Businesses Choose Productivity over Cybersecurity New Research Reveals
Despite recent global attacks, internal pressure to limit security puts pressure on IT teams
CUPERTINO, Calif. Bromium®, Inc., the pioneer and leader in virtualization-based enterprise security that stops advanced malware attacks, today released results of a survey of 175 security professionals conducted at this year’s InfoSecurity Europe, which found that IT security is often deprioritized when it interferes with employee productivity.
Key results of the survey show that:
- 94% of security professionals say users are more concerned with getting their jobs done than worrying about security
- 64% of security professionals admit to modifying security to allow employees more freedom to get their work done because of a request from leadership
- 40% of security professionals admit to turning security off to accommodate a request from another part of the organisation
“While it isn’t a shock that users prioritise productivity and convenience over security, we’ve always assumed that IT security teams set the agenda when it comes to protecting IP, customer data and the network. But the results from this survey make it clear they are often overruled and executive leadership may not be aware given these competing priorities,” said Bromium co-founder, Ian Pratt. “This should not be the case. Security teams shouldn’t be put in this position. Security is in place to protect an organization’s most valuable assets. Having to negotiate over when it is applied puts a company at significant risk.”
The survey of 175 security professionals also revealed that more than 55% of respondents would remove security if they could keep the organisation safe from user-introduced threats. If they had a wish list of the technologies they could remove, 32% said they would start with web proxy services and products that restrict users access. Moreover, security professionals feel that when it comes to cybersecurity, user education is futile. More than 42% admit end users are educated about how to prevent data breaches, yet their behaviour is often the cause of a breach.
“Security should be invisible, not an obstacle. But so much of today’s security technology inhibits productivity and hinders innovation. Putting the onus on employees simply doesn’t work – they should be able to click with confidence,” Ian Pratt continued. “An organization’s greatest assets are its intellectual property and its employees. The idea that business leaders are being forced to choose between productivity and security is frankly ridiculous. We need to do better as a community of security vendors.”
Approaching security differently, with virtually no impact on productivity, is what’s needed to repair this schism. CPU-enforced micro-virtualization isolates applications, email downloads, files and web browsing providing friction-free security. Employees can work as usual – opening email attachments, clicking on links, and visiting websites – without fear of compromise.
Virtualization-based security with application isolation works silently and unobtrusively protecting each activity. It can even be used to allow the malware to run because it can’t get out of the micro-VM, and provides real-time introspection and threat intelligence. This way security doesn’t impact the user experience or their productivity, meaning there is no need to ‘turn it off’ when it becomes inconvenient. It allows teams get back to work – improving productivity because security is no longer a barrier to innovation.