It’s the eternal struggle between workers and IT managers: employees want to have access to certain systems and applications that will make their jobs easier but IT managers, in a bid to protect their organisations from external security threats, will not allow it. While it is understandable that IT professionals want to lock down their environments as the threat landscape evolves, protecting the organisation shouldn’t make lives difficult for end-users, argues Microsoft.
“Security is by far the number one concern of every organisation in the world,” Microsoft corporate vice-president for enterprise mobility Brad Anderson said. “Just about every day we read about organisations with security breaches. Organisations are struggling to figure out how to address these attacks.”
Cloud has complicated IT security as it has changed the perimeter of protection. While it used be as simple as putting everything behind a firewall, the cloud has expanded the surface area for attackers to play with. But this doesn’t mean IT managers should lock down their environments to the point that it impacts the productivity of end-users, Anderson said.
“We need to balance empowerment with security and protection – as IT professionals it’s what we do every day,” he said. “We have responsibilities to users and the corporation in terms of security, reliability and protection.
“As an industry, we’ve been doing it wrong and hiding behind security to justify delivering a bad user experience.”
Anderson stressed the importance of identity management in protecting enterprises from internal and external threats.
“Seventy-five per cent of the time the root of an attack is caused by weak or stolen credentials,” he said. “Identity is the new perimeter. It is the one thing that is common across any device and across any operating system.”
Spandas Lui travelled as a guest of Microsoft to Ignite 2015