New research has found that many workers value trust more than money

0

Most workers and managers in the US and UK value trust in the workplace more than financial compensation, according to new research published on Tuesday.

In a survey of 500 workers and managers in the US and UK by Osterman Research for cybersecurity firm Cerby, nearly half (47%) of respondents said they would take a 20% pay cut in exchange for an employer’s trust.

Other features the researchers found highly valued by employees included flexibility (48%), autonomy (42%) and the ability to choose the apps they need to work effectively (39%).

Osterman and Serby’s Employee Trust report examines the impact of zero-trust principles, which many companies are quickly adopting as a solution to the cybersecurity needs posed by employees and managers using “unmanaged applications.”

“Applications are closely related to levels of employee engagement and empowerment. If employers try to block these apps, which they often do, it has a negative impact on trust,” noted Matt Chiodi, Trust Manager at Cerby, a provider of zero-trust architectures for unmanaged apps. Located in San Francisco.

“Sixty percent of employees said that if an app they wanted was blocked, it would negatively affect their attitude toward the company,” Chiodi told TechNewsWorld.

“The answer for employers is not to block these apps, but to find solutions to help manage these unmanageable apps,” he said.

concerns about control

Security teams shy away from using unmanaged applications, known as shadow IT, for a number of reasons. “Employees come and go. An organization can end up with thousands of unused credentials accessing its resources,” explained Schylvester Sebeny, CISO and co-founder of Zurich-based email encryption-based security solutions company Tresorit. .

“With a mountain of dormant access, hackers are forced to enter multiple locations undetected, opening the door for lateral movement into an organization,” Sebeny told TechNewsWorld.

Unmanaged applications can put an organization at risk because it can’t control the security practices it’s tasked with developing and managing the application, notes John Yoon, vice president of product strategy at ColorTokens, an Autonomous Zero-Trust Cybersecurity Systems solutions provider in San Jose, California.

“Furthermore, the organization has no control over application security update requirements,” Yoon told TechNewsWorld.

Without application controls, organizations can’t trust it to access their environments, says Mike Parkin, senior technical engineer at Vulcan Cyber, a Tel Aviv, Israel-based enterprise cyber threat SaaS provider.

“Allowing employees to choose the best tool for the job is welcome, especially when working with their own equipment,” Parkin told TechNewsWorld.

However, he stated that “this requires compromises with an organization struggling to vet selected apps and employees willing to give up when their preferred app is not on the approved list.”

Roger Grimes, data-driven defense evangelist at KnowBe4, a Clearwater, Fla.-based security awareness training provider, took a tougher view.

“The organization’s cybersecurity risk managers need to determine whether the risks are worth the benefits,” Grimes told TechNewsWorld. “You don’t want the average user to decide what’s safe or dangerous for the organization any more than you want the average passenger to fly the plane.”

Is it worth the risk?

Apps are considered unmanaged because they often don’t support common security measures like single sign-on and automatically adding or removing users, Chiodi explained.

“It’s a risk to businesses, but business users still need these apps,” he said. “Companies must find ways to manage these applications to mitigate these risks.”

Labeling unmanaged applications is misleading, notes Marcus Smiley, CEO of Littleton, Colorado-based IT solutions provider Epoch Concepts.

“They’re built without support for modern industry security standards, which makes them difficult to monitor and protect,” Smiley told TechNewsWorld, “but that means they can’t be controlled like other apps, but they can be controlled in different ways. »

“When unmanaged apps are used, there’s always a reason,” he said. “Most organizations need good communication between IT and employees to explain company policies and the reasons behind them.”

“IT must also provide channels for application requests and be proactive in providing secure alternatives to problematic applications,” he added.

Smiley said that in some cases, allowing applications that are not controlled by tracking is appropriate to ensure that identity management best practices and secure configurations are implemented instead of insecure ones.

“At the end of the day, there is no such thing as a risk-free cybersecurity strategy,” he said. “Every security program—even zero-trust ones—involves tradeoffs between critical business functionality, performance, and risk.”

A necessary balancing act

The safest approach is to review any application prior to acceptance by a person or team with cybersecurity expertise to identify any issues that may arise from using the software or service, ensure compliance with legal requirements, and schedule ongoing maintenance. Chris Clements is vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Arizona.

“Unfortunately, many organizations don’t have the experience or resources to properly assess these risks, resulting in the process not happening at all or taking weeks or months, damaging employee morale and productivity,” Clements said. TechNewsWorld. .

“Balancing cyber security risks with the needs of employees is a practice that organizations must take seriously,” he said. “Allowing a Wild West approach inevitably creates cybersecurity risks. But on the other hand, being too strict can lead to choosing or not endorsing product or service solutions that are too compromised in terms of performance and ease of use.

“This can create resentment and cause employees to leave the organization or actively bypass security checks,” he continued.

Excessive use of zero-trust principles can also exacerbate this frustration. “Zero trust is all about data, access, applications and services,” Chiodi explained. “But when it comes to building trust on the human side, companies need to strive for higher trust. The two are not mutually exclusive. This is possible, but the way employers use controls needs to change. security.

“By offering technology options to employees, companies can demonstrate that they trust their employees to make technology decisions that help them improve their performance,” added Karen Walsh, director of cybersecurity consulting firm Allegro Solutions in West Hartford, Connecticut.

“By reinforcing that with education around the ‘compromise’ mentality, they’re strengthening the relationship with their employees,” Walsh told TechNewsWorld.

All news on the site does not represent the views of the site, but we automatically submit this news and translate it using software technology on the site, rather than a human editor.

Leave A Reply

Your email address will not be published.