Will Teevan, CEO, Recast Software on balancing employee experience with security.
If IT security were a rock and business productivity were a hard place, the typical remote employee today would be caught in the middle – which is bad for employees and companies alike.
Here’s why: On the one hand, businesses want remote workers to be productive, which requires them to be able to install and run whichever digital tools they need to excel at their jobs. But on the other hand, businesses want to minimize security risks for the IT systems that power remote workers’ productivity.
Unfortunately, this isn’t always an easy circle to square. Too often, remote employee productivity – not to mention the employee experience of remote workers – comes at the expense of IT security, or vice versa.
The good news is that it’s possible to strike a healthy balance between productivity and security. But doing so requires businesses to deploy tools and processes that many have not traditionally had in place.
Allow me to explain by discussing why it can be challenging to balance productivity and security and what IT organizations can do to ensure that productivity and a positive remote work experience don’t become casualties of IT security.
The Catch-22 of remote worker productivity and security
The main reason why it can be hard to keep remote workers productive while also securing the IT systems they depend on is simple enough: To install and run software on most operating systems, employees need administrator-level privileges. However, granting every employee such privileges is a security nightmare.
Without admin privileges, workers must ask IT support staff to install software for them – a practice that is just not scalable and sustainable at companies with hundreds or thousands of employees. And even if IT technicians are available to install apps on demand, it may take them hours or days to get around to fulfilling each request. In the meantime, employees are left without the tools they need to get their jobs done.
This not only lowers employee productivity, but also undercuts morale and employee experience. As Chi Tran of Autonomous puts it in an article for Forbes: “If we don’t provide the right tools, we may set our employees up for failure” – especially, the piece adds, in a world where motivating and rewarding employees using in-office perks is not always viable. When it comes to remote workers, giving employees the digital tools they need to excel at their jobs is one of the only truly impactful measures employers can take to optimize the employee experience.
Meanwhile, if companies do grant all employees admin-level privileges so that workers can install
software themselves, the risk of cyberattacks increases dramatically. If the user accounts of ordinary employees have admin rights, attackers who compromise those accounts by exploiting software vulnerabilities or who trick employees into performing malicious activities via phishing, can wreak much greater havoc.
Note, by the way, that it’s not just employees’ individual devices that are at risk. Since those devices are connected to the corporate network, attackers can move laterally to compromise other IT assets. A single compromised admin account could place the entire business at risk. Indeed, abuse of Windows privileges is the most common attack vector threat actors leverage to spread ransomware across networks.
A particular risk for remote workers
Not being able to use important tools due to lack of admin privileges, or granting employees more privileges than they should have, is an issue that affects workers of all types, not just those who are remote.
However, it’s especially challenging for companies with remote workers for a couple of reasons.
One is that when employees are not in the office, asking IT staff to install software for them becomes more challenging.
Although it’s certainly possible for technicians to connect to employees’ PCs remotely and install the software they need, coordinating that activity is harder when employees can’t simply walk to the help desk to ask for software installation. The fact that remote workers may be in different time zones from the IT team complicates installation further.
The other special challenge is that remote workers often log in via home networks and are not directly connected to the corporate network or domain. As a result, IT staff may not be able to reach their devices easily to perform remote software installation.
Striking a balance
So, what’s a business to do? Does it have to make the hard choice between prioritizing worker productivity and employee experience on the one hand, or security on the other?
Fortunately, no. With a sophisticated and nuanced approach to privilege management, it’s possible to give employees the access.
Instead of denying admin privileges to employees outright, businesses should allow them to request privileges on an as-needed basis. Then, the IT team can temporarily grant them the privileges they require to install or run the tools they need.
To keep this process efficient, decisions about privilege requests should be automated whenever possible. For example, based on factors like an employee’s role and request history, service automation software can determine whether a request for temporary admin privileges is likely to be legitimate. That way, IT engineers don’t have to spend time reviewing the request manually, and because the automated request can be processed in seconds, employees don’t have to wait to run the tools they need.
Conclusion
Productivity, employee experience and security should receive equal priority at every organization. By taking a nuanced approach to privilege management – one that enables IT teams to grant employees temporary privileges – this becomes possible. Remote employees can do their jobs better and enjoy their work more, without having their devices become major risks from a cybersecurity perspective.
Click below to share this article