Although it may seem counterintuitive, many organizations will find themselves in awkward positions where they invested time and money into a new software platform, Cloud Security solution, or automation tool only to not fully adopt it (or even use it at all). For instance, something as time-saving to employees as customer relationship management (CRM) software only shows that less than 40% of organizations have an end-user adoption rate above 90%.
When you start to talk about cybersecurity technology, the issue remains persistent despite how critical proper security hygiene is for organizations in this day and age. For example, only 41% of companies reach 100% user-adoption for something as essential as multi-factor authentication (MFA) tools.
This is problematic for multiple reasons. One is that companies are wasting tons of resources on Cloud Security software not even being fully implemented or utilized. Another and arguably more important consequence is the disconnect between how leadership sees their organization’s cybersecurity program and what controls are actually being used. The result could wind up being successful cyberattacks that companies’ assumed would be prevented from the exact platforms they invested in.
Why the Reluctance?
There are an array of reasons why organizations will purchase a security solution such as MFA software, email encryption, antivirus software, or a password management tool only to fall short on the implementation process. Ultimately, the blame can be spread to the individual end-users, organizational management, the vendor who sold the solution, or some combination of the three.
Misunderstanding of Professional Training Service
This first cause is specific to when a company will purchase a Cloud Security software then hire either a third-party consulting firm or enroll in a professional training service offered by the vendor to help roll out the platform. Regardless of how easy it is to use, the subscribing organization will assume that the professional training service will hold their hand and do everything for them throughout the deployment.
Think of this issue as a class in high school or college. You are assigned to read a chapter before class to have a baseline understanding of the subject matter before going deeper into it during lectures to help with knowledge consumption.
The same idea is found here only instead of “not reading the chapter,” organizations aren’t taking advantage of the free tutorials the professional service firm wanted them to complete before the consulting meetings. This limits retention of the knowledge needed to operate the platform’s features making it far more difficult to understand and utilize fully.
Cloud Security Software Requires System and Policy Adjustments
Particularly with larger enterprise-level businesses, adopting new Cloud Security software also requires the firm to write, rewrite, or make changes to their technology-use policies and guidelines. Oftentimes, the organization will mirror the same policies in congruence with the new platform. This becomes especially problematic if the updated policy is being written for a new solution that doesn’t work well with older systems or their current infrastructure.
Alternatively, if the security software is an entirely new solution, such as if a business was implementing an endpoint detection and response (EDR) tool for the first time, it would require that organization to create brand new company-wide policies. In the worst-case scenario, they could also be forced to make adjustments to their entire IT system just to make it work. Under these circumstances, the company may just decide the solution isn’t worth fully adopting.
End-Users Just Can’t Seem to Commit
As mentioned in the beginning, the issue of individual user-adoption is seen for all types of software — not just security tools. Sometimes, this is the result of the end-users not being consulted by management on a security product decision — leaving them unhappy, unprepared, and unwilling to use the new software.
Regarding the MFA user–adoption statistic referenced earlier, there was a clear and strong correlation between satisfaction with the product and user-adoption. Cloud Security Product satisfaction generally comes down to the platform’s ease-of-use, proper training, and whether or not the solution was labor-saving to the employees. If all of these boxes are checked, it ends up being company culture and the effectiveness of the rollout plan that dictates adoption success.
Misrepresented Sales “Propaganda” by the Vendor
The root causes of the factors above could start at the purchase-level. The sales representatives of the software vendor may prioritize closing the deal despite whether or not the tool is a good fit for that business and it’s users.
When request for proposals (RFPs) are used for software procurement, bidders often refrain from fully answering the submitted questions around the compatibility with the firm’s infrastructure. This leads to purchasing decisions not in the best interest of the client and a low likelihood the new security platform will be implemented properly.
All of these factors play into an organization’s success for adopting a security Cloud Security SaaS platform. The conclusion is either a security solution that remains unused, not fully adopted by all users, or a deployment that takes exponentially longer than it would’ve if appropriate training practices were planned and executed.
Organizational (Non)-Adoption Horror Story
Let’s take a look at the less-than-ideal circumstances of an organization seeing the pitfalls of poor solution implementation. We’ll say that ABC Finance Corp, a large banking agency, recently accepted RFP bids for an MFA solution. The vendors each embellished on their low-cost options and product ease-of-use while taking no consideration to the fact that a large majority of the ABC Finance Corp infrastructure is cloud-based.
That said, they ended up selecting a product that only could be administered for on-premise environments and exclusively worked for on-premise applications — only accounting for a handful of employees.
After rolling out the new solution, they decided to adjust their policies to remove password management as a required security awareness training module because they made two major assumptions: 1.) The new platform worked for everyone (including remote employees) 2.) The new software protected them against any attack incubated by password harvesting.
Unfortunately, one of the remote employees who used a cloud-based application to quote their insureds and store their documents fell victim to a phishing scam where they divulged their login credentials. Hundreds of client files had been put at risk because this employee was not prepared for this kind of attack and didn’t have the MFA security layer (as they weren’t on-premise).
Overcoming Cloud Security Technology Hesitance
Now that you understand the problems with organizational adoption of security software, what are some things that can be done to overcome the issue?
Take Advantage of Free Trainings
Almost every security software on the market offers free training tutorials and online resources. Therefore, whether or not you are contracting with a training service, you should use them to learn and retain information on how the solution works. Proper training lets end-users fully understand the product, increases their satisfaction with it, and ultimately speeds up the whole adoption process.
Utilize a Proof of Concept or Proof of Value
A proof of concept (POC) or (POV) is a process of slowly determining whether an idea, such as implementing a new security platform, is feasible. In regards to security technology, a POC allows organizations to see if the product is right for their system, infrastructure, and users through free trials and product demonstrations. This process also helps work out logistics to see if the solution can work when scaled at an organizational level.
Develop the Right Cloud Security Culture and Rollout Plan
Easier said than done, establishing a culture that enforces adoption and creating a detailed rollout plan answers the big question: “How do we get our end-users to adopt this?” As you set up your strategy and process to accomplish these initiatives, ask yourself some of these key questions:
- Are our employees (end-users) on board with this product/Did we consult our employees before purchasing?
- Do we have a way to enforce the use of this new platform?
- Are we offering any (positive) incentives to make employees excited about this platform?
- Have we set a realistic expectation on when we will reach 100% adoption for this new platform?
- Is there a way to reinforce the top-down commitment to this platform adoption?
- Are we offering enough training for our end-users to be comfortable with this platform?
- Are we frequently measuring the adoption and utilization rates of this new platform?
- If we are falling short on adoption rates, do we have a plan to get the numbers up?
Having solid answers to these questions, by default, will put you in a strong position culturally and strategically to implement your new security software solution.
Rollout Your Cloud Security Software With Ease
Ascension Global Technology is ready to assist you with selecting and implementing the right solutions for your unique security needs. Through training, proof of concepts, strategic methodologies and our product expertise, we can ensure a smooth adoption process of your new security platforms that will meet system requirements and satisfy your end-users. Schedule a consultation today to speak with an expert and get started.
