4 tips to improve employee experiences while maintaining security and governance – CIO
Improving employee productivity and collaboration is a top business objective, according to the 2023 Foundry Digital Business Study.
Improving employee productivity and collaboration is a top business objective, according to the 2023 Foundry Digital Business Study. But delivering these productive employee experiences can be challenging, especially with an increasingly distributed workforce. As more individuals use browser-based apps to get their work done, IT leaders need to provide seamless access to corporate apps and tools while minimizing security risks.
How can organizations improve employee experiences without compromising necessary governance and security controls? That’s the question we posed to the CIO Experts Network, a community of IT professionals, industry analysts, and other influencers. Here are their top tips.
Tip 1: Embrace the need for balance
Hybrid work models have shifted the goalposts for just about all organizational objectives, especially in terms of providing employee experiences that are both productive and secure. Traditional blanket policies that restrict access to apps outside the corporate firewall are no longer effective in a world where more applications and data are moving to the cloud, and more employees are accessing those apps from outside the office. Overly restrictive security controls can create friction for employees who need ready access to the apps and tools they need on a daily basis. IT and security teams must strike the proper balance between the two.
“Dealing with the end-user experience and information security is a delicate balancing act,” said Ben Rothke (@benrothke), Senior Information Security Manager at Tapad. “This requires politics and persuasion on the part of the chief security officer.”
Other experts agreed, and provided additional guidance:
“Improving the experience of employees while maintaining security can be tricky. A security-by-design culture incorporates security measures deeply into the design and development of systems, rather than treating them as an afterthought. By building layers of security such as multi-factor authentication (MFA), regular security audits, and encrypting all data, companies can protect sensitive data while delivering a positive user experience.” — Scott Schober (@ScottBVS), President/CEO at Berkeley Varitronics Systems Inc.
“IT teams can enhance employee experience without compromising good governance and security controls by ensuring a good balance between usability, productivity, and the safeguarding of an organization’s data and digital assets. There should be an optimal level of security controls, but these should not impede the employee experience or create friction in their workflows.” — Kieran Gilmurray (@KieranGilmurray), CEO at Digital Automation and Robotics Ltd.
Tip 2: Get on the path to Zero Trust
Zero Trust security is one effective method for balancing productivity and protection, said Elitsa Krumova (@Eli_Krumova), Global Thought Leader and Tech Influencer. “Adopting a strategy for single identity and access management not only assists with enforcing security policies organization-wide, but also optimizes the employee experience,” Krumova said.
Zero Trust encompasses a variety of technologies and practices that IT teams can use to streamline access to information for authorized individuals.
“Start with technologies like single sign-on and passwordless identity management to remove friction from daily routines,” said Michael Bertha, Partner at Metis Strategy. “To create a compounding effect on productivity, build self-service capabilities that provide role-based access to key data sets or visibility into cross-functional processes, for example.”
Peter van Barneveld, Innovation Manager at Dustin, said that using a single, secure identity eliminates the need for multiple accounts and passwords, which simplifies user access to applications and resources. “From an administrative and security perspective, this approach enables concentrated implementation of vital security measures and controls, such as [multi-factor authentication], conditional access, user access logging, and seamless integration of the identity into a security information and event management [SIEM] system,” he said.
Tip 3: Embrace new technologies to enrich and secure employee experiences
Organizations are exploring many different ways that artificial intelligence (AI) technologies, including generative AI, can stimulate employee productivity and creativity. Finding the right use cases for AI while minimizing risk to the business requires collaboration between IT and the workforce. Here’s what the experts had to say:
“Employees seek productivity with versatile and easy-to-use technologies. They are expected to make smarter and faster decisions using data, analytics, and machine learning models. This often means having the freedom to experiment and use self-service technologies, which creates risks, such as security issues, unscalable processes, or the addition of technical debt. The key for IT to deliver improved employee experiences is to develop centers of excellence that communicate standards, develop best practices, and provide clear guidance on non-negotiable security requirements.” — Isaac Sacolick (@nyike), President of StarCIO and author of Digital Trailblazer.
“Employees adopt emerging technologies such as AI to get results they couldn’t have dreamed of before. IT teams can meet or exceed employee experience expectations by vetting and adopting solutions that give employees the edge they’d hoped for while complying with governance and security requirements out of the box.” — David Geer (@geercom), Thought-leader, cybersecurity expert
“Companies with an appetite for experimentation can leverage generative AI to accelerate development of code, marketing collateral, and many other artifacts. Caution is king, however. Many organizations are reluctant to use generative AI without rigorous, human-centric quality control to ensure accuracy and limit risk.” — Bertha
Tip 4: Adopt a continuous training strategy
IT security leaders recognize that cyberthreats and attack vectors continually evolve. However, staying ahead of cybercriminals is not Job 1 for employees who simply want to get their work done.
Within that context, it’s important to maintain regular, ongoing education and training, said the experts:
“Continuously educate and engage. Regularly communicate with employees about the importance of security and governance controls. Offer training sessions, workshops, and awareness programs to educate employees on best practices.” — Tom Allen, Founder, AI Journal
“The most effective way forward is to educate employees on the necessity of security measures and explain to them that 15 seconds of additional typing or tapping a day will definitely save them hours or possibly days of downtime in the future.” — Dipti Parmar (@dipTparmar), Chief Strategist at Dipti Parmar Consulting and Co-Founder at 99stairs.
In this regard, the enterprise browser can serve as a point of dialog between IT and business users to better understand each other’s needs. “No one wants to be blocked from accessing a particular app or website,” said Lorena Crowley, Head of Chrome Enterprise Marketing at Google. “The browser becomes an educational opportunity for users to learn why an extension is blocked, and for admins to learn about why an extension or website is important for users to get their work done.”
The enterprise browser as a centerpiece
Improving employee experiences without compromising security is a key objective for modern business. IT leaders are finding that the enterprise browser, once viewed as a simple utility, is playing an increasingly important role in meeting this goal.
“As organizations move to web-based apps, the browser becomes more of a centerpiece of how and where work happens,” said Crowley. “IT and security teams need to be much more thoughtful about securing and managing these environments. At the end of the day, the enterprise browser can provide the sweet spot between users being able to access the things that they need to be productive, and the safeguards that need to be in place to protect corporate data.”
See how you can empower your organization to work safely in the cloud with Google Chrome Enterprise.
About Author
