During my years consulting at Bechtle in which I advised a multitude of companies of various sizes, I heard quite a few arguments against using corporate security solutions. Starting with the simple argument that their company had never been the victim of a cyber-attack to the well-loved statement that security solutions would limit employee productivity. I always responded with former FBI Director, James Comey’s infamous quote: “There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”
Looking at the statistics that show companies in Germany generally discover a hacker attack 180 days after the event, there is more than a grain of truth in these words. We often found ourselves called in by customers once a certain amount of time had passed, because an attack on their network had finally been discovered—sometimes it even became clear that the hackers had been active in their network well before our first meeting. The irony of fate.
Addressing the second argument that security solutions limit productivity is somewhat more complicated. This can happen if the security solutions are not integrated with each other or the protection mechanisms are outdated, and therefore not using artificial intelligence to react to the latest complex attack vectors. This also means that it is particularly important to use security solutions that don’t limit the user experience. This is achieved when you can ensure that your chosen security solution does not affect your employees’ daily workflow.
For example, when an employee logs on to an end device and enters their authentication credentials into the system, they should be able to use the company’s other applications without having to log in again. Microsoft’s Seamless Single Sign On to other SaaS technology—included in Microsoft 365 E3 licences—facilitates this in a cutting-edge way.
The benefit of modern authentication mechanisms, such as multi-factor authentication, is that they can now be implemented and configured so that employees are not even aware they are being used.
Another good example is keeping private and corporate data separate on an end device in a type of background container. Employees wouldn’t be aware of this process, but it actively boosts security because if the device is lost or stolen, the end device can be easily either completely or selectively wiped by corporate IT via the cloud.
All of this can also be combined with biometric authentication methods such as face recognition with Windows Hello for Business or a standard fingerprint. This attractive method therefore ensures that all users have to do is enter their PIN or complex password for simple work processes.