Time to Take the “Either-Or” Out of Security and Convenient Access

For years, security trumped everything when it came to accessing an organization’s resources. Tight IT control over everything didn’t exactly make access convenient for users, but they lived with it. Now, however, the other side seems to be gaining the advantage in this ongoing tug-of-war. Emboldened by mobility and the cloud, users are demanding access whenever and wherever they like—and organizations that see the productivity advantages may consider loosening security’s tightest grip. Here’s a look at both views, with an eye towards meeting in the middle.

How Low Do We Drop the Bar to Offer Convenience?

In the early days of IT, security was at the heart of how people engaged with technology resources. Hardened data-center processes and information-access policies were managed by a handful of administrators with complete control over access. The message was simple and clear: We control your access, and if you don’t like it, you can go work somewhere else. User convenience wasn’t even a consideration.

Fast-forward 50 years or so, and times have certainly changed. The evolution of platforms and access expectations has created intense pressure to lower the bar on security and make access easier. But is there really something wrong with users having to prove they are who they say they are? Why shouldn’t we have access protections like strong passwords, multi-factor authentication, and context-sensitive adaptive authentication? Isn’t it better than finding out all your sensitive data has been stolen?

Or maybe it’s a question of degree.

How Easy Can We Make Access and Still Stay Safe?

User convenience is the key requirement for technology adoption today, and security technology is no exception. If you make it easy for end users to adopt technology, they’ll use it. If you don’t, they’ll go around it. Today, workers see security policies and practices as inconveniences that hamper their productivity—and hence the rise of shadow IT.

There must be a balance, so that resources remain secure and users remain productive. We’re beginning to see that balance emerge with innovative processes based on identity assurance. Identity assurance goes beyond user name and password to validate that a user really is who he claims to be, based on risk and contextual factors such as user behavior, device, location, and the type of data being accessed.

Some organizations are even starting to use centralized policy engines for authentication, with access based purely on an understanding of who the user is, with no predefined access control model at all—the ultimate convenience, and yet secure.

Those are just a couple of examples of organizations leveraging risk and context information to eliminate the friction that added security can create. Interested in learning more about new technology that can help deliver security and convenient access without compromising either? Take a look at RSA’s eBook: Delivering Convenient and Secure Access to the Modern Workforce.