How to Balance Security and Employee Trust: Enforcement vs. Enrollment-based Security

Difficulties with an enforcement-based strategy

An enforcement-based approach to security begins with a security policy supported by security controls, which are frequently stringent and designed to prevent employees from engaging in risky behavior or inadvertently increasing an organization’s potential attack surface.

The vast majority of organizations rely solely on enforcement-based security controls, which are typically implemented at the network level with a Cloud Access Security Broker (CASB) or a Security Services Edge (SSE). CASBs protect data between on-premises and cloud architectures by validating authorization rules and access controls against the organization’s security policy. Similar to SSEs, some organizations utilize CASBs to block SaaS applications; however, CASBs only support a subset of applications.

The applications that these tools do not support are frequently the most dangerous, as they do not comply with common industry and security standards, such as SAML for authentication and SCIM for user management. Cerby refers to these as “unmanageable applications,” and their research indicates that 61% of SaaS applications are unmanageable. In the post-COVID era, the rate at which employees acquire and deploy unmanageable applications has reached a new high.

Prior to COVID, IT departments were responsible for acquiring and deploying enterprise-wide applications. The transition to remote work enabled workers in all organizations to choose their own tools. Simultaneously, rapid digitization provided them with an ever-expanding selection of tools, resulting in an increase in unmanageable applications.

The average user typically does not prioritize security. Most people assume that applications are secure, and some may not care at all about security. The majority of users prioritize usability, aesthetics, and convenience. To accommodate these shifting demands, application vendors modified their product roadmaps; for many, security was no longer a top priority.

Whether or not employees are aware of it, unmanageable applications can have a negative impact on a company’s security and frequently increase the workload of technology teams. Someone is required to monitor for unmanageable applications, manually enable features such as two-factor authentication (2FA), and enforce the use of strong passwords.

Many organizations block or prohibit unmanageable applications to alleviate the burden.

It’s completely understandable why organizations take this approach; it’s a quick and dependable method for addressing an urgent and concerning issue. However, as a long-term, comprehensive solution, a system based solely on enforcement is neither sustainable nor practical.

Employees enjoy selecting their work applications, and 92% of employees and managers desire full control over application selection. This change in behavior presents unanticipated difficulties for organizations with an enforcement-based approach.

For instance, many employees who utilize banned or blocked applications also attempt to manually manage access, despite being unequipped. According to our research, employees and managers make access management decisions on the fly, exposing organizations to risk at every interaction point.

So, what is the remedy? A more pragmatic and proactive stance that strikes a balance between employee application selection and employer priorities such as security and compliance.

Advantages of an enrollment-based strategy

Enrollment-based cybersecurity empowers employees with greater freedom, autonomy, and choice, thereby enlisting their active participation in enterprise-wide security and compliance efforts. A system based on enrollment, as opposed to one based on enforcement, allows employees to select the applications they wish to use for work.

Cerby was created in response to an unmet need for a solution that strikes a balance between enforcement and enrollment and enables security and autonomy to coexist in harmony. Creating this equilibrium is the optimal solution for both employers and employees. Employers should not be concerned about the security of employee-selected applications.

When employees recognize that application selection entails responsibility and the appropriate tools are readily available, security becomes everyone’s concern. When self-enrolling and registering applications are available, the same employees who resent policies on application selection will gladly support easier and strengthen security for the sake of compliance.

This report delves deeper into how you can provide your employees with the freedom to use their preferred applications while easily securing them with Cerby.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of