Common access management processes limit employee productivity and often force employees to find workarounds that expose organizations to greater risk, according to a survey of 460 IT professionals and 301 full-time business users who use computers or mobile devices to do their work.
The Dell survey of IT pros and business users working at companies with more than 1,000 employees in the U.S., U.K. and Germany also found nearly all (91 percent) of business respondents reported that their productivity is negatively impacted by security measures their employer has put in place.
However, if a business were to implement a context-aware security approach, replacing traditional, static access processes, 97 percent of IT professionals say they would see the benefits, including improved worker productivity without compromised security.
"The most surprising thing about the survey was how unsurprising the results were. We have long suspected that there is a struggle between security and productivity and at the organizational level, security wins, but at the operational level regular end users will find a way around security measures that they see as impeding their ability to do their jobs well," Bill Evans, senior director of product marketing at Dell, told eWEEK. "The fact that both constituencies (IT and end users) admit it and feel that it’s just the way it is was a little more forthcoming than we might have expected."
Evans noted that in larger, more complex organizations there are more and a wider variety of things that must be secured and a larger population of users that will try to find a way around security, but the issues are relevant regardless of the size of the business.
More than 90 percent of business respondents use multiple passwords on a daily basis, and 92 percent of business respondents are negatively impacted when required to use additional security for remote work, the survey revealed.
Virtually all (97 percent) of IT professionals see the benefits in context-aware security, such as the ability to prioritize threats based on context, including types of applications targeted, while 93 percent of IT pros said that a lack of context-aware security causes challenges that include difficulty in quickly addressing changing security needs.
When looking at the changes made to security in their corporate environment in the past 18 months, more than half of respondents said security has had a greater day-to-day impact on their work, and 87 percent said that their corporation prioritizes high corporate security standards over employee convenience.
More than 60 percent of respondents indicated that lack of awareness (of the need or just a lack of knowledgeable people) is the greatest barrier to delivering a context-aware security practice in their organization.