A Third of CISOs Have Relaxed Security Policies to Foster Remote-Work Productivity During COVID-19, New Research Shows

  • Study brings to light the CISO’s dilemma: enhance corporate security or enable worker productivity
  • Legacy remote access solutions leave much to be desired in the eyes of CISOs
  • Half of CISOs believe security measures affect productivity when scaling remote-first policies
  • 35 percent have relaxed security policies to foster greater productivity among remote workers
  • 39 percent have left their security policies the same, either because they are comfortable with their company’s security posture or because they don’t know what changes to make

Chief Information Security Officers (CISOs) are conflicted about how to best address the shift to remote work caused by COVID-19 – especially when it comes to balancing endpoint security and worker productivity.

A new study by Hysolate explores the impact of the pandemic on large enterprises’ remote work and business continuity strategies. In a somewhat predictable finding, COVID-19 has accelerated the arrival of the remote-first era. But the study offers several more compelling findings to examine.

For example, CISOs say legacy remote access solutions such as virtual desktop infrastructure (VDI), desktop-as-a-service (DaaS), and virtual private networks (VPN), among others, are ill-suited to handle many of the new demands. Half of CISOs also believe security measures are hampering productivity when scaling remote-first policies. And bring-your-own-PC (BYOPC) policies further complicate organizations’ approaches to secure remote access, researchers note.

Respondents agree that work-from-home is here to stay, but 87 percent of CISOs surveyed fear there is no single best practice or market-leading approach to enabling workers in the remote-first era.

These numbers are markedly close to Bitdefender’s results from a similar survey. In our 10-in-10 study from May this year, 86 percent of infosec professionals registered a spike in attempted cyber-attacks on their organizations, and 81% agreed that COVID-19 would forever change their way they operate in the long term.

The Hysolate survey further reveals that 26 percent of CISOs have tightened endpoint security and corporate access rules since the pandemic’s arrival. However, even more CISOs (35 percent) have relaxed their security policies to foster greater productivity among remote workers, and 39 percent have left their security policies the same.

Researchers are on the fence as to whether the 39 percent who have made no changes “are standing pat because they are comfortable with their company’s security posture or because they don’t know what changes to make.”