目次
お急ぎですか?
PDFをダウンロードして後で見る
Enforcing security and compliance without risking your sanity
はじめに
Remember when the entire “software landscape” of the average business was a suite of office apps like Word and Excel?
Now, the average business is running over 110 SaaS applications.
That’s more than a landscape. That’s an entire national park system.
With every piece of software that employees use in their day-to-day, the CIO role gets harder. It’s your team’s job to secure this massive and expanding digital realm. And you have to do it while employees (whether they realize it or not) undermine security, compliance and efficiency.
This guide is for CIOs who see their company’s risk profile rising by the minute. It will help you identify the most common risks and get started thinking about how to mitigate them.
Who We Are
Pendo is the #1 global software experience management (SXM) platform. Pendo works on top of any application, whether it’s your own, custom made, or 3rd party like Salesforce, Zendesk and others.
Pendo delivers:
- Analytics of your software usage data to drive insights
- Feedback tools for qualitative user experience data
- Session Replays to better understand friction points
- Embedded Guides that provide in-context help
Our clients range from international airlines to tiny tech startups. We’ll toss in a few customer stories throughout the guide, so you can see what these solutions look like in action.
Risk #1: Security Vulnerabilities
We’ve all seen how the most sophisticated software protections can crumble in the face of human error. How can you keep employees safe from themselves?
問題点
Employees may be unaware of security threats linked to specific software in their Saas stack. Or they may not have a grasp on security best practices in general. Password hygiene, safe data sharing between employees, authentication—they’re all potential points of failure.
The Risk
In extreme cases, security vulnerabilities like this can leave your company’s data exposed to breaches, theft, and ransomware attacks. Each employee is either a locked or an open door for hackers.
The average cost of a data breach in the U.S. is $9.3 million
source
Traditional Risk Reduction Strategy
The way your employees approach security is a matter of both education and culture. For education, regular training sessions can help keep best practices fresher in people’s minds. Visual aids like flyers and posters can help keep security a regular part of the conversation. A monthly security newsletter can help, too.
For the second part, it’s important to create a culture of security. Employees should be regularly reminded that security is everyone’s responsibility at all times; it’s not just something that IT does for them.
How Pendo helps promote security
Pendo makes it easier to see exactly where employees are falling down on their security responsibilities and to fix the problem:
Analytics show where employees aren’t following protocol
Replay sessions can help home in on risky behavior
In-context guides help change behavior at the moment (not at a training session next week)
Further analysis can show how successful each change is
Pendo in Action
The client
Cisco Cloudlock, a cloud-native security solution that deploys quickly to deliver immediate value.
The challenge
A cyberattack targeted at Google Docs left users vulnerable. Cloudlock had to alert its customers quickly to get their attention on the issue. Email notifications often had a low response rate. This was made worse because the email address linked to a license might not belong to any of the actual daily users.
The solution
Cloudlock created an embedded in-app notice using Pendo Guides. It informed customers about the breach. Customers could choose to opt in or out of revoking access to affected apps.
The pop-up achieved a 68% response rate, far higher than previous attempts via email.
“When the Google OAuth attack started appearing throughout our customer base, we needed to send out a notification. An in-app notification with Pendo Guides achieved a 68% response rate, far beyond what we’d see from email.”
—Jennifer Sand, VP of Product Management, Cloudlock
Risk #2: Lack of Compliance
Much of the data that businesses take in is subject to regulation. For health data, there’s HIPAA. Worker safety data falls under OSHA. GDPR protects personally identifiable information. Managing compliance across the software landscape can be a logistical nightmare, particularly if employees aren’t fully engaged.
The Risk
Human error in software can make your company vulnerable to compliance issues. Missteps can include incorrectly filling out forms, skipping cumbersome but necessary stages of the workflow, or improperly handling customer data. These errors can erode your customers’ trust as well as incur penalties and fines.
Traditional Risk Reduction Strategy
Compliance is a matter of education and culture, like security. One common approach is to have regular meetings and check-ins about compliance to make sure it’s a top-of-mind issue.
Get specific about the consequences of non-compliance, too. Fines for GDPR violations can be staggeringly high. British Airways was fined over £20 million after a data breach compromised 400,000 customers’ personal data. Investigators found that good security measures were available, but the company did not use them consistently. [source]
How Pendo Helps Promote Compliance
Traditional methods for promoting compliance lack immediacy and context. Without these elements, you’re counting on them remembering details from months-old training sessions.
Pendo makes it easy to:
Identify points of failure via analytics and direct employee feedback
Add guides as a temporary solution to encourage the right behaviors
Get analytics by segment to guide future development
A leading U.S. concierge healthcare provider saw a 207% increase in adoption of a business-critical reporting field after implementing Pendo in-app guides [source]
Pendo in Action
The challenge
A cluttered internal software landscape was causing inefficiency, compliance issues, and duplicated work.
The solution
Pendo In-app Guides boosted compliance and made Salesforce sales management more efficient. Red Hat estimates a savings of over 2,300 hours of rework.
“With Pendo, we can segment guides based on what role the user is in, how long they’ve been with the company, and where they’re located. This helps us target the most effective content to the right people.”
Gabi Ghali, Director of IT, service management and automation platforms at Red Hat
Risk #3: Shadow IT
People tend to follow the path of least resistance. In architecture, it’s called a “desire path.” You can pave the trail you want people to follow, but…
Shadow IT is the same principle: People create their own ways of getting from here to there, even if it means cutting corners.
The Risk
When employees use their own software rather than IT-vetted solutions, IT loses oversight on security and compliance. What’s worse, a solution that works for an employee’s personal workflow might not be robust enough for corporate use. This can lead to mishandling of data, breaches, and compliance violations. And that’s not to mention wasted spend on software that doesn’t get used.
59% of IT workers struggle to manage their software landscape. They estimate that 65% of all SaaS apps are not IT-approved. [source]
50% of cyberattacks stem from shadow IT, and costs to fix a breach average more than $4.2 million. [source]
Traditional Risk Reduction Strategy
Most companies rely on a combination of control, education and adaptation to reduce shadow IT:
- Tighter controls to prevent unauthorized installs
- Blacklisted sites for unapproved SaaS solutions
- Meetings and training to educate employees
- Soliciting feedback and using it to guide future spend
How Pendo Helps Reduce Shadow IT
Each of these traditional methods has its tradeoffs. Tighter controls and blacklists make it harder for employees to get work done. Meetings and trainings lack context. Collecting feedback and implementing changes is manual and time-consuming.
Pendo makes it easy to:
Identify underused and unused software features
Solicit immediate feedback in context
Provide contextual guides to make existing software easier to use
Find opportunities to streamline and declutter the software landscape
“We needed to be able to reach our users at scale, wherever and whenever they were working, not only to support them, but to proactively drive them to do the right thing.”
—Debbie Wiggins, Senior Manager, Content and Training, essity
Pendo in Action
The Client
IHS Markit, an intelligence firm that merged with S&P Global in 2022.
The challenge
The UX team needed a way to analyze quantitative and qualitative software feedback to guide future product development.
The solution
Pendo’s Product Engagement Score (PES) gives a quick look at product health. It combines adoption, stickiness, and growth into one metric. These scores helped focus and guide product development, overcoming “analysis paralysis.” Now IHS Markeit has the data and analysis they need to develop features users want, need and value.
“PES makes us smarter and more collaborative when making outcome-based decisions about our products.”
—Ellie O’Connor, associate director of user experience at IHS Markit
Risk #4: Software Dissatisfaction
The previous three risk vectors have obvious errors and consequences. They can lead to fines, data breaches, and worse. This last one is harder to quantify, but just as detrimental to your organization’s health. Employees can regularly, silently struggle with the software they use every day.
Ongoing dissatisfaction can be disastrous, leading to:
- Increased shadow IT
- Wasted spend
- Higher employee churn
- Burnout and quiet quitting
問題点
Employees are not effectively using the software they’re provided. They may overlook features that make the solution work more smoothly. They may insist on following outdated workflows. They might simply crawl through their work at a snail’s pace. Ultimately this can lead to low morale, productivity loss, and employee churn.
86% of executives agree it is impossible to provide a great customer experience without also providing a great employee experience [source]
Traditional Risk Reduction Strategy
Usually this type of risk is seen as a communication issue. Managers work to pry information out of unhappy employees through surveys, feedback forms and one-on-ones. These solutions can work, but rely on the employee as an active participant. Moreover, they rely on employees knowing exactly what isn’t working and being able to communicate the problem.
How Pendo Helps Reduce Software Dissatisfaction
This problem straddles the divide between quantitative (numerical, objective) and quantitative (feeling-based, subjective) data.
Pendo makes it easy to:
Replays of employee sessions with AI insights help pinpoint problems
Making it easier to see what features are unused or underused
Surfacing context-sensitive requests for feedback that make it easier to collect qualitative data
Combining quantitative and qualitative data to determine employee morale levels, what needs fixing, and what future investments to make.
“Pendo for Employees gives us insight into how employees are using the tools we provide, and allows us to create in-app training that is digestible and scalable. Well-trained employees are more engaged and produce better results for our clients.”
—Nick Pendergrast, Senior Manager, Content & Training, Brightly
Pendo in Action
The client
A global tax, audit and advisory firm with 300,000 employees and $45 billion in revenue
The challenge
The firm had difficulties understanding their employees’ behavior and digital journey across over 150 internal applications. This lack of clarity made it hard to onboard new employees, make effective
software purchases, and create a manageable tech stack.
The solution
Pendo analytics and guides helped the Firm understand their software landscape and how their employees interacted with it.
These insights empowered the Firm to make changes that increased employee productivity by 25%.
おわりに
Increased security and compliance, happier employees, and cost control
The same software that is meant to make your employees’ jobs easier can make your job harder. It all depends on whether your employees have the mindset and guidance they need to use their software to the fullest potential.
The biggest obstacle to this type of risk reduction is a lack of information. If you don’t know where your employees are encountering obstacles, it’s hard to implement meaningful fixes. And meetings, reminder emails, and workplace posters can only go so far in changing human behavior.
As our customers’ experience shows: Real-time, contextual, data-informed guidance is essential for software risk reduction.
Pendo is here to help you minimize security breaches and boost compliance to reduce risks across your entire business. Ready to see it in action? Schedule a demo today
