organization within 24 hours of a critical exploit. It’s taking enterprises an average enterprise 97 days to test and deploy patches to each endpoint. In addition, Ivanti’s study found that 32% of IT professionals use spreadsheets to track endpoint assets across their networks, a technique missing the majority of machine identities. Using spreadsheets and other manual approaches leaves the majority, if not all, machine identities unaccounted for and exposed to potential cyberattacks.
Ensuring productivity while bolstering security
The goal must be to make employees productive while securing their devices and connections to a corporate network, regardless of geographical location. It’s time to abandon the logic of trading bad usability for better security when it’s proven that this approach fails. The best security is the kind no user notices yet secures every asset on a corporate network using zero sign-on and zero-trust security.
“In the war for talent, a key differentiator for organizations is providing an exceptional and secure digital experience. We believe that organizations not prioritizing how their employees experience technology is a contributing factor for the Great Resignation,” Jeff Abbott, Ivanti CEO, said.