Working Remotely: Balanced Productivity and Security
According to a survey conducted by CIO in 2020 as regards the effects of the COVID-19 pandemic, it was revealed that organizations plan to adopt the remote work structure permanently. In light of this, accessing data remotely has to be backed by policies so there are little or negative impacts on productivity.
IDG’s community is one filled with influencers of the tech space – technology experts, industry analysts, IT professionals. The community was asked what steps organizations should take to balance secure data access with increased productivity.
The members firstly agreed that it must be quite a challenging task. Then Larry Larmeu, Accenture’s Service Transformation leader made a quick reminder that although users want to carry out their operations securely, updates must be made in such a way that gets the job done with no trade-offs. He then went on to say that imposing prohibitive policies that secure networks by restricting untrusted methods only result in users seeking creative hacks and workarounds. And this often leads to data breaches as a result of unsecured third-party individuals having corporate data in their possession.
“Access” is key in security and productivity
IDG’s experts believe that the first step in creating a balance between user productivity and security is defining access and data. The Community Head at CTO.ai, Tristan Pollock, says it’s important that companies should recognize their digital assets and make a list of them. Then, define a restriction for the people who have access to this information. That is, only authorized people should have access to it. Even a CIO shouldn’t have access to production space as there’s nothing they have to offer in that department. However, this could be subject to perspective as employees may believe they need access to everything there is to know about.
Jack Gold talks in a similar tone saying policies should be created as regards accessing data. Jack is the Founder and Principal Analyst of J.Gold Associates. He centers his balance between productivity and security around policies that keep control of who has access to the data. This is similar to what Pollock said. Jack went on to say that it is not advisable to restrict access completely because that restricts staff from insightful data.
Gene De Libero is the Chief Strategy Officer for GeekHive. Gene agrees with his colleagues saying that there have been cases where strict policies alongside inadequately controlled systems for the management of data and company networks were the causes of a company’s decline in staff productivity.
Ben Rothke is the Senior Information Security Strategist for Tapad, agreeing with his colleagues too. He likened data access management to an instance of a bank customer with $100,000. This customer cannot out of the blue, come to request a cash sum of $100,000. Prior notice must be made and so should happen in terms of data access. This makes for better security, says Ben.
However, this must be done in a way that doesn’t hinder growth. Isaac Sacolick, StarCIO’s President and author of Driving Digital says it is better to have people in charge of the data. These people then define usage guidelines, compliance requirements, authorization, data security policies, and any other sovereignty, regulatory, or data privacy concerns.
Use of technology and strategy for data access
IDG experts advise that security and IT teams do the following once data access has policies and definitions that manage it:
Merge them into one compound data strategy and use up-to-date tools in maintaining them. Mike Kail believes that security should be involved in the creation of digital assets and their maintenance. The IT Director at Palo Alto Strategy Group went on to say that security only poses threats to productivity when it is scheduled and periodic.
In terms of tools to be used, an effective Data Management System is of top priority. De Libero says that having a strategy for providing compliance and security is incomplete without an effective DAM system. It fosters improved workflow, collaboration, and ultimately boosts productivity. Gold agrees to this, emphasizing that a good DAM system has the capabilities to enforce data policies, and should be integrated into any strategy.
In addition to having an effective DAM system, the company must proffer solutions that make it easy for members of staff to access necessary data. While doing so, IT and security teams can take select measures. An example of this is the adoption of multi-factor authentication processes. It’s basically all about giving IT and security teams the ability to manage data access with ease, though Wilczek believes that data access management is best based on machine learning and AI. He says that this eliminates the human error problem and traffic pattern anomalies can be noticed quicker.
Kayne McGladrey seconds this, citing Microsoft 365 as an example. The platform gives room for unstructured data to be labeled and classified, but also allows the employee to justify the access request should the automation face any difficulties. This allows businesses to ensure that policies are being followed and data isn’t being lost. The bottom line is, whatever approach a company takes to balancing productivity and security can work out as long as the right tools are made available.
Based on this article by Tristan Pollock.