Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

The Security vs. User Productivity Balancing Act

By , Kim Lindros - Source: Toms IT Pro
Tags :

Pick up tips for maintaining a secure environment that has the least impact on user productivity.

Credit: TBStudio/Shutterstock

IT staff walk a fine line between providing strong security while maintaining optimal network performance. One always seems to diminish the other to some degree, but both are necessary to support the business. And poor network performance almost always trickles down to users, causing frustration and a spike in the number of help desk calls.

Finding a happy medium can be a challenge, but find it you must. A positive user experience is key to keeping employees productive and boosting the bottom line. The sections that follow offer some advice for striking a balance between security and user productivity.

MORE: Confessions of an IT Pro: Developers Need Lateral Thinking

Monitor the environment

Lots of good security measures can put a drain on network resources and ping application responsiveness. Consider endpoint protection, intrusion detection systems, unified threat management and the like. Many security products track traffic and events at a fine level of detail to detect and prevent attacks. But deep packet inspection often results in network latency, as do security products that employ agents and sensors to report possible malware back to servers for analysis. Although many agents are now designed to be lightweight, and deep-packet inspection is valuable, every layer of security adds to potential network congestion.

Today's network monitoring tools are finely tuned and can point to issues that are developing in addition to those that are already fully engulfed. Running a proactive, agentless monitoring solution helps you identify excessive network loads, alleviate network bottlenecks and ultimately improve the user experience.

Review network access controls and permissions

Where access controls are designed to allow only authorized users to connect to a network, permissions keep authorized users from accessing network resources they don't need in order to perform their jobs.

For network access, you should create a customized access policy (or review the one in place now) that limits user network access based on several factors — IP address, MAC address and time of day, to name a few. Access policies don't cause network performance issues, and they represent another level of protection against attackers attempting to compromise stolen network credentials.

The principle of least privilege asserts that users should have access only to applications, files and services they need for legitimate activities. In other words, sales staff don't need access to the payroll database, and general employees shouldn't be able to view HR documents. Take some time to review group and individual user permissions periodically to ensure that everyone can see and modify files that are essential to their jobs, or can print to the closest shared printer, and nothing more. The practice of limiting users with strict permissions also reduces opportunities for accidental or intentional disasters (like file/folder deletions), and it can limit how far an attacker or malicious code can travel across a network in the case of a breach.

Institute Single Sign-On (SSO)

According to the 2017 Verizon Data Breach Investigations Report (DBIR), 81 percent of hacking-related breaches involved either stolen and/or weak passwords. In an ideal world, an organization's security policy requiring unique, strong passwords should be enough to actually make that happen, but strict password policies can be a hard pill for users to swallow. How many of us can memorize 12-character random passwords, that must change every 60 days, for multiple applications and sites?

Single sign-on (SSO) may be the answer. An SSO systems lets users have one set of login credentials that automatically logs them into multiple applications without needing to remember many different (and strong) passwords. SSO solutions are available for all types of organizations – small and large – and are designed to support both cloud and on-premises authentication needs.
SSO isn't perfect, however. If a hacker steals a user's SSO credentials and accesses the network, he or she then has access to everything authorized to that user. That's a risk you would need to consider carefully before investing in an SSO solution.

MORE: Best Single Sign-On Solutions for Enterprise Businesses

Move some business functions to the cloud

According to RightScale's 2017 State of the Cloud Survey, companies run 79 percent of their workloads in cloud. Organizations are flocking to the cloud to complement in-house IT resources, for good reason. Moving some functions, such as customer service, sales and data storage, to the cloud eases on-premise network pressure, all on a subscription payment model that's easy on the budget. The cloud also opens organizations to new services they couldn't handle in-house or afford previously, like mobility, collaboration and data analytics.

Providers make services easy for administrators to manage with web-based tools, and many functions are transparent to users, keeping things clean and simple. Because cloud services rarely require more than an Internet connection and browser on the end user's computer or device, fewer programs run and fewer processes are loaded into memory, which improves responsiveness.

And security is much higher now than in years past. Organizations were initially reluctant to let any IT or business functions – or confidential data – move beyond their network borders, fearing data loss, hijacked accounts, insecure application programming interfaces (APIs) and more. The notion of giving up control of data to a company with various data centers spread across remote places made most IT leaders uneasy, to say the least. Today, cloud service providers go to great lengths to protect customers by performing automatic data backups, offering multi-factor authentication and implementing advanced encryption to keep data safe at rest and in transit.

Moving On

With the increasing numbers of cyberattacks that successfully breach, and sometimes paralyze, organizations, ensuring a secure infrastructure is a top priority for IT pros. Keeping user productivity in mind while making challenging security-related decisions can only make for a better overall work environment.

ciscoexam-online-sale-200-125-exam    | udemy-newccnax-sale-200-125-exam    | whats-new-with-ccna-sale-200-125-exam    | ccna-practice-quiz-sale-200-125-exam    | What-is-the-difference-sale-200-125-exam-cert    | boson-practice-sale-200-125-exam-practice    | measureup-Cisco-Certified-Network-Associate-sale-200-125-exam    | globed-cisco-new-ccna-sale-200-125-exam-standard    | exam-labs-sale-200-125-exam-cert    | streaming-ccna-sale-200-125-exam-technologies    | caring-charts-blood-pressure-sale-200-125-exam    | pluralsight-courses-networking-cisco-sale-200-125-exam    | pearsonitcertification-articles-sale-200-125-exam    | safaribooksonline-library-sale-200-125-exam-routing    | learncisco-ccna.php-sale-200-125-exam-tast    | protechgurus-fees-syllabus-sale-200-125-exam    | certificationkits-cisco-ccna-sale-200-125-exam-standard-kit    | zeqr-lazaro-diaz-course-sale-200-125-exam    | 9tut-faqs-tips-sale-200-125-exam    | scribd-document-CCNA-sale-200-125-exam    | itunes-ccnax-sale-200-125-exam    | linkedin-cisco-sale-200-125-exam-questions-details    | teachertube-ccna-sale-200-125-exam-practice    | killexams-detail-sale-200-125-exam    | examsboost-test-sale-200-125-exam    | ccnav6-online-full-collections-sale-200-125-exam    | spiceworks-topic-sale-200-125-exam    | behance-gallery-sale-200-125-exam    | vceguide-share-experience-sale-200-125-exam    | techexams-forums-ccna-sale-200-125-exam    | free4arab-sale-200-125-exam    | openlearning-courses-sale-200-125-exam    | mindhub-Cisco-Certified-Network-sale-200-125-exam    | vceplus-ccna-exam-sale-200-125-exam    | examsforall-cisco-sale-200-125-exam    | how2pass-ccna-practice-tests-sale-200-125-exam    | simulationexams-details-ccna-sale-200-125-exam    | teksystems-sale-200-125-exam-routing-switching    | cram-flashcards-sale-200-125-exam    | pass4cert-cisco-new-ccna-sale-200-125-exam    | snatpedia-ccnaa-sale-200-125-exam    | cert4sure-free-download-sale-200-125-exam    | logicindia-ccnarouting-switching-sale-200-125-exam    | justcerts-practice-questions-sale-200-125-exam    | isc2-cissp-sale-CISSP-exam    | infosecinstitute-cissp-boot-camp-sale-CISSP-exam    | tomsitpro-security-certifications-sale-CISSP-125-exam    | infoworld-cissp-certification-sale-CISSP-exam    |    | searchsecurity-definition-sale-CISSP-exam    | simplilearn-cyber-security-training-sale-CISSP-exam    | arstechnica-security-sale-CISSP-exam    | cybrary-course-cissp-sale-CISSP-exam    | skillset-cissp-sale-CISSP-exam    | transcender-certprep-sale-CISSP-exam    | pearsonvue-sale-CISSP-exam-cert    | gocertify-isc2-issp-sale-CISSP-exam    | trainingcamp-training-bootcamp-sale-CISSP-exam    | cbtnuggets-security-sale-CISSP-exam    |    | itgovernance-cissp-sale-CISSP-exam    | boson-certification-sale-CISSP-exam    | firebrandnordic-training-sale-CISSP-exam    | firebrandnordic-sale-CISSP-exam-123    | cybervista-sale-CISSP-exam-cert    | becker-sale-CISSP-exam-pdf    | youracclaim-certified-information-sale-CISSP-exam    | techexams-forums-sale-CISSP-exam    | munitechacademy-courses-sale-CISSP-exam    | hot-topics-cyber-security-courses-sale-CISSP-exam    | pearsonitcertification-sale-CISSP-exam    | sybextestbanks-wiley-sale-CISSP-exam    | lifewire-preparing-sale-CISSP-exam    |    | intenseschool-boot-sale-CISSP-exam    | phoenixts-training-sale-CISSP-exam    | infosecisland-blogview-sale-CISSP-exam    | centralohioissa-member-sale-CISSP-exam    | learningtree-courses-certified-information-sale-CISSP-exam    |    | umbctraining-Courses-catalog-sale-CISSP-exam    | skyhighnetworks-cloud-security-sale-CISSP-exam    | helpnetsecurity-cert-sale-CISSP-exam    | secureninja-certification-bootcamp-sale-CISSP-exam    | mercurysolutions-information-sale-CISSP-exam    | exam-labs-info-sale-100-105-exam-pdf    | cbtnuggets-training-ccna-icnd1-sale-100-105-exam    | gocertify-ccent-practice-quiz-sale-100-105-exam    |    | boson-practice-sale-100-105-exam    | examcollectionuk-vce-download-sale-100-105-exam    | pearsonitcertification-articles-sale-100-105-exam    | transcender-practice-sale-100-105-exam-test    | techexams-forums-ccna-ccent-sale-100-105-exam    | shop-oreilly-sale-100-105-exam    | safaribooksonline-library-view-sale-100-105-exam    | subnetting-download-ccent-sale-100-105-exam    | 2cram-icnd1-online-quiz-sale-100-105-exam    | networklessons-routing-sale-100-105-exam    | centriq-123-ccna-certification-sale-100-105-exam    | ituonline-interconnecting-sale-100-105-exam    | transcender-introducing-the-new-sale-100-105-exam    | measureup-Networking-Devices-Part-sale-100-105-exam    | vceguide-icnd1-experience-sale-100-105-exam    | dumpscollection-dumps-sale-100-105-exam    | computerminds-business-sale-100-105-exam    | globed-ccent-or-icnd1-sale-100-105-exam    | ucertify-load-course-sale-100-105-exam    | academy-gns3-sale-100-105-exam    | visiontrainingsystems-product-sale-100-105-exam    | pearsonhighered-program-Wilkins-CCENT-sale-100-105-exam    | vceplus-ccent-sale-100-105-exam    | mindhub-Interconnecting-sale-100-105-exam    | sale-70-410-exam    | we-sale-70-410-exam    |    |    |