Security Professionals and End Users Don’t See Eye to Eye

Sue Marquette Poremba
Slide Show

Harsh Security Standards May Lead to More Security Breaches

Now that the government is open for business again, federal employees will be back on their computers and the mobile devices they weren’t allowed to touch during the shutdown. This is the perfect time to discuss a new survey from MeriTalk and underwritten by Akamai Technologies, Inc.

This survey wins for the best-named survey: “Cyber Security Experience:  Cyber Security Pros from Mars; Users from Mercury.” The report compares what cyber security professionals say about the security within federal agencies with what the end-user employees actually experience. The results show that cyber security is a two-way street; security professionals can’t simply lay down the cyberlaws without taking the user experience into account. If they do, the user will find ways to circumvent security. FWC.com explained:

[T]he study finds 31 percent of federal employee end-users use some form of security work-around at least weekly, and nearly 20 percent of feds have failed to complete a work assignment because of existing security measures. Feds reported being most frustrated by simple tasks like surfing the web and downloading files, the same two tasks that cybersecurity professionals said most frequently produced security breaches through external attacks like phishing and malware.


Bottom line, what the end user wants is user-friendly security measures, while the security professionals are focused on making sure the networks are protected. However, the study shows that the less user-friendly the security is, the less effective it is. This compliance breakdown results in more breaches and other security problems.

As Tom Ruff, vice president public sector, Akamai, stated in a release:

More security rules, more security tasks, and more security delays have done little to drive more user buy-in for cyber security. Without question, Federal cyber security pros have a tough job, but they must start working with end users as partners instead of adversaries.  It is a team game, and better support for users will deliver better results for security.

I think this study is incredibly insightful. Perhaps employees are better educated about security concerns than we give them credit for, and the problem is that they don’t like how security makes their job harder. I don’t think that is an excuse for employees to skip over security. Rather, there should be dialogue between security professionals and end users when it comes to security practices. Network security is most effective when everyone works together.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date