Security risks of neglecting the workforce experience – Avaya
FYI, this story is more than a year old
Article by Avaya solutions specialist Doug Richards
Government departments and enterprises are wasting millions of dollars every year on cybersecurity because they fail to also invest in the user experience.
Australian organisations are aspiring technology leaders that understand the importance of cybersecurity, and for government agencies, this is a matter of national security.
But all this protection can still be completely undermined by a single indiscreet act of exposure. What good is cybersecurity if a user views encrypted messages amid prying eyes on public transport or has a classified phone discussion in an airport lounge?
In the modern, digital workplace, people expect to be able to engage and collaborate in real-time regardless of location, network or device.
However, the downside of this trend is that users of technology often become the weakest link in the security chain.
With the mobile digital workforce expected to increase to 1.87 billion people by 2022, or 42.5% of the entire global workforce, the management of this technology-savvy demographic must be a top priority for governments and enterprises striving to achieve their business and operational objectives.Don’t be blind to the bigger picture
Security discussions are focusing on technology factors: systems, networks, devices, and encryption.
These factors are mandatory but do not address people and context, and how we collaborate. They neglect the user experience and context, which leads to shadow IT and unauthorised cloud apps, which leads to poor situational awareness.
Improving security in the mobile digital workplace is as much about people and context as it is about technology.
Without the bigger picture – a great user experience with situational awareness – people can’t make effective decisions aligned with an organisation’s security parameters.
Context is so critical because it can moderate the tone and content of conversations.
Consider colleagues having a face-to-face conversation as they walk through the open plan office and into a meeting room.
They will moderate the tone and content of their conversation as they walk through the office, and once they are in the meeting room and have closed the door and the conversation is private.
If a guest enters the room the context has changed yet again, and the conversation adjusted.
In the mobile digital workplace, the context is less obvious.
The interactions are virtual and on our devices; we are not aware of the context in the same way as we are in person.
For example, who else is on the call and have we verified their identity? Where is everyone located? What devices and apps are being used? Over which networks are we connecting, and are the connections encrypted?
All this rich contextual data is relevant and accessible.
Technology can capture, analyse and present this context to the user in real-time.
This context can empower the user to moderate their conversations and the content they share.Protecting all parameters
The significance of context is further exemplified in the Australian government’s security classifications model which very directly informs the user experience and impacts security.
Specifically, email is the only digital communication medium in government today that provides a visible security context to the user.
For example, [SEC=<CLASSIFICATION>] in the subject and body of the message.
Now envision automating the application of security classifications in the mobile digital workplace.
Real-time security classifications for voice calls, video conferences, and messaging.
This will transform security and the user experience in the digital workplace by clearly headlining to the user when they can and can’t have a classified conversation.