81% of CISOs Say User Security Hampers Innovation
Most CISOs feel that IT security is hindering productivity and innovation across the enterprise.
Research from Bromium, based on a survey of 500 CISOs from large enterprises in the US (200), UK (200) and Germany (100), has found that most security teams utilize a ‘prohibition approach’—i.e. restricting user access to websites and applications.
In fact, 88% of enterprises prohibit users from using websites and applications due to security concerns; and 94% have invested in web proxy services to restrict what users can and can’t access.
Unfortunately, these restrictions negatively impact user experience, according to respondents: About three-quarters (74%) of CISOs said users have expressed frustration that security is preventing them from doing their job, and 81% said that users see security as a hurdle to innovation.
The findings also indicate that security could impact customer relationships and brand identity, as CISOs report that they get complaints at least twice a week that work has been held up by over-zealous security tools. Across the respondents, IT help desks are spending an average of 572 hours a year responding to user requests and complaints regarding access to websites.
All this frustration is creating an uneasy relationship between IT, security and the user. About three-quarters (77%) of CISOs said they feel stuck in a catch-22, caught between letting people work freely and keeping the enterprise safe. A further 71% said that they are being made to feel like the bad guys, because they have to say ‘no’ to users requesting access to restricted content.
“At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyber-attacks,” said Ian Pratt, president and co-founder of Bromium. “Security has to enable innovation by design, not act as a barrier to progress. Sadly, traditional approaches to security are leading to frustrated users, unhappy CISOs and strained relationships between workers and IT departments—all of which stifles business development, innovation and growth.”
Source: Information Security Magazine