A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Security vs. End User Experience – Find the Balance Breadcrumb Home Insights Blog Security vs. End User Experience – Find the Balance December 18, 2017 Security vs. End User Experience – Find the Balance Have we become so focused on serving our customers that we are willing to cut corners for the sake of speed and convenience, only to subject the organization to security risks? I’m not suggesting that one has to be prioritized over the other, you can provide a great user experience, while also keeping your users’ identities and access secure. It is possible to achieve a healthy balance. The recommendation I give most often, that is also most often ignored is “don’t sacrifice security over your employee/customer experience.” A higher prioritization of the end user experience is what sneaks in and derails a great strategic security roadmap. Here are just a handful of scenarios I’ve come across in working with clients – notice the lack of balance, in exchange for simplified processes: When onboarding, allowing admins to use the new hire’s credentials to set up their desktop before the employee’s start date, in order to ensure the new hire is up and running the first day. Using a standard password algorithm to allow printing of training materials such as using the first six characters of the new hire’s last name plus the month and day of their date of birth, to make it easier to onboard during high hiring seasons. Managers don’t inform HR in a timely manner when a contractor is terminated or the contract ends so the business has gotten in the habit of not taking action upon the original contract end date, in hesitation that the contract may have been extended. Access certifications are such a burden to managers and application owners that they become low priority and they try to review access only when they have time. Only the last four digits of a user’s SSN is used to verify a person when they call the helpdesk because it’s the easiest way to verify employee identities if they get locked out. You should be cringing and/or shaking your head, but if you are not, let me gently point to some flaws: No one should ever log in using someone else’s credentials, for any reason. There is technology to support accomplishing the same result in a more secure fashion. A user’s access should never be active before their start date, giving an admin access to another user’s self-service HR portal, exposes payroll and someone else’s personal details! I’ll go with the obvious short list: Have you ever left a company and still remembered their password algorithm? So can a disgruntled former employee. Social media has made it far too easy to learn simple bits of information to guess credentials. If you print it, it can land in the wrong hands. Lingering access is always a risk - if in doubt, shut it down. If a contractor or employee leaves, the clock for malicious attacks begins the moment they do. Inappropriate access to the wrong user is the reason identity and access management continues to be a growing solution area…allocate time and resources to make sure access reviews are a priority! The less Personally Identifiable Information (PII) data is exposed, provisioned across systems, stored, visible within a UI (via Help Desk, admins or unnecessarily stored within an application), the lower the risk. There are technologies and processes that can address every one of these flaws. It is imperative that organizations balance simplicity with security, not for the sake of it. By: Dusty Anderson Client Solutions Advisor Dusty Anderson is a client solutions advisor for Optiv’s identity and access management (IAM) practice. In this role she leverages her in-depth IAM experience to assist clients in developing comprehensive strategies and solutions to their real-world problems. Share: Risk
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services