by David Levine
While IT departments, technology purchasers and business leaders value many things about any given tool or process – including cost, scalability and, most of all, security – it should come as no surprise that a majority of employees care only about getting stuff done and getting it done easily. For them it’s all about user experience (UX), and that only makes sense.
UX is what propelled the iPhone (and, later on, Android devices) to dominate the enterprise mobile market – despite the fact that, at first, iPhones had nothing like the security that Blackberry offered. And it’s a major factor in the problem we’re seeing now with tools such as Dropbox being used in the workplace: Even though Dropbox’s security vulnerabilities have been widely publicised, one study found that one-fifth of corporate employees use Dropbox to share and store business material, and half of them use it even though Dropbox is banned by their companies.1 Why is that? It’s easy and it works! In the absence of a good corporate-provided alternative, employees will seek out what works for them and risk getting caught.
Just as the iPhone has gotten more secure over time, Dropbox recently introduced a business-ready version that allows for greater security and more granular permissions.2 This is a familiar pattern for the consumerisation of IT: User experience pulls technology into the workplace, and then – eventually – it’s retrofitted with the security that fits the new context.
But does it have to be like this? Is IT doomed to be the bad guy in the enterprise, stomping on UX in the name of security? Is there any way for IT to get ahead of the curve, instead of always playing catch-up?
Give a little bit
Given today’s increased focus on information security and the growing need to help address its role across the company, enterprises need to make sure their employees are steadily educated about the security risks of using unsanctioned apps and software. The use of this “shadow IT” can lead to data breaches and leaks that can financially cripple the enterprise and severely damage reputation and customer relationships
That said, it’s important to balance your “watchdog” stance with some accommodations for UX. For example, extending single sign-on to employees – requiring only one login to gain access to all the apps and data they use – is a good way to remove barriers for employees while still keeping the network secure.
The alternative is something like this example which shows how IT’s pursuit of security can hamper an employee’s desire to “get stuff done”:
Many employees would look at this and instantly feel confused and overwhelmed. Even if it’s a process they know how to navigate, it can still be frustrating – because to them sharing a document securely shouldn’t be a multi-click journey. It should be quick and hassle-free. It’s because of intimidating interfaces like these that shadow IT continues.
Your process of balancing security and UX really begins with studying usage within your company. What security steps and practices are your employees often skipping or circumventing? Which apps are unpopular and/or barely used? How old are these apps, and what are their user interfaces like? Multiple steps, ambiguity, too cumbersome – if you’re asking employees to contend with any of these qualities, you may be ushering them toward unapproved tools with more agreeable UX .
In addition to researching employee behaviour, it’s also critical to follow trends in consumer tech. One needs to stay on top of what’s becoming popular outside of work today, in order to see what might be applicable and leaking into our workplace tomorrow. There is also the need to research the possible risks, as well as whether any similar tools, intended for business, that are out there. Quite often, there are viable alternatives, as more and more designers are making enterprise apps with interfaces that echo consumer tools.
Not every tool or application an employee wants to use will make sense in a business context. As always, the normal business analysis needs to occur. But more often than not, if people are using it, there’s a good reason. At Ricoh, we’re currently in the process of deploying a secure Enterprise Class File Sharing solution that will provide all the same functionality of a Dropbox-type solution but with the security features and functions we need as an enterprise.
Unfortunately, with IT responsible for so many ongoing tasks, the work of gaining a comprehensive vision of everything your company’s using can be hard to fit in. Leveraging an outside perspective can therefore be helpful. Not only can a third party help you look at your usage and infrastructure and give you the insight you need to help make strategic decisions about apps and permissions, but they can also consult with you on adding apps and tools that help employees do more of what they want: getting the job done easily!
What winning looks like
It’s not a losing battle. To at least some degree, some approved and secure apps and practices may be neglected, in favor of unapproved apps and habits that have interfaces and functionality employees find easier and more comfortable. IT therefore has to remain vigilant – and, additionally, remember that winning the battle between UX and security doesn’t mean enforcing one at the expense of the other. It means marrying the two, so that employees can work the way they want to, and the business can grow without putting itself at risk.