Discover how Zero Trust Network Access delivers fast, reliable web application access

Back to blog

Why enterprise security needs to put the end user first

Share this article

We often talk about end users in the context of insider threats. But what if we’re missing the point?

User behavior can inadvertently open the door to a breach—we know that. We also know that cyberattacks are relentless, constantly evolving, and getting more sophisticated.

So instead of pointing fingers at frontline workers, maybe it’s worth asking if 100 percent cyber vigilance from everyone—all the time, everywhere—is a realistic expectation.

Here’s why it’s time to give end users a break:

First, the mounting scale and relentlessness of cyberattacks. Many of the vectors of infection commonly used by cybercriminals today are so well crafted that they’re bound to evade detection. Malicious emails and web pages often look legitimate and don’t raise suspicion. In addition, malware attached to emails can execute in a browser with zero action from the user—there’s no way the user would know.

Next, the influence of intuitive technology and software. Employees have become accustomed to online consumer tools that provide the most important and common functions in a simple, intuitive interface. Naturally, they now expect that kind of interface from their business tools—and they’re getting it. Users have also grown accustomed to a large degree of autonomy in using these tools. Businesses are making user experience (UX) the be-all and end-all of software development.

End-user expectations have risen accordingly. People are less tolerant of the extra steps and inconveniences that come with added cybersecurity. The friendly, easy-to-use interfaces that modern SaaS applications offer must provide protection in a manner that doesn’t bump up against the user experience, but rather works behind the scenes.

Finally, the chaos caused by COVID-19. The rush to implement remote work policies created an IT environment in which bad actors and insider threats flourished. CISOs are now looking at another risk-filled transition period as employees return to the office or make temporary work-from-home measures permanent.

Against that backdrop, how realistic is it to see end users as an effective first line of defense?

In our view, it’s better to break out of old patterns and simply separate end users from the onslaught of web-based vulnerabilities they face every day.

Many companies are considering isolation-powered security solutions—but with a twist. Previous solutions came with poor user experience and reduced productivity. Today’s web isolation security solutions are fast, provide high performance, and offer seamless UX.

The following six reasons explain why UX and end-user concerns need to be at the forefront of enterprise cybersecurity planning. A security solution should enable companies to:

1. Move confidently to digital transformation.

Moving IT and services to the cloud is a core requirement of digital transformation, but cloud apps have a habit of evolving quickly. That means the web-based tools that end users rely on can change rapidly, impacting traffic volumes and peak-usage patterns.

Sudden shifts in traffic patterns can overload network security and degrade the user experience.

A cloud-based secure web gateway (SWG) powered by isolation can put those issues to rest by presenting only a rendered version of live content to endpoints. Malware is kept separate from users’ devices—no matter what documents have been downloaded or which links have been clicked. By choosing a cloud-based solution, deployment is fast. Organizations go from vision to value very quickly.

2. Maintain the user experience.

Security solutions shouldn’t slow things down or interfere with typical workflow. If they do, it’s safe to assume that users will find a workaround of their own, which may or may not be 100 percent compliant with company security rules.

For remote and mobile workers, workflow killers such as poor connectivity and loss of access to network resources can be an unintentional consequence of investing heavily in technology that focuses on detecting and remediating security incidents. Spending more to keep everyone in line can impact the user experience and make security worse instead of better.

CISOs shouldn’t have to choose between diminished UX and more robust protection. Web isolation technology eliminates security-related network performance issues by letting traffic flow freely but keeping it away from users. 

3. Keep remote working safe.

Seventy percent of employees[1] use SaaS solutions and remote network access to connect devices to company networks. That makes cybersecurity harder to deliver. When user devices and IT teams are geographically separated, browser exploits become a bigger worry, and security updates must be regularly maintained.

To give end users complete protection, web isolation creates a separate and ubiquitous security layer in the cloud. All web and email traffic flows through it, so this security layer blocks malicious traffic and isolates everything else away from employee devices.

——
Often [1] The Future of IT Network Security Report 2020, Menlo Security

4. Accommodate more user devices and endpoints.

The future of work is remote and mobile. The majority of web searches now originate from smartphones and tablets. Mobile devices play a central role in personal and office computing—creating new network endpoints that need to be secured.

By leveraging a cloud-based SWG, end-user mobile devices are protected in much the same way desktop computers are—by executing active content away from the endpoint. That approach maintains a transparent user experience while retaining the security benefits of keeping Internet traffic and devices separate.

5. Protect end-user productivity.

Of course, the flip side of efficiency is productivity. Most end users need to access company networks through a VPN, but the increased volume of work-from-home traffic has many businesses looking for a new approach.

With cloud-based web isolation, organizations can implement an isolate-or-block approach, stopping known malicious traffic straightaway while all other traffic is fetched and executed in a cloud-based browser far from the user’s endpoint.

As cloud collaboration solutions like Office 365 and Google Workspace grow in popularity, web isolation protects them without diminishing application performance. The same fast data compression and screen rendering technologies sustain the user experience. Remote teams can work together on files and documents in a fast and lag-free environment.

6. Allow policies and controls to follow users.

If users are increasingly relying on web-based apps, websites, and SaaS platforms to do their jobs, the only way to protect them is by moving security services to the cloud, too. Regardless of where users log in from, policies and rules can follow them.

Cloud-based web isolation creates an additional layer of security, separating users from the public Internet while maintaining seamless access to cloud applications. It doesn’t matter if there’s a vulnerability, because no live content is executed on the user’s device. 

Home free

As things drift back to a semblance of normal, cybersecurity is going to have to learn how to deal with its own reaction to the pandemic—struggling to keep up with an expanded attack surface and the evolving end-user behaviors driven by a distributed workforce.

In 2020, more than 80 percent of IT decision makers said they’d experienced a breach. Cloud-based web isolation technology can help security teams leapfrog end-user vulnerabilities and chuck those kinds of statistics into history’s dustbin.

Discover how Menlo Security is helping enterprises protect the productivity of remote workforces by helping them kickstart their SASE journey. Download this free ESG white paper to learn the phased approach needed to successfully adopt the SASE framework.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.