The top priority of most organizations — cybersecurity — is hindering productivity and innovation, according to a recent report by Silicon Valley-based virtualization firm Bromium.
Based on a survey of 500 chief information security officers in large organizations in the U.S., U.K. and Germany, 74 percent of respondents said end users were frustrated by how security requirements disrupt operations.
“Our research found, on average, an organization gets complaints from users twice a week saying that legitimate work activity is being blocked or rejected by over-zealous security systems,” the report reads.
Citing that most — 88 percent — of organizations use a prohibition approach to cybersecurity, the firm suggests “a new approach” that allows more technological innovation within the organization.
“The way security works today is broken,” said Ian Pratt, Bromium’s president and co-founder. “It is unacceptable that end users are making help desk requests just to download documents and access websites they need to do their job.”
Of those surveyed, 81 percent said they viewed security as a hurdle to innovation, according to the report published earlier this month. While a Bromium spokesperson was unable to confirm whether the study included government respondents, the results are similar to those found in National Association of State Chief Information Officers research, which indicates that adoption of new technologies is frequently stymied not only by aging infrastructure, but a new technology’s perceived security risk.
In government, the top three priorities of CIOs as named by NASCIO — security, consolidation/optimization and cloud services — pose a paradox, as leaders attempt to improve the quality of one area without compromising another.
According to IDC, 70 percent of security threats originate from the end point and according to Bromium, 99 percent of CISOs believe users are the “last line of defense” against hackers. Bromium’s researchers suggest shifting the security approach away from a model in which user access is heavily limited to a virtualized application isolation environment in which users can do less damage to the organization if they accidentally open a malicious email attachment.
The full study can be found here.