With the world embracing digital 2.0, protecting information has also gained importance. Enterprises cannot afford to ignore the security threats that has come to the fore with cloud, connected systems and complex devices becoming a core part of business continuity strategy. In a world where everything is going on mobile, business critical data is also everywhere roaming in the cloud ecosystem. That also means threat perception is also constantly evolving and traditional approach to information protection will not work anymore. It needs to evolve.
Security Vs. Productivity: The Paradox
Multiple research studies have suggested employees have a natural tendency to go for non-compliant behaviour. They do this to complete their primary tasks that always takes precedence over the security mechanism related additional tasks imposed by security managers. This employee behaviour is also not surprising as the additional burden only drains out their precious time and effort.
For example, when employees use multiple collaboration apps, remembering their login credentials can be a challenge. This prompts them to use weak passwords.
In the cases where the project delivery is urgent, the non-compliance to extra security measures looks even more appealing. The interesting thing is business leaders also echo the same view as of all the resources, employees are usually the most expensive one. Therefore, they would certainly want an efficient utilization of the resources. Higher productivity means higher revenue per employee.
Another point that needs to be understood is not all activities are equally vulnerable from security point of view. Activities like file sharing, data storage or transfer are more vulnerable. And, therefore, these are on the radar of security managers and they impose time-consuming protocols. The moot question is whether the risk-mitigation achieved this way is worth the productivity disruption.
The leaders suffer from same paradox. They yearn for flexibility and productivity obtained from cloud-enabled digital transformation; at the same time, they cannot ignore the urgency for information protection considering the vulnerable nature of the cloud ecosystem.
Solving the Paradox
The question is how to solve this ‘Security vs. Productivity’ paradox. The answer lies in creating a culture where security does not come as an additional burden but becomes a part of the organizations’ DNA. It is possible when information protection applies automatically. For example, if every employee in the organization knows where critical data resides and they instantly receive an alert on policy violation; managing security compliance will not be difficult.
A good way to do this can be applying sensitivity labelling based on the importance of different data. For example, if you apply ‘Confidential’ label to an email or doc and it is automatically end-to-end encrypted, the problem is sorted to a great extent. However, users should have complete freedom in deciding where to apply sensitivity labels. A full-spectrum solution like Microsoft 365 offers 360-degree built-in security along the entire Data Lifecycle Management cycle starting from data creation, data storage, archiving to deletion, without creating any obstacle in using its powerful productivity tools.
On a final note, the entire debate between Security Vs. Productivity is misplaced. The IT should be an enabler, not a hindrance. With right tools, it could be ‘Secure Productivity’.