The writer postulates as follows
"I'm researching how too much or inappropriate security measures can have a negative impact on productivity".
My reply follows:
I would love to know what "too much security" means.
I mean no insult to anybody here, but this thread (absent some excellent information) reminds me of Goldilocks and the 3 bears.
Goldilocks logged on with one user account and obtained access to too many things, above and beyond what she required to complete her assigned tasks.
She logged off then back on with a different user account and found that she did not have access to all of the tools she needed to complete her assigned tasks.
She then logged off and on one last time and this time her access was just right.
She could get to all of the tools she needed to complete her assigned tasks, nothing more, nothing less.
Ok, first of all, there is one problem here:
Goldilocks either has too many accounts or is logging on as somebody else.
Ladies and gentlemen, it's all about governance and compliance.
As long as management documents what tools are to be deployed, to whom and under what circumstances, the powers tasked with provisioning users with access to their applications should always grant Goldilocks what's "just right".
If Goldie doesn't have enough (correct) access, that doesn't mean that there is too much security going around.
It means that those parties responsible for access control are having some problems getting it right.
It may not be their fault. Perhaps there was something missing from whatever means were used to communicate Goldilocks requirements to them.
Properly managing access to applications assures Confidentiality, Integrity and Availability (CIA).
Read that as productivity.
If you can provide me herein with real-world examples of a loss of productivity brought about by managed access (not mis-managed access), I would appreciate the information.
No comments:
Post a Comment