Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

74% of CISOs Say Users Are Frustrated That Security Disrupts Productivity

DZone's Guide to

74% of CISOs Say Users Are Frustrated That Security Disrupts Productivity

Help desks spend days dealing with user access complaints, while legitimate work gets blocked by over-zealous security tools.

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

Bromium, Inc. has shared the findings of an independent survey showing IT security is hindering productivity and innovation across enterprises. The research revealed most security teams use a "prohibition approach" – i.e. restricting user access to websites and applications – a tactic which is hampering productivity and innovation while creating major frustration for users.  

“At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyber attacks. Security has to enable innovation by design, not act as a barrier to progress. Sadly, traditional approaches to security are leading to frustrated users, unhappy CISOs, and strained relationships between workers and IT departments – all of which stifle business development, innovation, and growth,” said Ian Pratt, President and Co-Founder of Bromium. “This is unacceptable in a world where time to market is a vital driver for business success. We need to put an end to this catch-22 between security, productivity, and innovation – things need to change.” 

The research, based on a survey of 500 CISOs from large enterprises in the US (200), UK (200), and Germany (100), is part of a wider report on the role of the end user in cybersecurity. Key findings include: 

  • 88% of enterprises prohibit users from using websites and applications due to security concerns; with 94% investing in web proxy services to restrict what users can and can’t access.

  • Unsurprisingly, these restrictions negatively impact user experience: 74% of CISOs said users have expressed frustration that security is preventing them from doing their job and 81% said that users see security as a hurdle to innovation.

  • Worryingly, security could also be impacting customer’s relationships and deals, as CISOs report that they get complaints at least twice a week that work has been held up by over-zealous security tools.

  • As a result, IT help desks are spending an average of 572 hours a year responding to user requests and complaints regarding access to websites.

All this frustration is creating an uneasy relationship between IT, security, and the user. 77% of CISOs said they feel stuck in a Catch-22; caught between letting people work freely and keeping the enterprise safe. A further 71% said that they are being made to feel like the bad guys because they have to say ‘no’ to users requesting access to restricted content.

A New Approach to Security That Brings All Sides Together

These figures suggest enterprises need a new approach to security.  With revenue, reputations and share price on the line, those who look to new approaches to security will not only protect the business but have a competitive advantage.

“The way security works today is broken. It is unacceptable that end users are making help desk requests just to download documents and access websites they need to do their job,” Pratt added. “It is also unfair that IT and security are seen as the enemy when they are simply trying to keep the organization safe. But it doesn’t need to be this way. There is a way to let end users click with confidence while keeping the organization safe. It’s called application isolation.”

Application isolation puts the activities most often targeted by cybercriminals – downloading files, using applications, browsing the internet – into micro virtual machines. When these activities are initiated, the network is protected because malware is trapped inside the container. Restrictions on users can be lifted and employees can get back to work. 

“This new approach to security transforms the relationship between the user and IT,” Pratt concluded. ”Now, instead of users calling IT to say there is a problem, they call to say they trapped some malware. Security teams congratulate the end user and then have the opportunity to extract and analyze the malware. This allows users, IT, and security to work together to gather threat intelligence that protects the business at large.”

For more information about Bromium and to view the infographic and report, please click here.

The research was conducted by researchers at Vanson Bourne. The sample of 500 was made of 175 enterprises with between 1,000 and 3,000 employees, 175 with 3,000 to 5,000 employees, and 150 with more than 5,000 employees.

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
security ,ciso ,cybersecurity ,application isolation ,appsec

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}