For years, security trumped everything when it came to accessing an organization\u2019s resources. Tight IT control over everything didn\u2019t exactly make access convenient for users, but they lived with it. Now, however, the other side seems to be gaining the advantage in this ongoing tug-of-war. Emboldened by mobility and the cloud, users are demanding access whenever and wherever they like\u2014and organizations that see the productivity advantages may consider loosening security\u2019s tightest grip. Here\u2019s a look at both views, with an eye towards meeting in the middle.How Low Do We Drop the Bar to Offer Convenience?In the early days of IT, security was at the heart of how people engaged with technology resources. Hardened data-center processes and information-access policies were managed by a handful of administrators with complete control over access. The message was simple and clear: We control your access, and if you don\u2019t like it, you can go work somewhere else. User convenience wasn\u2019t even a consideration.Fast-forward 50 years or so, and times have certainly changed. The evolution of platforms and access expectations has created intense pressure to lower the bar on security and make access easier. But is there really something wrong with users having to prove they are who they say they are? Why shouldn\u2019t we have access protections like strong passwords, multi-factor authentication, and context-sensitive adaptive authentication? Isn\u2019t it better than finding out all your sensitive data has been stolen?Or maybe it\u2019s a question of degree.How Easy Can We Make Access and Still Stay Safe?User convenience is the key requirement for technology adoption today, and security technology is no exception. If you make it easy for end users to adopt technology, they\u2019ll use it. If you don\u2019t, they\u2019ll go around it. Today, workers see security policies and practices as inconveniences that hamper their productivity\u2014and hence the rise of shadow IT.There must be a balance, so that resources remain secure and users remain productive. We\u2019re beginning to see that balance emerge with innovative processes based on identity assurance. Identity assurance goes beyond user name and password to validate that a user really is who he claims to be, based on risk and contextual factors such as user behavior, device, location, and the type of data being accessed.Some organizations are even starting to use centralized policy engines for authentication, with access based purely on an understanding of who the user is, with no predefined access control model at all\u2014the ultimate convenience, and yet secure.Those are just a couple of examples of organizations leveraging risk and context information to eliminate the friction that added security can create. Interested in learning more about new technology that can help deliver security and convenient access without compromising either? Take a look at RSA\u2019s eBook: Delivering Convenient and Secure Access to the Modern Workforce.