Recent Study Shows Employees Believe Productivity is More Important Than Security

September 29, 2014 • Devin Partida


It’s an age-old issue, which has begun to reach a boiling point in the age of information: the inherent balance between productivity and security. Wherever there is productivity, there is compromise on security; and the same is true vice versa.

Recent studies have suggested that productivity is winning in popularity. While this might be considered an advantage in certain industries, there might be a compromise coming down the tracks of the security-risk nature.

How Productivity Is Winning

The Raytheon and Pomenon Institute survey found that 52 percent of employees wish for lesser security measures with increased opportunities for enhanced productivity. This report was discussed in an post, and author/editor Galen Gruman drew a few conclusions from the data.

  • First, the survey results seem to be fairly sensible, given how underfunded IT security departments are these days.
  • Second, most employees tend not to take IT security seriously, because few understand the risks and how easily a server can be breached.
  • Third, employees are opting for a more convenience-oriented work environment (receiving company emails on their smartphones, writing passwords on sticky notes, etc.) Mobile virtualization is the name of the game, and it’s not easy to appropriately secure virtualized data, much less a personal mobile device.

Overall, much of this issue boils down to the new remote working trend and BYOD (Bring Your Own Device). Let’s face it: While your company’s servers and workstations might be fairly secure, your smartphone and personal laptop are probably not.

BYOD is sparking a revolution in companies providing a way to kickstart a massive boost in productivity, and this could be an excellent choice for some of these companies, although this largely depends upon the data in question.

Why Some Things Are Better Left Secure

One of the biggest reasons why the above study raised quite a few eyebrows in the IT security community was because the people surveyed were federal employees. Gruman did have a point that the study was likely skewed towards a security-oriented perspective (given that Pomenon is an IT company, and likely using the study to sell a product). However, the employees surveyed weren’t exactly in the business of selling T-shirts and power tools. These are government workers, and the data they work with should probably not go on sale to the highest bidder.

Especially in the health industry, the protection of patient medical data is of massive importance, due to the need to strictly follow HIPAA laws. This is one reason why health-care providers take IT security very seriously, even configuring security settings in printers, which may be overlooked in other workplaces.

phone and computer

Data Breaches Are a Rising Trend


Even so, discussed the same Pomenon study, which showed that 43 percent of companies have suffered some kind of data breach within the last year. This figure is up 10 percent from the year before. With such a rise in these statistics, many believe that hacker numbers are growing, and companies can no longer afford to ignore the problem.

One certain type of data breach, which has become a major headache for companies and authorities alike, is ransomeware. Michael Santarcangelo of describes this breach as the “equivalent to a cyber stickup” and essentially holds a company’s data hostage unless it pays the hackers to divulge the key to the encryption over the company’s own servers.

This issue appears to be getting worse. The FBI estimates that ransomeware Cryptolocker collected $30 million in ransom from September through December 2013.

This is why there appears to be a boiling point, and we appear to be headed straight for it within the next few years.

Maintaining Productivity in a Secure Data Environment

This issue will have a noticeable impact on productivity, because the more gates you have to unlock to access data, the more you have to stop and produce a key to unlock it. However, a major data breach would certainly bring productivity to a screeching halt.

Nevertheless, where there is trade there can also be compromise.

I believe the future of IT security will not revolve around beefing up security measures, because those are already good enough in general. In the future, the most productive companies will find a way to make identifying a friend from a foe a much simpler, easier process.

If companies can make it easier to unlock their data for the people that are authorized to get to it, then those companies will thrive in a world full of hackers. However, there must also be appropriate measures taken, depending on the security value of such data.

So when asked if I favor productivity or security, I simply reply “yes.”

Image by FirmBee