What is application choice?
Application choice: choosing the productivity and efficiency applications of your choice without security or IT approval in the workplace. Today, the majority of employees want full control over application choice, but many of those applications aren’t easy for employers to secure.
How organizations consume applications has changed. Pre-pandemic, IT departments purchased and deployed the applications employees used for work. To be approved, applications needed to support security standards for authentication and access management.
Today, users are primarily responsible for purchasing and deploying applications. This behavior is not new, but it has reached a new critical mass. A new class of users is emerging, and they are not focused on security features.
To accommodate this shift in behavior, vendors started altering their product roadmaps in favor of less security features, and today, 61% of SaaS applications don’t support security standards like SSO.
At Cerby, we’re calling these applications “unmanageable.” Unmanageable applications don’t have security APIs and they lack support for security standards, including SAML or SCIM.
It might be tempting to simply ban or block unmanageable applications, but they can also create new opportunities for organizations. For instance, some unmanageable applications increase productivity, which is good for employers and employees.
With applications so intimately connected to the way people work, and in a world where everyone works differently, employers shouldn’t expect a limited set of corporate applications to work for everyone.
With literally tens of thousands of applications on the market, narrowing the selection to a handful of tools can be frustrating for employees, and bad for productivity. Employees want to get their work done, but based on our research, they also place a high value on autonomy. In fact, 52% of employees want their company or IT department to “get out of the way” when selecting and using applications for work.
Most employers, on the other hand, are less enthusiastic about application choice – 78% of organizations have established policies on which applications employees can and cannot use for work.
Despite policies and prohibitions, employees will still use the applications they prefer. Our research shows that 61% of respondents at organizations with policies in place had applications blocked, but more than half also said they would continue to use a preferred application, even if it was prohibited.
Heavy-handed approaches to application choice aren’t working, and they may even be further entrenching unmanageable application usage among employees.
The growing preference for application choice is not simply a temporary, COVID-related shift in behavior–it’s a generational one with a lasting impact. A new mindset is emerging around application choice, and it’s not going anywhere soon.
It can be difficult, however, to find an alternative that isn’t on the other side of the security spectrum–letting employees do whatever they want. When it comes to application choice, organizations need to find the right balance between employer responsibilities with security and compliance, and employee autonomy.
A new approach to unmanageable applications can help employers and their employees get on the same page when it comes to security. When employees understand that application choice comes with responsibility, security becomes everyone’s concern.
At Cerby, we’re calling this type of approach “enrollment-based.” Unlike enforcement-based approaches, an enrollment-based approach empowers employees to choose the best applications for their work, and self-enroll them in a security solution that configures the right security policies in the background. When registering employee-chosen applications is easy, the same employees who resent company-wide policies on application choice will become willing participants in strengthening security and ensuring compliance.
We believe that application choice and security can go hand-in-hand, but only when employers trust employees to choose the best applications for their work. When employees are allowed this choice, security moves from the IT department to the responsibility of every employee.