The Big Fight: IT vs end-user

The always insightful Ron Miller said this about mobile device security at CiteWorld -

So how do companies secure that content and ensure that outsiders can’t gain entry to the work-related content on your phone? That would mean securing the apps themselves and you can see that would involve a comprehensive strategy that moves beyond the device.

Read full article here 

As Ron points out, chaining mobile devices with an intrusive security solution may seem to simple IT, end-users do not take kindly to such a rigid approach, especially when it is their own personal device being subject to restrictions. His article explores solutions which solve this problem in a more elegant manner, allowing IT to avoid antagonizing end-users.

Our earlier article on Shadow IT and the risk of data loss (read here) talks about the fundamental gap between the end-user and the IT department, and the risks that gap creates for your organization. End-users are eternally focused on ease of use, convenience and getting the job done, while IT is mandated to ensure that the organization doesn’t lose out in any way through the power given to an end-user.

We at CipherGraph firmly believe that the IT department in an organization is a pro-productivity department put in place to enable end-users to find it very easy to perform their job functions without being restricted by technological barriers or barriers that technology can help them transcend. At the same time, we appreciate the herculean uphill struggle that IT faces trying to manage a plethora of devices, operating systems, networks, hardware, servers, cloud resources, applications…it is a never-ending array of technology that they have to be able to administer. Not only do they have mandate to enable end-users, they also are mandated to enforce corporate policy. If a data breach occurs, they are the ones to face the brunt of the crisis and the aftermath. Naturally this makes them conservative and inclined to take choices which do not put them at risk (The ‘Nobody gets fired for buying ABC’ syndrome).

What can IT do?

Enlightened IT departments can change this backward-looking approach and adopt a new proactive approach which allows them to build a new way to administer the technological resources of the organization without compromising on end-user happiness. Our simple recipe involves -

  1. Work with vendors who give you simple, non intrusive, minimal disruption solutions (e.g perimeter security rather than controlling every application/endpoint)
  2. Treat yourselves as end-users and live the end-user experience, to understand which restrictions are acceptable and which just chain end-users
  3. Bring unregulated deployments, devices, and technologies into the fold by making them legal to use, with simple policy controls to be enforced
  4. Ensure that your corporate IT policy, particularly security policy is unified across datacenter and cloud

Where does the buck stop?

This cannot happen without management support, so the call is for CXOs and executives of the organization to enter a new constructive dialogue with their IT to get them to feel comfortable embracing this new paradigm. As the elegance and sophistication of security solutions grows, we believe that every single one of those 4 points can be implemented without compromising on the security of your organization or its exposure to data theft.

How can CipherGraph help?

We believe our solution helps you with points 1, 3, and 4 above – the right solution, allows legalization of unregulated shadow IT, and enables a unified corporate security policy across datacenter and cloud, with a special focus on remote access / branch office access.

 

Engage with us to learn more about how we can help your organization embrace an approach that empowers end users without making life harder for your IT – email us at info@ciphergraph.com today!