Broadcom today released results of a third party survey examining the impact security has on end users. The survey indicates how the increase in hybrid work and reliance on cloud applications has changed the traditional concept of a defense perimeter, adding further complexity to the task of maintaining security and a positive user experience at the same time. 

"There is a tension between security and user experience," Broadcom Director of Product Marketing, David Hardman, told SDxCentral in an email.

The survey found more than half of respondents prioritize security over the end-user experience, often doing so “at the expense of productivity and customer satisfaction.” Underscoring conflict between the two, 46% of respondents said they have bypassed security to improve user experience.

The survey report clarifies that the term “users” includes customers, employees, and partners, adding that companies are “consciously losing employee productivity and making applications and services more frustrating to use for the sake of security.” That said, the results indicate companies may be trading customers for increased security. 

Executives notably led all other roles by far in responding that it is acceptable to sacrifice user experience and productivity to increase security, indicating that decisions about security are not coming from just security teams, but at the highest levels within the enterprise. 

Respondents cited hybrid workers (44%), third-party networks and ISPs (43%), and public cloud resources (41%) as the biggest impediments to full visibility. Newer security initiatives like zero trust and secure access service edge (SASE) were both identified by around one-fourth of respondents as being problem areas. 

The rapid adoption of these new technologies suggests user experience visibility issues will continue to proliferate. 

"As organizations transform their network security to distributed, cloud-based approaches such as SASE, it's critical that they employ digital experience monitoring before, during and after SASE rollout to make sure user experience is safeguarded across the entire transformation effort," Hardman said.

A majority of respondents stated that having visibility into the user-experience is key for successfully adopting SASE. The report says this result "directly indicates" security professionals know SASE impacting users is occurring and would like more information to better understand how.

In addressing how to avoid tradeoffs between security and the user experience, nearly all respondents pointed to better monitoring practices as a key solution. Ninety-two percent of security and technology professionals agreed that user experience needs to be monitored in order to determine “the exact effect a security initiative has on the user, productivity, and customer.”

A similar majority suggested the entire end-to-end path needs to be monitored when using cloud-based applications. The report notes that this is sensible in the era of remote work, especially in the case of users operating with VPNs. The complicated network path for a VPN adds opportunity for both security risks and impact to the user experience, driving the need for visibility, measurement, and monitoring.

However, it was also noted that these necessary user experience monitoring solutions require new capabilities and features. The ability to monitor users when working remotely was first on the list of needed capabilities. 

Those surveyed also expressed that a monitoring solution has to be easy to deploy and integrate with network security solutions so as to not create new security vulnerabilities. Scalability, the option to integrate with other monitoring solutions, and provide a single pane of glass were also listed as requirements. 

A majority responded it is very important that network security solutions have the full context of the larger network and larger system, like other infrastructure, applications, and services, highlighting that most practitioners believe network security requires a holistic solution.

To avoid tradeoffs, Hardman said organizations should "use solutions that can scale to meet the demands of the modern enterprise that also can span across traditional, on-premises and cloud-based security, in the context of the broader network."