Navigating the polarised opposites of security and freedom is not easy.This is further compounded when IT departments are under pressure to bring new systems to market that will provide their organisations with a competitive edge.
So many times, I have seen security become an afterthought, rather than being an integral part of a design from the outset. Good security design is not always visible and therefore often not very well understood by the c-suite, who pile on the pressure to release systems or improve user freedom.
Poorly implemented security will come to the forefront when (not if) a breach occurs. At that point, the pressure applied to release a system will quickly be forgotten about! To make matters worse, many IT professionals have a limited understanding of security. This lack of understanding often comes from the perception of security not being very “sexy”, or worse, an unwanted headache.
There is then a risk that poor endpoint security may reduce your ability to respond to ever-changing business needs. When least privilege security inhibits flexibility or the speed at which IT can respond, it will result in a failed project. So, where security is not an absolute necessity, I have seen that it is regularly omitted for an easy life.
This is where balance is crucial. Securing IT systems to provide business continuity must be balanced with the ability to innovate. Organisations that move slowly will lose out to the competition, as IT systems play a key role in an organisation’s agility. However, this is not an excuse for poor security design.
Balancing the user experience with security requirements is critical to ensure that the security solution does not impact the end user’s ability to do their job.
These balancing acts come down to planning. Lean on the experts and make sure that user role requirements, workstyles, exception handling and communication are all covered.
To build security into a system from the outset, it should be part of your design requirements and not an afterthought... that’s the only way it will be a success.
For more information on security implementations check out my book, The Endpoint Security Paradox, available now on Amazon.
