When does security inhibit productivity?

The current security craze is affecting more than our daily computing.  The implementation of various security measures has gone beyond standard security measures and has entered the obscene.  Where do we draw the line between taking precautions and stifling productivity.  IT concerns are valid, immeasurable, and undeniable… however, so is productivity.

If we look at a company I have done business with as an example; the company has implemented numerous security measures such as Hard Drive Encryption, Web Filter, Password Policies, Internal and External Firewalls, IP Security, Port Security, SPAM Filtering, Domain Policies /scripting,  and more, all in an effort to protect themselves.  All these security measures can be viewed by IT as necessary measures, however daily business has been greatly affected and a productivity decline has been noticed.

From a user and vendor perspective, this makes doing business difficult.  The inability to accomplish necessary tasks easily has become too prevalent.  Valid emails have gone lost to spam filters, user login times have been extended from 1-2 minutes to 4-5 minutes because of IT required login scripts and hard drive thrashing.  System Monitoring packages (Landesk like) is constantly inventorying my systems.  Web research has been limited because other company’s web sites have been filtered due to keywords.

The effects of IT paranoia stretch far beyond simply productivity too, they affect workplace morality.  I cannot tell you how frustrated I get waiting for an email to simply open because my hard drive is thrashing non stop.  Hard drive encryption along with all the other things going on have made my system nearly useless.  This is the reason there are fragments of coffee cups left on the floor near the wall in the break room.

Hard drive encryption has been implemented by many companies as a means to protect valuable data on company computers.  The short sighted nature of this implementation is that many times this security measure is installed on a company laptop.  The idea IT has is simple, if its stolen, lets protect our data by making it unreadable in OTHER systems.  However, if it’s stolen THEY HAVE THE LAPTOP! One can run a utility to change the local administrator password and have access to the system anyway (tested).

Many will argue that these measures are absolutely necessary and that the loss in productivity is worth the price to protect our data.  Think about that when replying to an email that used to take seconds is now taking minutes instead.  The cost of implementing the security packages, maintaining and updating them, and the cost of lost time per person in an organization has now been translated into a monetary company wide bottom line loss instead.

Some say the transition to cloud based computing will be the answer, I don’t agree.  IT departments are too ingrained in today’s security measures to leave them behind and I only see it getting worse as computing evolves.  I don’t blame IT though, they are doing what is necessary… I blame you, the user.  People like me would not be affected by these things if you didn’t install spy ware on your company computer, if you didn’t visit porn sites at work, if you didn’t leave your laptop on the front seat of your car with your windows open, if you weren’t so damned lax about your computing life.  Would you treat your wallet this way? Leave it wide open for others to look through, take things out, etc? Until users regain respect for their employer the shift will never happen.

Remember the days when you could leave your front door unlocked? Don’t blame the Police for an increase in crime, blame the people that do the crime.  The same goes for IT…

So where does the line get drawn? Does IT loosen its reigns and hope that users align properly? Do users beg and plead for more freedom and promise to not abuse it? You tell me… What are your thoughts?