Why a User-Centric Approach is Required for Network Security
Is your enterprise one of the many that are "subject to the whims of fickle consumer-business users" when it comes to adopting new technology?
That's how Clorox CIO and vice president Ralph Loura framed the current state of enterprise tech and the Bring Your Own Device (BYOD) trend when he appeared earlier this month among a panel of other CIOs at the Westin St. Francis Hotel in San Francisco.
He couched his message by saying that even though enterprises may try to be user-centric, employees constantly make new technology demands—and change them often—making it difficult for enterprises to fulfill their every request, even if it would make life easier for users. With employees demanding network access for many different types of devices, operating systems and applications, a CIO’s job has never been harder. But do employees always know what’s best for network security?
According to Loura, "User-led is not the same as user-centric … User-centric is about looking at and understanding the need, not the ask." A user-led approach gives power to employees and requires the enterprise to adopt most or all user suggestions - a clear risk.
And risk is not something Loura, like many CIOs, has ever been comfortable with. During a panel hosted by Okta Inc. back in April, he said that he is careful about innovation spend. He stays risk averse, yet searches for those investments that will yield the highest return.
In the case of enterprise tech, he said that when users ask him to support a new enterprise technology, i.e. hardware or application, he doesn't automatically accept their request. Instead, he adds that suggestion to a pool of other related ones, weighs the user benefits with the risks, i.e. security, and then reconciles those factors before adopting the best all-around solution.
His message resonates in the discussion of BYOD versus the slightly more stringent CYOD (Choose Your Own Device) strategy, in which employees only have a limited number of approved devices to choose from. Loura would likely support CYOD because it puts a little more power back into the hands of the IT department. However, despite the benefits for IT control, CYOD’s growth is far surpassed by BYOD’s, and enterprises must adapt the way they create network security policies accordingly.
With security ranking as a top priority for IT departments this year, there's been a real desire among network professionals to assert more control over networks, even as employees are given more technology decision-making power through BYOD policies. One important tool enterprise IT administrators can use to increase the security of their networks is a centrally managed VPN solution, which gives enterprises greater visibility into remote communications and provides them the option to revoke network access to endpoints that are not compliant with enterprise policies.
In a user-centric culture like the one Loura describes, CIOs would adopt VPNs that support whatever devices and operating systems employees choose, and still give IT departments control, through central management capabilities.
A centrally managed remote access solution also increases productivity by automating VPN client rollout and updates, and reduces IT help desk calls because this no longer has to be done manually. It also lowers documentation and training costs because user hands-on interaction is significantly reduced. These benefits provide a strong case for CIOs in search of that elusive high return on investment Loura mentions.
Finally, automation and ease-of-use free IT staff to focus on higher value activities. At the same time, it provides a higher level of security and more freedom for employees, while still maintaining IT control. Managing BYOD doesn’t need to be the headache it once was, with a user-centric approach and a centrally managed VPN.