Table of contents Toc Icon
Table of contents Toc Icon
Managing IT security and workplace access is no longer just about adding more controls. Organizations face growing pressures from hybrid work, rising cyber risks, and higher employee expectations. At the same time, employees expect seamless, friction-free access to the tools and systems they need to stay productive.
IT leaders often wonder how they can protect data and users without slowing down daily work. What approach ensures security, usability, and productivity while supporting a modern, flexible workforce?
Ace Cloud Hosting spoke with Ian Moyse, Chief Revenue Officer, cloud social influencer, blogger, and speaker with over 14 years of experience in cloud and software sales and marketing.
He has been recognized among the Top 50 Keynote Speakers in 2019 and 2020 and ranked the No. 1 Cloud Social Influencer from 2015 to 2017. He has also been honored as European Channel Personality of the Year and listed among the global top 200 cloud channel experts, bringing deep expertise in SaaS, cloud computing, and thought leadership.
In this expert Q&A, Ian explains how IT leaders can strike the right balance between security, productivity, and user experience in modern workspaces, the common challenges organizations face, the role of stronger access controls and service providers, and the steps businesses can take to build a safer, smoother workplace experience.
1. What practical strategies can IT leaders use to maintain strong cybersecurity while ensuring employees can work efficiently without unnecessary friction?
If you want strong security alongside productive employees who are not frustrated by IT barriers, then you need to stop thinking in terms of more controls and start thinking in terms of smarter ones. Most approaches simplify identity through clean role design, least-privileged access, and rapid deprovisioning.
Layering over adaptive measures like SSO and risk-based MFA gives low-risk activity ease for the employees, while high-risk actions are appropriately challenged. Build policies around real user behavior and treat friction itself as a security risk through measurement of things like user workarounds, login times, and delays to access.
2. In your experience, what are the biggest challenges organizations face when trying to balance security requirements with user productivity and seamless digital experiences?
The core challenge for an organization today when trying to balance security and user productivity is the natural tension that these competing priorities create, with many organizations overcorrecting in either direction, leading to unnecessary friction.
“According to IBM’s Cost of a Data Breach Report, 82% of data breaches involve a human element, such as compromised credentials, phishing, or user error.”
In today’s high-threat environment, security teams often and understandably design for worst-case scenarios, while users routinely bypass controls to get work done faster. Add in fragmented identity systems, legacy technology, and poor coordination across security, IT, and business teams, and the result is clunky experiences that are neither truly secure nor genuinely seamless.
In today’s high-risk world, the real task isn’t to find a perfect balance; it’s to make informed, risk-based trade-offs and design security around how people actually work day to day.
3. How can modern technologies such as identity management, Zero Trust frameworks, and secure access solutions help organizations strike the right balance between security and usability?
Modern approaches such as strong identity management, Zero Trust, and adaptive access tools work best when they shift security from a visible barrier to an intelligent layer that adjusts quietly in the background.
When implemented well, they reduce friction by replacing blanket controls with context-aware decisions, giving users seamless access whenever their behavior appears normal. Identity becomes the engine that simplifies access while simultaneously strengthening security.
The challenge is that many organizations overengineer these solutions, creating the very friction they were meant to remove. The ones that succeed focus on clean identity architecture, minimal but meaningful authentication, and continuous verification. Done right, security becomes almost invisible during low-risk activity and only steps forward and appears as a barrier when it genuinely matters.
4. What role do managed service providers (MSPs) play in helping businesses maintain both strong security postures and positive end-user experiences?
MSPs can be invaluable partners to supplement or become your IT department. But in the security area, only when they move beyond ticket logging and operate as true strategic advisors to your business. The best ones standardize and streamline environments, implement modern identity and access controls correctly, and continuously monitor risk so businesses always know where they stand.
A key value is that they also bring insights from working across many clients, helping organizations avoid overengineered, high-friction setups that drain productivity and budget. The weaker MSPs, however, simply stack tools and policies that look secure on paper, but frustrate users in practice and likely leave you at hidden risk.
The real value of an MSP isn’t outsourcing the security; it’s gaining a disciplined and well-designed/informed security profile that protects the business without slowing it down and benefits you from their aggregated knowledge and security capabilities/expertise.
5. How can IT teams design security policies that protect sensitive data without creating barriers that frustrate employees or slow down business operations?
Most IT teams get this wrong because they write policies for auditors instead of for real users. If you want security that works both for protection and employee satisfaction, then policies need to be risk-based rather than blanket rules, applying stronger controls where it truly matters and easing off where the risk is low.
This means anchoring everything around a strong identity, using context-aware access signals such as device, location, and behavior, and defaulting to SSO so employees aren’t constantly battling logins and password complexities. Importantly, also test policies against real workflows before going live, as if employees need workarounds to do their job, the policy is already flawed.
6. With the rise of hybrid and remote work, how has the relationship between cybersecurity, productivity, and user experience evolved?
The increase of hybrid and remote working has crystallized just how outdated the old “secure the office perimeter” mindset really is. Security, productivity, and user experience are now inseparable, and employees expect to work from anywhere, on any device, without unnecessary hurdles.
Clunky VPNs and rigid controls have quickly become productivity killers in parallel with increased risk, meaning security has had to get smarter quickly. Organizations that are thriving have shifted to identity-first, Zero Trust models that continuously assess context and apply the right level of control without disrupting normal work.
Those that haven’t made this shift are left with frustrated users, continued shadow IT, and a false sense of security that will come to bite them as the threats we face get smarter and smarter.
7. What common mistakes do organizations make when implementing security controls that unintentionally impact productivity?
The most common mistake is treating security as a checklist instead of a user experience problem. Organizations stack on controls such as extra logins and rigid MFA without considering how work actually happens across different lines of business, then seem surprised when employees find workarounds.
How often has a security team measured user friction and taken action to partner and find an amicable solution? Security is mostly designed for compliance and worst-case scenarios, with a carte blanche that user satisfaction is at the bottom of the list.
8. Do you see AI-driven automation playing a larger role in reducing the operational burden on IT teams while strengthening security measures?
AI-driven automation can enhance the security profile by significantly reducing operational burden by handling repetitive tasks like alert triage, anomaly detection, and access reviews faster and more consistently than humans, while also spotting patterns that would otherwise go amiss in the noise.
The mistake organizations are at risk of is over-trusting it and letting noisy or poorly tuned models run unchecked. The real value emerges when AI is applied to well-defined security processes and is used to augment human judgment rather than replacing it, thus IT teams spend less time firefighting and more time proactively addressing the underlying risks.
9. How can AI-powered tools help organizations detect threats faster without affecting employee productivity or system performance?
AI-powered security tools are most effective when they shift security from reactive to continuous analysing behaviour, detecting anomalies, and correlating signals quietly in the background without disrupting normal work.
Instead of bombarding users with prompts or slowing systems with heavy scans, cleverly designed AI can focus on risk scoring and intervene only when something genuinely looks suspicious, such as unusual access patterns or device activity. The real advantage of AI security is quicker intervention that catches threats earlier without dragging down performance or interrupting how people work.
10. Over the next two years, how do you see AI reshaping the way organizations balance cybersecurity, workforce productivity, and digital user experience?
Over the next two years, AI will push organizations toward highly adaptive, more user-aware systems. Security leaders will use AI to assess risk continuously in real time, quietly tightening controls when something looks suspicious and staying out of the way when everything appears normal, making security far less visible to employees.
To benefit from this organization’s need for clean identity data, clear processes, and adaptive tuning, or they risk simply amplifying noise and frustration. AI will enhance a strong security position, but won’t fix poor security design.
I predict we shall see organizations switching out security tools, disrupted by newer and growth AI-enhanced providers, and we shall certainly see the sophistication of attacks exploding, as the threat actors take advantage of AI in their toolkits to allow more complex and AI-fabricated content to increase digital impersonations of people and companies.
Build a Safer Workplace Without Slowing Work Down
Workplace security now requires more than added checks. It must protect people and data, support productivity, and ensure a seamless experience across locations and devices. As Ian Moyse highlights, businesses that remove unnecessary friction, design security around real user behavior, and simplify controls will be better equipped to stay secure and future-ready.
At Ace Cloud Hosting, we support businesses of all sizes with secure, scalable cloud solutions, including fully managed virtual desktops, managed IT services, and AI-powered cybersecurity services. Our goal is to help teams work smarter, collaborate effectively, and stay prepared for future workplace trends.
