How User Experience and Workarounds Contributed to an Email Scandal

How User Experience and Workarounds Contributed to an Email Scandal

December 11, 2016

by Amanda Timmons

I was recently listening to a This American Life podcast episode in the car. The episode is titled: Master of Her Domain…Name. In this episode, Ira Glass presents the facts of Hillary Clinton’s email scandal, based on a report from Politico that offers a factual perspective on the role technology played in the private server-email scandal from this year’s U.S. election. Leaving politics aside, I couldn’t help but wonder how many of us unknowingly violate security protocols and don’t even realize it. Is Clinton’s story simply a tale of a busy executive who is inexperienced with technology, working in a super locked-down environment where she and her staff felt forced to circumnavigate restrictions in order to conduct routine tasks? Let me explain.

There is an overwhelming need for the workforce to be properly empowered to conduct business within a secure environment. We see a lot of workers perform common activities such as opening phishing emails or using Dropbox instead of a designated internal SharePoint site, for example, because they make it easier to get the task at hand done. These activities can leave an organization’s IT environment at risk to some serious security breaches. In other words, when security limits or hinders people from getting their jobs done, it creates a new level of risks as workers attempt to find creative workarounds for what feels to them like roadblocks. This is true for any organization – public or private sector.

We hear about this challenge from enterprises all the time, and RES can help.

Better workforce productivity

Many workers, especially busy executives, tend to be less interested in how technology works and more interested in how they can get their jobs done from anywhere, preferably on their mobile device since they’re always on the move. As I listened to the root cause of the never-ending Clinton email scandal, that seemed very much the case for Hillary and her staff. She did not want to carry multiple devices. She wanted one device for a seamless experience to navigate the challenges of day-to-day business, while also maintaining personal business as well. This is not far off from what today’s workforce expects from enterprise IT.

While Clinton and her staff were on the move, a routine challenge they often encountered was that their network (State Department) was not compatible with the Wi-Fi of the U.S. Air Force (their mode of transportation). As a result they couldn’t complete routine tasks like printing documents from their email. Therefore, they came up with a workaround. They would forward documents from their .gov email to their personal Gmail or Hotmail accounts, and then print from their work network.

Again, politics aside, could something like this happen in your organization? Are people feeling forced to leverage personal or consumer technology because of seemingly trivial obstacles they face with internal IT? There’s a very good chance that workers – and lots of them – are finding their own solutions to productivity problems without even considering the security implications of doing so. In many cases this behavior isn’t malicious. In the worker’s eyes, they are being harmless – even self sufficient. But it opens up new risks and, in some cases, impacts compliance and regulatory restrictions.

Back to my podcast. What this revealed is how simple user experience challenges can result in high profile crises. These are not uncommon scenarios for many organizations: staff traveling on the road, needing to send an email at night (off business hours), traveling overseas needing access to apps and information to perform their duties from anywhere at any time. These situations occur for workers across many organizations, and many times workers feel their only option is to figure out how to solve their access challenges themselves.

Tighter security may not be the best answer

Every day, IT faces the challenge of balancing security and productivity. While lockdown scenarios may have worked in the past, today’s workers are too savvy for this model and a different approach is required. One way to support your workforce is with dynamic policies that provide IT with control, but enough flexibility so workers don’t feel like their hands are tied. Empower workers through self service to try and get what they need through IT rather than workarounds. With this flexibility, it is imperative for IT to have tracking and visibility to allow more, restrict less, and ensure IT can see any suspicious activity and respond quickly.

At RES, we believe organizations can get their workers productive immediately and keep them productive even as their needs change over time. Through context awareness, automation and self service people can get the digital resources they need to do their jobs without delay. This allows for security policies to be in place and adapt to the appropriate for the worker’s immediate context, and also allows for self service to support scenarios when exceptions to security policies need to be considered. Activity in the workspace and around access policies is completely tracked, so IT never has to guess who has accesses to what.

How do you balance security, while keeping your workforce unshackled and productive? 

 *Following the launch of RES ONE Enterprise on February 21, 2017, RES ONE Service Store is now RES ONE Identity Director and RES ONE Suite is now RES ONE Enterprise.