How to Balance Security With DEX for a Critical Advantage
Raise your hand if you enjoy being kicked out of the application you were working on for an unexpected security patch!
No one? We can wait …
Really, no one?
Okay, we figured. And we’re not surprised. Jamie Whalen, host of the Everywhere Workplace Podcast, recently sat down with Steve Brasen, Research Director for Enterprise Management Associates, to talk about the perceived conflict between Digital Employee Experience (DEX) and security.
Too often, people place DEX and security on opposite sides of the proverbial boxing ring. That’s understandable, but it’s also an outdated approach that misses a significant opportunity. Blending security and DEX can provide a major competitive advantage. They’re both critical – and even better together.
Remote workers have made their preferences clear, they want to work from the location of their choice. Bye-bye perimeters. Bye-bye cubicles. Many of them would even forego a promotion in favor of the opportunity to work from anywhere. They want seamless access, unwavering connectivity and the right tools to do their jobs well.
Addressing these needs is a significant part of ensuring a strong DEX, and we know that DEX is key to ensuring loyalty, productivity, engagement and employee satisfaction.
Do you believe security is set up in direct opposition to that wish list for remote workers? Think again. Security wants the same thing that other remote workers want, for everybody to be able to do their jobs easily and securely.
The problem: some of the measures to achieve top-tier security can thwart seamless access unless the proper approach is deployed.
Why? The most successful security measures are things like “high-friction password management,” which, by their very definition, are as prohibitively difficult as possible to navigate. That’s great for security. Not so great for remote workers trying to get their work done.
This perception that security and employee experience are at odds ramped up during the pandemic, when so many businesses made an abrupt (and often not-so-thoroughly planned) shift to remote work. Security teams have been playing catch-up.
These teams are understaffed and overwhelmed – doing their best to prioritize and manage vulnerabilities, but it occasionally happens at the expense of access, leaving remote workers frustrated.
Here’s a secret that shouldn’t be a secret at all: DEX and security aren’t at odds. In fact, good DEX improves security.
Why? Because a positive DEX generates compliance – and compliance comes naturally when security protocols are infused intelligently and seamlessly into the digital experience.
The trick, then, is getting that infusion correct.
When security protocols are developed and implemented outside the scope of a positive DEX, remote workers end up constantly trying to navigate security controls that are essential for the enterprise but can be incredibly cumbersome for them as users.
When there are many hurdles to jump through, employees are less productive at best – and inclined to seek workarounds to do their jobs without constant interruptions or long wait times for ticketing responses.
“When we’ve conducted surveys, we’ve found that the biggest challenge users have is actually trying to work with the security controls and not impacting their workforce products,” says Brasen.
This lack of internal compliance isn’t usually malicious; it’s seen as practical. Unfortunately, the risks are high.
Lack of compliance is the last thing security needs. When employees are outside a perimeter, working on various devices on various operating systems all over the world, security teams face a Sisyphean task.
“Take a scenario where a home worker is accessing business resources, using a VPN (virtual private network). They may also be using cloud hosted services, separate from the business," Brasen explains.
"And they submit a ticket to support saying that they're having a slowdown in application performance. Where does the IT administrator even start? Is the problem with the employee’s device? Or does the problem arise from the employee’s home WiFi? Or is the issue with the VPN or the cloud-hosted environment?”
The price of misalignment
Misalignment between security and DEX causes many headaches.
Lack of compliance clearly leads to massive vulnerabilities for the enterprise. While employee frustration is another major factor, there’s even more to consider. Steve Brasen notes that there’s a significant productivity loss associated with security barriers and systemic reboots. Lost work is a major problem and interrupted momentum is also costly.
These interruptions add up – with security teams spread thin and scrambling to react to a meteoric rise in security threats (especially ransomware), patches, slowdowns and disruptive reboots can feel constant.
How to move forward on the same team
The good news – security and DEX misalignment are not inevitable. Here’s how to move forward on the same team:
Track and manage DEX: you can’t improve what you haven’t measured. Technology can play a huge role in reducing the impact that security protocols have on employees.
For starters, it’s essential to track and manage DEX by truly understanding how users experience digital products and security protocols, and what kind of impact those elements have on the user.
Focus on experience: you’ve heard about SLA (Service-Level Agreements), but how about XLA? XLA is an Experience-Level Agreement. Service is focused on a process, but XLA takes outcomes and experiences into account.
No matter how strong your SLAs are, if the outcomes and value aren’t where it should be, the process should be reconsidered.
Embrace automation: automate, automate, automate. “Automated remediation should be implemented wherever possible to rapidly resolve issues before they impact user productivity,” says Brasen.
Automated remediation enables proactive management of digital experiences, which is significantly less disruptive to users than traditional reactive management.
Use intelligent security controls: rather than trying to control every threat all the time, use risk-based intelligence to focus on the most relevant and critical threats. This not only funnels your security resources to the right place, but also means security isn’t causing unnecessary disruptions to users for non-critical threats.
Again, security teams and remote workers want the same thing – for everyone to be able to securely and easily do their jobs. Automation, risk-based intelligence, and a focus on DEX can alleviate burdens on security, IT and the rest of your remote workforce.