How do you prevent desire paths from endangering your governance?

Employees frequently use alternative methods, often referred to as “desire paths,” to expedite prescribed work processes. While these methods can enhance efficiency, they also introduce cybersecurity risks. These methods often remain invisible to IT administrators and are thus not adequately secured. Yet, alternative methods can also present opportunities. This blog uncovers how your organization can incorporate these practices into your governance plan, consequently establishing a safer and more efficient way of working.

Desire paths are a common occurrence. For instance, when an employee wants to share specific data with a client and finds the prescribed protocol too cumbersome, they might look for a creative, alternative method that usually remains hidden from IT administrators. These kinds of practices often cause unease among administrators as maintaining control over data, access, and security is crucial for sound governance.

What exactly is governance?

Governance consists of managing and maintaining the IT infrastructure within your organization, with the goal of ensuring the optimal operation of your business. In other words, governance involves setting guidelines and agreements on the use of hardware and software, systems, networks and databases. Weak governance can have serious consequences, such as the occurrence of data breaches. These data breaches, in turn, cause significant financial and reputational damage. To reduce the likelihood of this, it is critical to establish an effective set of guidelines and agreements so that employees know exactly what is expected of them.

Desire paths: working more efficiently or a risk to governance?

It is impossible for IT administrators to be aware of all the practices used within their organization. As a result, the chances of an employee working in an alternative, risky way unnoticed are high. Control over, for example, the way data is sent and who has access to certain systems is therefore essential to ensure the quality of your governance. To keep employees from using such desire paths, IT administrators often try to enforce the prescribed process. That means: fewer opportunities to choose your own way of working. But experience shows that employees are still creative enough to come up with elephant paths.

Elephant paths as a source of improvement

Forcing working methods therefore does not seem to be the solution. But what can you do as an organization? For starters, it is important to understand why employees invent elephant paths. Essentially, there are two reasons:

  • Employees want to do their jobs as efficiently as possible.
  • The prescribed process seems too complex or inadequate.

It is therefore possible that desire paths are actually more efficient than the prescribed way of working. After all, they stem from the desire for efficiency and the need for an adequate way of working. By understanding the motivation and insights behind desire paths, an organization can learn valuable lessons and use them to optimize and improve ways of working.

Desired way of working as a central thema

At QS solutions, we help organizations put their governance in order and improve upon it. This starts by working with employees to draw up a governance plan in which we record all the actions and scenarios they need to perform their work efficiently. This gives us insight into the employees’ needs and allows us to tailor new practices accordingly.

The actions and scenarios then form the thread for implementation and configuration of the new (supported) ways of working. They also serve as a guide for the development of instructional materials and user support. This gives employees a guide for

 working in a renewed, secure way.

By adopting these practices, we help you create an efficient, secure and structured work environment. We ensure that employees can perform their work as efficiently as possible and that the organization retains control over aspects such as data control and system access. This allows the organization to realize a more efficient way of working that meets the needs of its employees and ensures cybersecurity.

What happens after implementing the new way of working?

The process of keeping governance in order does not stop after the initial implementations. Once employees start using the new ways of working, we monitor usage closely. If necessary, we provide additional tips and instructions. It is possible that employees develop new practices or needs that we had not anticipated. Therefore, we continue to:

  • Monitor how employees use new practices.
  • Regularly collect feedback from employees.
  • Adjust our configuration where necessary.
  • Report on any new ways of working.

By actively monitoring, collecting feedback and making adjustments when necessary, we ensure that governance remains effective and aligned with the needs and developments within the organization.

From desire paths to safe and efficient practices

Alternative ways of working, or desire paths, offer efficiency but also increase cyber risks. IT administrators lose track of all the practices in use, compromising the quality of governance. Fortunately, desire paths also provide opportunities. By listening to employees and documenting their desired way of working in a governance plan, you can establish and support a more efficient and secure way of working. This is how you change desire paths into secure and efficient ways of working.

Would you also like to implement your Microsoft 365 with our methodology? Or do you have other questions about this methodology? Feel free to contact us!