Modern businesses, especially small to midsized businesses, are facing a problem, says Brett Hansen. On the one hand, today’s workers expect to be able to work from anywhere, anytime, on any device.
On the other hand, businesses have an obligation to secure their data. And the sad truth is they can’t count on their employees to help very much.
It’s not because workers don’t care about their employer’s data. In fact, a survey last fall by Dell, where Hansen is vice president of client software and general manager of data security, found that most employees do care about protecting employer data, and have even received education on the subject in the last year.
“But when it came to trade-off decisions between good data hygiene and getting my job done, which do you think most employees chose? Overwhelmingly, it’s the latter,” Hansen said during an interview at Dell Technologies World 2018 this week in Las Vegas.
The Dell survey found that 72 percent of employees were sending confidential data outside the organization, and that well over half were using personal email and personal cloud applications to share sensitive documents. When asked whether they’d go around their company’s data security policies if they felt it was necessary to get their job done, 43 percent acknowledged they would.
“And that’s just the ones who admit it,” Hansen said.
But can you blame them? Workers aren’t measured or compensated for protecting employers’ data, so naturally they’re going to prioritize the things that their performance is judged on.
“I’m a data security professional,” Hansen said, “and my boss has never once said during my annual review, ‘You missed your numbers, but you did a really good job with data hygiene, so I’m going to give you your full bonus.’”
That leads to a stark truth for business leaders: for all the legitimate concern about external attacks such as malware and ransomware, Hansen said, “you have to be thinking about how to protect yourself from your own employees.”
And if anything, small to midsized businesses have more at stake, because they have less margin for error in the case of a data loss, and they rely more heavily on contractors, freelancers and other members of the growing “alternative labor force.”
Define Security Strategy Around Business Objectives
One common response is to simply purchase a big suite of security software, sometimes on a consultant’s recommendation. That usually backfires because it treats security as something apart from the rest of the business, when in fact it must be baked into the business strategy.
The first step is to clarify your business objectives, then define your security strategy accordingly.
“It might seem daunting but if you take a step back and think about what you’re trying to protect, what your regulatory obligations are, and what your business objectives are, then you can work your way back from there in terms of how information is being shared and what you are allowing your employees to have access to,” Hansen said. “Because if you just go down the path of just going out and buying a bunch of security products, you’re ultimately going to fail.”
Focus on the Security of Users' Endpoints
Inevitably, there will be trade-offs between employees’ ideal experience and what’s necessary to maintain security. Hansen argued that VMware’s endpoint management solution, Workspace ONE, which allows workers to securely access their full suite of workplace applications from any device, goes a long way to solving that challenge.
“Unified endpoint management is one of those buzzy terms, but it is a very real solution that people should be looking at,” Hansen said.
He noted that workers are not only using more devices, but they are also using more operating systems. Businesses using Microsoft’s Windows in their desktop computing environment are employing workers with Apple computers at home and Android devices in their pockets.
“How do I deploy a single management platform that can support my PCs, my mobile devices, my tablets, my Internet of Things devices, because they’re all probably going to be using different operating systems?” Hansen asked. “And I don’t want to be thinking about devices, I want to be thinking about users.”
For more, check out all of BizTech's coverage of Dell Technologies World 2018 here.