Improving digital employee experiences should start with cybersecurity

Trading usability for more toughened cybersecurity is the price vendors have paid for decades to reduce their customers’ breach risks. Enterprises accepted the logic, assuming that the more challenging a security app or platform was to use, the more secure it was and able to mitigate risk.

Fast-forward to today and organizations must now support work-from-home workers, a new hybrid workforce and road warriors who need secure, real-time connections from their own devices to the most valuable data a company has. The pandemic has forever changed everyone’s perspective on a great digital employee experience.

Ivanti’s State of the Digital Employee Experience (DEX) research published this week provides insight into how companies are moving beyond trading usability for security and what matters most to a new, more virtual workforce. From the employee’s perspective, an optimized hybrid work environment allows them to seamlessly switch between devices, whether they’re working remotely in the office or even on the go.

The compromises in usability must disappear

CIOs and CISOs tell VentureBeat that the worse the usability of a given cybersecurity app, the more solutions users will find for not using the app or finding new ways to access what they need without authentication.

This is so common that just under half of the C-level executives interviewed (49%) have requested that one or more security measures be circumvented in the past year. In addition, 72% of all employees surveyed say they are dealing with more security features. Only 21% of IT leaders consider usability and user experience the top priority when selecting a new business cybersecurity application or tool.

Other key insights from the research include:

• Trading usability for more hardened cybersecurity fails. Forcing employees to make multiple logins and adhere to many authentication steps reduces overall satisfaction with the digital employee experience. The tighter controls on access lead to more workarounds and the potential for compromised privileged access credentials, including passwords. The worse the user experience when using a secure app, the greater the chance that malicious parties can hack it by intercepting passwords and credentials. So it’s not surprising that 52% of C-level executives say that cybersecurity is their top priority for improving the digital employee experiences (DEX). Still, 69% of employees have trouble navigating unnecessarily complicated and complex security measures. Improving digital employee experiences doesn’t mean sacrificing security; it emphasizes the need for a new approach.

• Cybersecurity apps that deliver security experiences that the user hardly sees succeeding. The results of the study provide a compelling case for moving away from decades-old approaches to forcing users to use passwords and complicated authentication techniques. The best protection is the type that the user barely sees or notices. Cybersecurity vendors adopt zero sign-on (ZSO) techniques that consolidate access to all workplace apps under a single login, so end users don’t have to remember multiple credentials. They also rely on the Zero Trust Network Access (ZTNA), where any identity, whether human or machine-based, is treated as a new security perimeter. They combine zero sign-on in a zero trust-based environment to protect users without forcing them into lengthy authentication sessions when they need to access system resources. “Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation,” said Jeff Abbott, Ivanti CEO.

• Secure-by-design is shaping the future of digital employee experiences. By paralleling the development of new cybersecurity features while improving the usability of apps and platforms, usability bottlenecks are solved. Secure-by-design should achieve the dual goals of defining next-generation cybersecurity products based on zero trust security standards while improving user experiences. As Ivanti’s study indicates, IT leaders and the C-suite should focus on delivering a secure digital employee experience that prioritizes communication and insight into digital assets and their various interdependencies and interconnections. In reality, it shouldn’t be about trying to balance the two, but approaching them as two inseparable elements of any digital transformation.” Single-sign-on providers are also making strides in this area, including Microsoft Azure Active Directory, Okta, OneLogin, Ping Identity, RSA SecurID Access, Salesforce Identity and Zscaler Private Access, among others.

• Endpoint visibility and control is a weakness for many organizations. Only 47% of IT professionals agree that their organizations have complete visibility into every device attempting to access their networks. Ivanti’s research findings are supported by a Cybersecurity Insiders report showing that 60% of organizations are aware of less than 75% of the devices on their network, and only 58% of organizations say they own every single vulnerability in their organization. Being able to identify 24 hours after an attack. critical exploit. It takes enterprises an average of 97 days to test and deploy patches on each endpoint. In addition, Ivanti’s research found that 32% of IT professionals use spreadsheets to track endpoint assets in their networks, a technique most machine identities lack. Using spreadsheets and other manual approaches leaves most, if not all, machine identities unknown and exposed to potential cyber-attacks.

Ensure productivity while strengthening security

The goal should be to make employees productive while securing their devices and connections to a corporate network, regardless of geographic location. It’s time to move away from the logic of trading poor usability for better security when this approach is proven to fail. The best security is the kind that no user notices and yet secures all assets on a corporate network with zero sign-on and zero-trust security.

“In the war for talent, providing an exceptional and secure digital experience is a key differentiator for organizations. We believe that organizations that don’t prioritize how their employees experience technology is a contributing factor to the Great Resignation,” said Jeff Abbott, CEO of Ivanti.