How to balance employee IT security policies

Hysolate announced the release of its latest enterprise security study exploring 200 enterprise IT and security leaders’ views on enterprise priorities for ensuring secure remote access to corporate resources.

The study reveals how the office-from-anywhere hybrid model of work, emerging as the COVID-19 pandemic recedes, is pushing IT and security leaders to press for changes to IT security policies to simultaneously increase employee productivity while also enhancing the organization’s ability to ward off ransomware and other external attacks.

The study illuminated a fascinating juxtaposition of dueling thoughts:

• 96% of respondents called for an expansion of IT freedom.
• 91% assert that enterprises also need to put more IT restrictions into place.

The IT security policies paradox

Stated another way, nearly every individual participant indicated that IT security policies need to be both more liberal and more constraining at the same time. While this appears to be a call to shift security approaches in opposite directions simultaneously, below the surface, the data paints a more nuanced picture:

• Very few of the 200 respondents characterized their companies’ employees as being happy with current IT security policies: only 7% think that their employees are satisfied with their corporate IT restrictions, and 93% think that employees are actively working around IT restrictions.
• The rise of the gig economy and increased reliance on contractors have elevated concerns about corporate access for non-employees: 87% of respondents overall (and as much as 100% in financial services) identified contractors as the single greatest threat vector when it comes to granting remote access to corporate resources.
• The near-total-remote-work model pressed into service during the height of the pandemic blurred the lines between work time and personal time. The effect is enduring, even as businesses are forming their return-to-office strategies: 87% of respondents said that if employees could perform personal activities on their work devices, doing so would increase productivity. Further, 79% said such IT freedom would reduce employee frustration.

“At first glance we were really surprised to see that any given respondent was calling both for more IT freedom for workers and also for more restrictive IT security,” said Hysolate CEO Marc Gaffan.

“But as we dug deeper into the data it became clear that these leaders recognize that employee satisfaction is of utmost importance — employee retention largely depends on it — and that IT plays a critical role in enabling productivity and keeping workers happy. And they also understand how crucial IT security is in preventing remote access by external parties, like contractors and others, from becoming a rogue way into the Enterprise and also tunnel for data exfiltration. Today’s enterprises need to keep both at the top of the priority list.”