It’s an internal combative relationship found within most organizations. Users attempt to sneak in instant messaging software, use BitTorrent and P2P file sharing, access company data with their unauthorized mobile devices, and store data on USB flash drives.
Why are end users trying to destroy your IT security? Well, despite what it may seem to the security engineers who have to corral end users into the IT safe zone at all times, the end users are just trying to do their job in the easiest and most efficient way they know how. That doesn’t sound so bad does it?
Ease of Use Trumps Security for End Users
Instant messaging, typically a big no-no for IT security, is a fast and convenient way of exchanging information – information necessary for end users to do their jobs. USB Flash drives are another quick and easy way to move information from one location to another. And smart phones allow end users to access vital data while on the go.
The point is that end users break security policy because they want to do their jobs better and not for any heinous reason. And instead of spending all our energy fighting against this and keeping them in line, we should be working with them to accommodate their needs.
In a way, it’s our fault that these end users are violating security policy, because we haven’t given them or shown them how to operate within security guidelines as effectively. Instead, we are giving them strict rules that they inevitably circumvent, creating more security problems than we are solving.
Ending the War and Finding Common Ground
Consumers are going to continue to bring in outside hardware and software if they are more comfortable using it. IT security can’t fight this forever. What we can do is use this as an opportunity to learn what the needs of the end users are and then find new, secure solutions that meet these needs.
Working with end users as opposed to against them also allows the IT department to be more aware of what’s going on. And end users will be more inclined to follow IT policy if they feel the department is working to help them achieve their ends. But the more quarrelsome the relationship between end users and IT becomes, the more end users will fight against policy and subvert it – to the detriment of the entire organization.
