Security solutions have great potential to improve organizational efficiency, but also to hinder day-to-day operations, limit access to information and impede employee output. As tech investments grow across industries, productivity concerns can be neglected, or worse, completely ignored.
It’s easy to see how these “pitfalls of productivity” can become a reality. IT security is a top priority, and protecting data and networks requires significant resources and technology investments. Companies evaluate security solutions against a host of requirements, but at the end of the day, users need to be able to do their jobs. If not chosen with productivity in mind, a new technology may completely backfire, costing an organization both time and money.
It falls to IT to ensure that the organization is striking the right balance between productivity and security. Part of this is working directly with end-users to make the most of technology implementations, from accessibility factors to individual or group training needs. But it’s also important that productivity considerations be included in security decisions from the outset.
A good cybersecurity strategy should consider the people and processes it impacts as much as the protection it provides. Historically, security best practices have focused on restricting and blocking access to sensitive data and systems to reduce the threat of a breach. While good in theory, in practice this often impedes employees’ ability to do their jobs, resulting in lost productivity or even workarounds that undermine the security mandate.
No single technology or procedure can completely protect the entire organization. However, with the right combination of solutions, companies can achieve this duality of productivity and security. Technologies that allow for strong privileged access controls combined with solutions to manage the risk of shared credentials and privileged passwords are essential for success.
Privileged access generally refers to IT administrators or third-parties who have elevated or admin-level access to systems. It’s not uncommon for privileged credentials to be shared and rarely changed because the insiders and vendors who hold them are considered trusted. However, one need look no further than many of the most recent cyber breaches to see the damage that can result from trusting people with too much information. In addition, privileged credentials are a common target for attackers because they’re seen as the “keys to the kingdom” within a larger network. Through phishing scams and other methods, hackers attempt to gain access to these accounts and from there use the credentials to wreak significant damage.
Eliminating or significantly restricting privileged access is not the answer. Employees and external partners alike need efficient access to conduct daily operations and keep the business running. Rather, companies should implement solutions that eliminate the threat vectors associated with privileged access but still enable these users to do their jobs.
When managed properly, privileged credentials can foster increased productivity while simultaneously addressing security concerns. For example, a privileged access management, or PAM, solution provides vendors with immediate access to the systems they need without requiring them to log into a VPN. This eliminates unfettered VPN access to the entire network, while also enabling the vendor to complete the job more efficiently.
With some PAM solutions, it’s possible to take productivity to the next level by implementing credential injection, which allows users to inject a privileged username and password directly from a password manager or vault into an end system. This significantly reduces the risks that commonly arise from shared privileged credentials. Instead of having to memorize or search through a long list of admin passwords, or use a password vault that impacts daily workflows, privileged users can connect to endpoints with just one click without ever seeing the credential or having it pass through their system.
Privileged access management is just one example of how companies can implement security solutions that also consider the productivity demands of their users—both internal and external. As new technology investments are evaluated, it’s critical that decision makers replicate this approach and seek input from the individuals who will be impacted by the implementation. Many people don’t like change, especially when it has the potential to threaten productivity. However, the right security strategy doesn’t have to impede activity or require an inconvenient workaround. In fact, if mindfully, security tools can enhance workflow, operations and revenue, and above all, ensure safety and set the organization up for future success.
[su_box title=”About Sam Elliott” style=”noise” box_color=”#336588″][short_info id=’101975′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.