Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/9/2015
02:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Dell Finds Context-Aware Security Increases Employee Productivity

Findings show many of today's traditional security policies result in too many passwords, access protocols and employee workarounds that expose the business to risk

ROUND ROCK, Texas, Sept. 9, 2015 – Dell today announced the results of a global security survey uncovering how common access management processes limit employee productivity and often force employees to find workarounds that expose organizations to greater risk. In fact, 91 percent of business respondents reported that their productivity is negatively impacted by security measures their employer has put in place. However, if a business were to implement a context-aware security approach, replacing traditional, static access processes, 97 percent of IT professionals say they would see the benefits, including improved worker productivity without compromised security.

Context-aware security replaces static access processes with an approach that evaluates the context surrounding each access request, and adapts security requirements accordingly, delivering the level of security the business needs in real time based on an ever-changing threat landscape. While nearly 100 percent of IT professionals surveyed recognize the benefits a context-aware security approach would bring, only 28 percent said their organizations have fully embraced this approach. More than 60 percent indicated that lack of awareness about context-aware security is the greatest barrier to adopting it in their organization.

Additional notable survey findings:

•       More than 90 percent of business respondents use multiple passwords on a daily basis

•       92 percent of business respondents are negatively impacted when required to use additional security for remote work

•       When looking at changes made to corporate security policies in the past 18 months, more than half of business respondents say security’s negative impact on day-to-day work has increased

•       Nearly 70 percent of IT professionals say employee workarounds to avoid IT-imposed security measures pose the greatest risk to the organization

•       97 percent of IT professionals see the benefits in context-aware security, including:

o    The ability to prioritize threats based on context, including types of applications targeted

o    The ability to gain visibility into the context when assessing risk

o    The ability to address changing security needs in real-time and assess threats based on potential level of harm

o    The ability to improve worker productivity without sacrificing security

•       93 percent of IT professionals said that a lack of context-aware security causes challenges that include:

  • Difficulty in quickly addressing changing security needs
  • Non-standard access needs that require IT intervention
  • Unnecessary impact on employee productivity
  • Inability to analyze how/why restrictions are managed to improve worker productivity

Organizations can successfully balance the right level of security and employee productivity with a context-aware security approach

Traditional security approaches address point-in-time risk with security implemented in silos. Separate passwords for everything – layered with multifactor authentication – plus separate security measures for remote workers, BYOD, and protection against outside threats result in poorly implemented security that obstructs productivity and exposes the business to risk from employee workarounds. Security doesn’t have to trump employee productivity. A context-aware approach alleviates mismanagement of access issues by focusing on the context of the access request to ensure access is appropriate in real-time. IT gains the ability to automate and “step-up” to multifactor authentication when the context dictates for an informed, priority-based decision specific to the situation. In addition, multiple passwords (or authentication actions) can be unified to present the user with a seamless access experience that maintains all the security that business and IT demand without negatively impacting employee productivity. Implementing a context-aware security approach helps businesses change security from a productivity barrier to a business enabler.

Supporting quote:

“It’s undeniable that IT staff, business professionals, and employees struggle with security. The business puts security first above employee convenience, and, right now, IT thinks it has only two options for security – turn the dial to 1 (open) or 11 (super secure). Context-aware security gives IT the ability to adjust the dial in real-time, giving users the convenience they desire without resorting to risky workarounds, and giving the security team the confidence they need to keep the organization both safe and productive.” – John Milburn, executive director and general manager, Identity and Access Management, Dell Security

About the Survey:

The Dell-commissioned survey by Dimensional Research captured hard data about how organizations’ current security measures effect employee productivity and the use of context-aware security. The survey of more than 300 business users and over 450 IT technology professionals was conducted across the United States, United Kingdom and Germany.

Supporting Resources:

About Dell

Dell Inc. listens to customers and delivers innovative technology and services that give them the power to do more. For more information, visit www.dell.com.

Dell World

Join us Oct. 20-22 at Dell World 2015, Dell’s flagship event bringing together technology and business professionals to network, share ideas and help co-create a better future. Learn more at www.dellworld.com and follow #DellWorld on Twitter.

 Tweet This: [email protected]_IAM context-aware security approach ensures the security for businesses w/out limiting employee productivity: http://dell.to/1Li6Sgz

 

###

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.