Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsSecurity Talk ColumnCybersecurity News

Are Productivity Apps More Harm than Good?

According to the website “Tech Cocktail,” there are some “awesome apps” out there to make employees more productive at work.

By Diane Ritchey
Security Talk
May 1, 2014
Yair Grindlinger

Yair
Grindlinger

According to the website “Tech Cocktail,” there are some “awesome apps” out there to make employees more productive at work. Work+, Evernote, Wunderlust, Time Doctor and Insightly are just a few.  But those apps that some employees say that they need can also be unsafe. So some IT departments are limiting their usage. The result? Employees become less productive – or alternatively, rebel, putting their company’s data at risk.

FireLayers CEO Yair Grindlinger offers tips for keeping both employee productivity and creativity high, while keeping company information safe.

 

Why are there misaligned priorities between IT security departments and employees?

While employees and the business look for functionality, usability and value-for-money, IT also looks at the non-functional aspects such as reliability, security, manageability, compatibility, and so on. Naturally, more often than not, there is a tradeoff between the functional and non-functional capabilities of technology products and services, especially for early stage companies. It may take some time for cloud application solutions to reach enterprise-grade maturity. I think the gap is slowly closing as technology is evolving and the cost of going enterprise-grade is gradually being reduced, while at the same time CISOs are developing a lot more flexibility and moving from heavy-weight rigid practices like ITIL and Six-Sigma to more lightweight, agile, adaptive and iterative practices.

 

Are there some types of applications that are more unsafe than others? 

I think it’s a lot more important to understand what level of risk the organization finds comfortable, and hence what are the protections it expects its applications to have. It is a lot more practical to form a picture of the organization’s information assets and to build a threat model around them. Then, through simulations it is easy to see how the cloud applications handling those assets fit into the model. That being said, in general, the higher the complexity of the application the greater the chance of a security failure. Typically, applications with diverse third-party integrations: APIs, mobile apps and so on, have a wider attack surface than “monolithic” applications.                             Also, although I believe in transparency, to an extent, security through obscurity works. Applications that are geared towards the enterprise and B2B, rather than B2C or C2C tend to be safer for the simple reason that they are less likely to be audited or exposed for testing. But, IT can only do so much to keep cloud applications and data secure. CISOs must also foster responsible cloud application usage among the organization’s employees. Training and support enabling responsible cloud application usage, specifically those that handle sensitive data (like IP, customer/employee PII, proprietary business information and financial data), manage infrastructure duties and financial transactions.

 

Can employers limit the types of cloud applications that are used in the workplace?

To a certain extent employers can limit cloud application usage, even institute blacklist policies, but in my view it’s futile. There is no way of 100-percent limiting exposure without affecting employee productivity. Simply blocking cloud applications leads employees to find alternative cloud-based solutions to their IT needs. Employee awareness and engagement is a lot more effective in ensuring responsibly cloud application usage. Understanding the jeopardy misuse of cloud applications can pose organizations tends to be a stronger driver than blanket blocking of cloud applications. IT can ensure a greater impact on cloud application security with training and knowledge transfer.

 

Why not just place a general “ban” on using certain cloud applications while working, like a no-smoking policy?

Banning specific cloud applications is bound to fail. Maintaining a blacklist of cloud applications is ineffective, at best. Numerous new cloud applications are launched every day – it is literally impossible to maintain such a list without a significant amount of false negatives. On the other hand, maintaining a whitelist is impractical without significantly affecting productivity for the same reasons. Being proactive and responsive to employee and customer needs will empower an organization to provide solutions with the right balance of usability and security meeting their risk profile.

 

What tips can you offer to keep employee productivity high and data safe?

The best advice I can give is to have a rigorous adoption practice in place. Allow for flexibility in terms of integration, size and depth of roll-out, modifications in features when considering security risks and user compliance. Furthermore, it is crucial to incorporate cloud application security into all aspects of the adoption cycle: from design, testing to ongoing maintenance.   

KEYWORDS: Bring Your Own Device (BYOD) security apps smartphone security whitelisting applications

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Diane 2016 200

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Feature for Cover Story April 2011

    More than a Handshake:The Security-Integrator Link

    See More
  • Cut the Cord

    Tracking Employees On-the-Go with Smartphone Apps

    See More
  • According to Dr. Park Dietz, while lots of companies have crisis management plans that kick into gear in an emergency

    Do No Harm: Profiling Evil and Violence in the Workplace

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • December 12, 2011

    Mobile Surveillance Applications

    Do you know what apps are available to you for your mobile devices to increase you Axis effectiveness? Here's a chance to find out. In this webinar session we'll update you on what is out there for camera viewing software along with our reviews. We'll also look at the Axis Product Selector tool and several other applications that are available today.
  • February 3, 2012

    Mobile Surveillance Applications

    Do you know what apps are available to you for your mobile devices to increase you Axis effectiveness? Here's a chance to find out. In this webinar session we’ll update you on what is out there for camera viewing software along with our reviews. We’ll also look at the Axis Product Selector tool and several other applications that are available today.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing