Trends, Industry, Tech

Why Less Is More When It Comes to Cybersecurity

July 01, 2022

From identity and access management (IAM) to zero trust and everything in between, solutions for every security challenge have hit the market in droves. With threats growing in sophistication and frequency, enterprises have adopted a ‘more is better’ mentality. While this approach is justifiable, instead of leaving enterprises better protected, it’s resulted in a Frankenstein monster of siloed tools. The technologies organizations have in place are only as valuable as their ability to protect and operate where the work is happening.

Unfortunately, security posture and strained IT budgets aren’t the only downside. Multiple applications and processes at play can be a detriment to employees, too. Shifting between too many systems stifles productivity at best, and at worst, leads to workarounds and insecure practices to get work done. Despite the desire to add, business leaders would be smart to evaluate what they can achieve with fewer applications and interfaces. As seen in recent industry research, here are several reasons why less is more when it comes to cybersecurity.

There are too many security vendors in the kitchen. 

According to an identity management survey from Gradient Flow, a majority of knowledge workers with IT job functions indicated that they work with several vendors for security functions including identity governance, risk, compliance, single sign-on, PAM, and security operations. Yet, even with all these solutions, it’s still taking too long to carry out necessary responsibilities. Compliance tasks, specifically providing requisite teams with the information needed to perform an audit, can take multiple days—and that’s on the quick side.

While it’s understandable that businesses will work with multiple vendors to address certain security issues, leaders would be wise to consider where they can scale back or consolidate. Speed is of the utmost importance, whether it’s in response to a breach or granting and removing access for new and former employees. Toggling between multiple, disparate systems for just security functions alone is a sure way to slow things down and get users frustrated in the process.

Context-switching is killing productivity.

What remote and hybrid working environments have eased for commuters and homebodies, they’ve complicated for IT teams. Companies either by force or choice have adopted new tech to resume in-office work with newly distributed teams. As a result, employees are spending more time switching between software applications than ever before. A report from Qatalog found workers cited spending nearly one hour a day looking for information between collaboration, storage and messaging apps, and half of workers fear information will get lost in the shuffle. That’s five hours lost each week, and too little emphasis on tracking.

This can lead to mistakes—ones that organizations can’t afford to make when security is at stake. And while distraction may seem like a small price to pay, like most bad habits, the effects compound over time. Psychologist and Computer Scientist Gerald Weinberg found that for each extra task—in this case ‘context’—you switch between, 20–80% of overall productivity is lost (RescueTime). While using different systems is a necessary evil for most jobs, leaders should be finding ways to streamline tasks or use additional features within an existing system to reduce the amount of context switching we’ve grown accustomed to.

UX is suffering.

Between multiple vendors and regular context switching, it’s no surprise that user experience (UX) is one of the greatest security challenges today. Many employees agree that identity solutions need to provide better interfaces and allow people to work productively and securely. Another UX concern is cost, specifically for small companies. The irony is that IT budgets are hemorrhaging as enterprises acquire the latest and greatest security tech, but employees are struggling to even use them.

Born out of necessity, many organizations have no choice but to do more with what they have. This could be seen as a silver lining. It offers leaders an opportunity to maximize their existing tech investments and be more discerning about jumping on new solutions too quickly. By extending functionality within current systems, employees are already familiar with the interfaces, requiring minimal to no training. This also frees up IT teams for more important projects. Your employees will have what they need to succeed, and you’ll save on the cost and headaches of new tech implementations.

ITSM is a bright spot. 

A new, powerful trend has emerged, as evidenced by the aforementioned Gradient Flow research. Organizations are turning to ITSM and business platforms to solve their security troubles. Buying multiple best-of-breed tools is simply not a sustainable or effective method as the internet evolves and new threats emerge. Therefore, most respondents reported using ITSM/workforce management platforms to govern application permissions and entitlements. This number increases for large organizations and those who hold IT roles. 

This is important for several reasons: first, this approach eliminates challenges with UX and context-switching by providing users with a familiar interface, enabling them to perform better, and cutting back on downtime. Second, it streamlines data from across an organization, giving IT leaders greater visibility into what’s going on within their company. It also empowers organizations with the quantity and quality of data needed to carry out process automation and more strategic AI and machine learning initiatives.

Unless tools and technologies complement the way people work, they’re not delivering the value they promise. Throwing every new, shiny tool at employees is making matters worse. Organizations need to learn to do more with less, especially when it comes to mission critical initiatives like cybersecurity. As such, ITSM will be critical to properly securing the enterprise and improving operations in the process.

This article first appeared on Forbes


Written By

John Milburn

Take a Self-Guided Tour

Personalize your own on-demand demo to see how identity security built on ServiceNow works.

Take a Self-Guided TourGet a Demo