remote work
PHOTO: Meri Sorgaard

The results are in: Successful digital transformation needs to go beyond the traditional IT playbook. No longer can organizations just look at technology through an IT lens. To succeed, IT organizations need to adopt a strategy that empowers employees with technology to innovate on their terms. 

In recently commissioned research by my company, VMware, the results showed a direct correlation between enabling employees with a positive digital experience (i.e., device choice/flexibility, seamless access to apps, remote work capabilities) and an organization’s competitive position, revenue growth and employee sentiment.

Moreover, providing a positive digital experience to employees is quickly being viewed as table stakes to current and potential employees. Employees today not only expect better digital experiences but also feel entitled to them, typically without considering or understanding the potential impact on their organization’s security. This puts IT in a tough spot.

IT Faces New and Bigger Challenges  

As the number of devices accessing corporate data grows and as workers continue to work outside of company walls, the security perimeter expands — leaving IT with a larger attack surface to manage and contain. This has led IT organizations to buy a lot of security products to manage the problem. IBM estimates cybersecurity teams today use an average of over 80 different security products from 40 different vendors that are typically siloed and provide limited visibility across the environment. As a result, if a breach is detected, on average it takes up to 69 days for a company to contain that breach, according to a 2018 study from the Ponemon Institute.

IT organizations have typically responded to these daunting headwinds by blocking application access, which has impacted employee experience and productivity. So, it’s no surprise that employees have made it their mission to come up with workarounds to get what they need and, in the process, circumvented security controls. Without a doubt, there’s a growing gap between employees’ expectations for a productive experience and IT’s need to maintain security standards today. This gap is only growing.

To strike a balance between employee experience and IT security, organizations need to embrace a digital workspace strategy that helps IT empower employees to be successful. Getting to this ideal end state requires commitment and collaboration between HR, business, IT and InfoSec teams. When it comes to building a secure, agile framework to enable an employee-empowered digital workspace, consider the following best practices.

Related Article: Bringing Shadow IT Into the Light

Make Employee Experience a Team Sport

IT teams have historically been centered around siloed tools and processes. Meanwhile, HR has been focused on HR systems and people processes and is the first touchpoint for employees.

With each of these teams having a unique perspective, a lot can be gained when HR and IT come together to tackle the challenge of improving employee experience. Bringing IT and HR together through a human-centered design thinking approach can accelerate the culture shift needed to adopt digital workspace strategies.

At VMware, we have HR practitioners regularly meeting with our engineering teams to share feedback on how we can improve our digital workspace tools to address HR-centric issues such as recruitment, onboarding, employee engagement and retention.

We also see other organizations starting to encourage this sort of cross-discipline collaboration. For example, many companies have created a "Director of Employee Experience" role to ensure someone is always prioritizing employee experience as new IT tools and HR processes are developed and introduced. This person connects IT, HR, and line-of-business teams to develop solutions that help employees work their very best in any role.

Related Article: Sound Familiar? 4 Phrases That Show Your Employee Experience Needs Work

Build a Zero Trust Security Framework with Employee-Friendly Policies at the Center

As corporate security perimeters expand, many companies are adopting a “Zero Trust” security architecture. Put simply, Zero Trust means that all sources attempting to access company data — either from inside or outside a secure company network — must continuously be verified. This “never trust, always verify” mentality ensures the right people have the right level of access, to the right resources, in the right context.

At face value, this approach appears to pose a threat to user experience. After all, “never trust” doesn’t sound very employee friendly. However, if done right, this security framework can actually improve user experience. For example, adaptive access can help keep an organization’s security posture in check, while providing transparency and options for the employee to engage on their terms.

While there is no silver bullet when it comes to achieving a Zero Trust security architecture, identity, access management and device management are the core technologies that organizations should start with on their journeys. By implementing these technologies as part of a broader security architecture, IT can verify user identity and device compliance as individuals access company applications and resources.

And, on the employee side, identity and access management make the user experience simple. Once an employee’s identity and device status are known and deemed trustworthy, that employee can seamlessly jump from app to app without having to reenter their corporate password at every turn. And, with a digital workspace environment enabled, employees can access all of their company apps from an app catalog with one-touch — utilizing single-sign-on capabilities.

Identity verification is something employees are used to with the advent of fingerprint and facial recognition security technology. When leveraged to protect company information, the overall experience becomes more natural, familiar, and seamless for employees, while at the same time providing IT with the reassurance they need when it comes to security.

Related Article: Why HR and IT Are Teaming Up to Prevent Data Breaches

Security and Employee Experience in One

In today’s environment, it’s not only possible for business and IT teams to come together to build a security framework that enables (not hinders!) an employee-empowered digital experience — it’s great business practice. With the right policies and tools in place — from bring your own device (BYOD) and choose your own device (CYOD) to adaptive identity management and native app delivery — IT can develop a security framework that more than satisfies their requirements while meeting employees’ expectations for a great digital experience. And when this happens, organizations can unleash employee productivity in new and exciting ways to grow, transform and expand their business.