BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

The Yin and Yang of Security and Productivity

Posted March 11, 2011    Peter McCalister

If, as I discussed in one of my last posts, we can’t rely on compliance standards for anything more than setting the minimum bar for establishing our security measures, we are back to having to do the difficult trade off analysis on the real impact of security on productivity versus the benefits. And while there is no simple answer on how to do that analysis, there may be a different way to frame the problem.

Sometimes seemingly opposing things actually interact in complementary ways. The Chinese concept of Yin Yang is used to describe how seemingly contrary forces are interconnected and interdependent in the natural world, and how they give rise to each other in turn.  So is there a Yin and Yang of security and productivityCan you implement security in ways that enhance productivity? I think you can.

First, minimize the productivity impact of security by making it as transparent as possible to the end user. Ideally, they won’t have to use any extra commands, no pop ups, no extra screens to go through in order to operate securely. And if the action requested by the user is allowed, just let it happen. The Windows User Access Control slider provides a great example. If you give users the option, they will turn down the security level to avoid having to respond to an extra prompt. So if you are going to give them the authority to do certain actions after a prompt, why trouble them with the extra steps.

Second, while security controls stop people from doing bad things, these same controls can enforce best practice.  In addition to controlling actions because of the security risk we can stop people from doing things that they should not do because of the operational risk presented.  And with proper implemented controls we can do better than using  “Are you really sure you want to” pop-ups which we just click through anyway. Properly designed and implemented controls can enforce a desired way of doing things or best practice.

Finally, there is great potential in using data on what people are doing to improve productivity. Those detailed compliance logs are a gold mines of information. They can be used not just to look for patterns that indicate a security threat, but those same patterns can show where security and other procedures such as improper configurations of new systems are hurting productivity. Finding those patterens can help uncover opportunities to better train, simplify procedures, and uncover best practices that not everyone is following. And once those best practices discovered you can use controls to ensure that best practices are being followed.

Leave a Reply

Additional articles

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,