Bromium, Inc.,
the pioneer and leader in virtualization-based enterprise security that
stops advanced malware attacks, today released results of a survey of
175 security professionals conducted at this year's Infosecurity Europe,
which found that IT security is often deprioritized when it interferes
with employee productivity.
Key results of the survey show that:
- 94 percent of security professionals say users are more concerned with getting their jobs done than worrying about security
- 64
percent of security professionals admit to modifying security to allow
employees more freedom to get their work done because of a request from
leadership
- 40 percent of security professionals admit to turning
security off to accommodate a request from another part of the
organization
"While it isn't a shock that users prioritize
productivity and convenience over security, we've always assumed that
IT security teams set the agenda when it comes to protecting IP,
customer data and the network. But the results from this survey make it
clear they are often overruled and executive leadership may not be aware
given these competing priorities," said Ian Pratt, co-founder and
president of Bromium. "This should not be the case. Security teams
shouldn't be put in this position. Security is in place to protect an
organization's most valuable assets. Having to negotiate over when it is
applied puts a company at significant risk."
The survey also
revealed that more than 55 percent of respondents would remove security
if they could keep the organization safe from user-introduced threats.
If they had a wish list of the technologies they could remove, 32
percent said they would start with web proxy services and products that
restrict users' access. Moreover, security professionals feel that when
it comes to cybersecurity, user education is futile. More than 42
percent admit end users are educated about how to prevent data breaches,
yet their behavior is often the cause of a breach.
"Security
should be invisible, not an obstacle. But so much of today's security
technology inhibits productivity and hinders innovation. Putting the
onus on employees simply doesn't work - they should be able to click
with confidence," Pratt continued. "An organization's greatest assets
are its intellectual property and its employees. The idea that business
leaders are being forced to choose between productivity and security is
frankly ridiculous. We need to do better as a community of security
vendors."
Approaching security differently, with virtually no
impact on productivity, is what's needed to repair this schism.
CPU-enforced micro-virtualization isolates applications, email
downloads, files and web browsing, providing friction-free security.
Employees can work as usual - opening email attachments, clicking on
links, and visiting websites - without fear of compromise.
Virtualization-based
security with application isolation works silently and unobtrusively,
protecting each activity. It can even be used to allow the malware to
run because it can't get out of the micro-VM, and provides real-time
introspection and threat intelligence. This way security doesn't impact
the user experience or their productivity, meaning there is no need to
"turn it off" when it becomes inconvenient. It allows teams get back to
work - improving productivity because security is no longer a barrier to
innovation.
View the full infographic on this study here: https://www.bromium.com/sites/default/files/brom_infosecurity_infog_final.pdf