It’s the eternal struggle between workers and IT managers: employees want to have access to certain systems and applications that will make their jobs easier but IT managers, in a bid to protect their organisations from external security threats, will not allow it. While it is understandable that IT professionals want to lock down their environments as the threat landscape evolves, protecting the organisation shouldn’t make lives difficult for end-users, argues Microsoft.
“Security is by far the number one concern of every organisation in the world,” Microsoft corporate vice-president for enterprise mobility Brad Anderson said. “Just about every day we read about organisations with security breaches. Organisations are struggling to figure out how to address these attacks.”
Cloud has complicated IT security as it has changed the perimeter of protection. While it used be as simple as putting everything behind a firewall, the cloud has expanded the surface area for attackers to play with. But this doesn’t mean IT managers should lock down their environments to the point that it impacts the productivity of end-users, Anderson said.
“We need to balance empowerment with security and protection – as IT professionals it’s what we do every day,” he said. “We have responsibilities to users and the corporation in terms of security, reliability and protection.
“As an industry, we’ve been doing it wrong and hiding behind security to justify delivering a bad user experience.”
Anderson stressed the importance of identity management in protecting enterprises from internal and external threats.
“Seventy-five per cent of the time the root of an attack is caused by weak or stolen credentials,” he said. “Identity is the new perimeter. It is the one thing that is common across any device and across any operating system.”
Spandas Lui travelled as a guest of Microsoft to Ignite 2015
Comments
3 responses to “Microsoft: You Can’t Sacrifice The User Experience For Security”
You can add as much security as you want but it’s really hard to fire stupid people. Microsoft ringing them at home about a virus on their computer. Clicking random attachments in their email. Being unable to work because their computer took too long to start up for some important task because updates were deferred past their deadline and built up. I wonder what is on this USB stick.
And on and on and on.
Companies should adopt security tiers rather than a lowest common denominator approach that just assumes everybody is a moron. If you prove that you take security seriously then your company should trust you by giving you less restrictions which in turn allows you to be more productive. If you stuff up, it’s back to square 1 and if you stay at square 1 for too long and don’t move up the productivity chain then the obvious question becomes, “Why are we employing you?”
Making individuals accountable for security and understanding security will have a positive outcome on the bottom line.
An interesting read there. Security should be prioritized, no doubt in that. However, user experience should be considered as a priority as well. Following up on this, I came across and registered for a webinar on “UI/UX best practices in CMS based web design” and gain insights on various practices, processes and design strategies to create and deliver a rich and exceptional UI/UX for your CMS based website.