Skip to main content

Putting security and performance on a level playing field

(Image credit: Image Credit: Wright Studio / Shutterstock)

Nothing frustrates users more than a slow or inconsistent desktop or application experience. It's understandable. However, this poses the question…is a compromised user worse than a non-productive user? To keep pace with today’s changing threat landscape, security teams have armed their bunkers with an array of disparate endpoint security products. This is the situation many companies are facing today. It’s become an uphill battle when IT teams look to provide both a usable and secure end user computing environment.

Business leaders are striving to maximise user productivity. They want their time to be worry-free and without encumbrance. Concurrently, IT departments and security leaders are consistently being tasked with adding layers of security to prevent threats and mitigate risks.

Unfortunately, in many cases, security tools’ protective benefits come at the cost of system performance. It's a catch-22 in many ways. The IT staff is trying to optimise security and productivity, but reduced security and deteriorated productivity are both unacceptable outcomes.

The bottom line is that both security and performance should be given equal priority, which means as end-user computing leaders define “acceptable user experience,” information security leaders need to delineate what their organisation’s "acceptable risk" is. Since data rarely has a fixed value, it’s difficult to determine its value and therefore, equally challenging to determine organisational risk appetite for data loss. But even more elusive, is finding and maintaining the critical point at which minimum risk and maximum productivity overlap.

The average enterprise endpoint has more than six security agents on it. The most commonly deployed endpoint security agents are anti-virus and firewall, followed by DLP, VPN, encryption, whitelisting, e-Discovery collectors, remediation tools, forensic tools, SIEM sensors, and so on.

A security policy that is too lax may result in inadequate protection, whereas one that overreaches often increases support issues and under-resourced endpoints that could grind end user productivity to a standstill.

Although both end-user computing and information security teams co-exist in the IT organisation, the cyberthreat landscape has created a divide between them. End-user computing leaders have begun implementing an “agent rationalisation” processes in order to curb the “agent creep” on endpoints.

Few, if any, security tools are developed with user experience or device performance impact in mind. Furthermore, many agents conflict with each other as well as legitimate productivity applications and it’s not unusual to see an anti-virus agent misidentify a legitimate application as a threat.

Greater cooperation and collaboration between the Security team and the end-user computing team within an organisation is needed

In many cases, these two IT groups within an organisation are at odds with each other. Security teams are chartered to address risks and threats, define policies and assess technology environments, while IT operations groups—server admin, network admin, and end-user computing—fret over availability and performance, keeping an environment stable, managing change, and not allowing anything in that will disrupt availability and performance. IT security often drives policy and recommends and deploys new technologies rapidly in reaction to attacks and threats, sometimes forcing technology into the environment that may have management or performance issues. IT operations is looking for technologies that have consolidated interfaces, administration, reporting and workflows that won’t cause foreign disruption to availability and performance. The most sensible approach is to have your information security team members address new threats and your IT operations team members handle business systems.

Information security professionals have a few choices available to drive their organisations toward more mature security solutions. They can continue to deploy point solutions and then try to manage them separately, further driving the silo-fication of IT, or have IT operations collaboratively manage them. They can deploy point solutions and “rip and replace” them as they find more consolidated security solutions, or they can find a solution that ties into the IT operations workflow for assessing the state of endpoint devices and virtual desktops and leverage integrated security at multiple layers.

Finding a security solution that serves the needs of both end-user computing and security teams can be a daunting task

IT must provide a dynamic trust-based security solution that holds both protection and productivity in equal regard and addresses the following needs:

  • Minimal user impact: Security solutions should be seamless to the end-user and not put any of the onus on their shoulders. They should be transparent during normal operation, reducing friction and enhancing visibility.
  • Continuous monitoring and assessment: On-demand or scheduled scanning creates a window of vulnerability—a blind spot. Continuous, recorded monitoring and interpolation is essential.
  • Edge analytics: Piecing together monitoring data after it’s been centrally collected is both resource and time intensive—the endpoint is the most privileged point of view at IT’s disposal.
  • Instant attack intelligence and remediation: Monitor and analyse suspected security incidents from all angles. This facilitates rapid response to security incidents by delivering full attack context, and history so you can immediately understand the root cause. Once an incident is scoped, you should be able to quickly isolate impacted endpoints that disrupt network communication and instantly remediate identified threats.
  • APIs, APIs and APIs: Look for solutions with well documented, mature APIs. You’ll want each tool at your disposal to integrate with other security and analysis tools by facilitating the sharing of information between products.
  • Invest in agent rationalisation: Regularly investigate and validate the performance impact and business benefit of security agents on the endpoint.

Tal Klein, CMO, Lakeside Software
Image Credit: Wright Studio / Shutterstock