It's inevitable… a few times a week, my system slows to a crawl doing seemingly mundane tasks. Moving from one application to the next, or even navigating our intranet becomes a trial of patience. Originally I thought it was the application set I was using on a daily basis. Enterprise resource planning, internet browsers, development studios, mail and instant messenger clients. Each of these a known resource hog vying for what little available scraps of memory my system would cough up.
After some hallway grumbling with my co-workers, I turned my attention to not what I was running but what was being run for me. Automatic backup utilities, automatic patching software, and in the anti-virus suite with its omnipotent host intrusion protection. These applications lurk in the background, helping to keep us safe from the pitfalls of the electronic age. They are absolutely necessary to protect our company and its stockholders, but the value can come at a high cost.
Any one of these apps coupled with your normal application load can bring an older system to its knee's on its own, but how about your backup utility kicking off while your antivirus software is in mid-scan as you happen to be running collaboration software sharing out a debug session in your development studio. Not pretty.
The productivity loss is cumulative... two minutes here, five minutes there, ten minutes for a reboot after a hard crash. Soon you've lost an hour or two over the course of the week, or a day or two over the course of a month. These things can be minimized by having systems capable of handling the multiple application loads that both the users need, and the ever shifting security environment requires. The threats won't ever go away. More than likely, they will get worse and the applications needed to stop them will get bigger and more resource intensive.
Great post! Finding the right balance is key. Security is not free. One of the costs is a hit to end-user productivity. Great opportunities exist to make security tools more efficient, but threats are constantly adapting and new exploits emerge at a terrifying rate. Security vendors find themselves in a continual race to upgrade in a timely manner to intersect for maximum effect. In the rush to deploy, solutions tend to be less optimized. It is a competition. One which the attackers can set the tempo and the defenders must make decisions on how best to respond.
Beyond the attackers and defenders of the systems, the end-users (potential victims) are also part of the equation. They have opinions which can change as often as the tides. If you have not felt the sting of an infection for some years, then continual performance degradation from scans and updates appear to be an annoyance and considerable overkill. Those who have shed tears due to malware, are more likely to accept the delays incurred by security tools and feel a warming sense of protection, knowing their data is being actively protected. User perception is critical for acceptance and support. Their collective voice can have a profound effect on future information security initiatives. Coming full circle, managing the balance is key.