The key to workplace security in 2025: adaptability and AI
This is a guest blog post by Calvin Hsu, VP, Product Marketing at Citrix.
Artificial intelligence (AI) has been used in fraud protection for many years.
Often you won’t even realise. You know when you spend a lot of money on your card and you get a call from the fraud department asking you to verify? You’ve got AI to thank for that.
AI collects information about the behaviour of its users – their habits; who they normally transfer to; when they tend to spend, and on what – and uses this to decide if a recent transaction is out of the ordinary and might be malicious.
Now AI is being imported into IT security to do a very similar job.
Just like in fraud protection, it collects information about the user – this time, the employee – so that it knows which devices they’re on, which sites they tend to visit, and which apps they like to use.
It then assigns a risk score to that person’s current activities based on their usual pattern of behaviour.
If it they are doing something that seems somewhat risky but not out of the realm of possibility – downloading content from a completely unknown website, for instance – you would ask them to provide another form of ID like a token or wearable device that you know they usually have on them.
This is all good for keeping employees and the organisation secure.
But it also serves another purpose: balancing the needs of security and productivity.
Security vs productivity
In my experience, many businesses have traditionally tended to put security before productivity.
In other words: better to be 100% safe than sorry.
But where do you draw the line?
Continuing with the credit card company analogy, research by Javelin shows that the value of false declines (where security erroneously stops a legitimate transaction from going ahead) in that industry has hit $118 billion per year, more than 13 times the total amount lost annually to actual card fraud ($9 billion).
In this way security can actually become damaging to productivity.
And it doesn’t just cause damage in the way that it stops transactions – it also has a negative impact on employees.
If they are constantly being denied access, they start to feel security is just a hindrance. This isn’t good for a unified, cohesive workforce.
This is where AI comes in.
The objective with AI is to get to a state where you make security seamless and invisible to the user.
The buzzword at the moment is ‘frictionless’. It means that security won’t get in the way of the user experience, so they can do what they need to do and your business will still be protected.
But I think it can go further than this. I think you can use security AI to make people more productive, instead of just impeding their productivity less.
The same AI you use for security could to direct people to new apps or programs that might be helpful to them, for example.
If you know that certain people benefit from these apps, you know they could make a user with a similar job more productive.
In this way AI can provide a solution to the double-bind of security vs. productivity by actively enhancing both.
The changing face of security
As the digital workplace becomes more mobile, your approach towards security has to change too.
You will have to stop thinking about security in terms of physical perimeters like company networks, and instead build more flexible, people-centric perimeters.
Wherever an employee is and whatever device they are using, you need to be able to draw a security posture around that person so that you can control what data they have access to – including their ability to connect to unknown entities online.
The fixed, hardened perimeter is a security practice that has to die out, and in some cases it already is.
This kind of transformation is driven by cultural and behavioural change.
The way that people are using IT as employees has been impacted by the way people use IT as consumers, with the influx of apps and different devices forcing business IT to become more mobile.
Planning ahead and preparing to change
Changes to working practice like the introduction of AI will be very influential when it comes to designing your future security systems.
But you have to be careful how you approach planning for new IT.
The old approach was to put together a strategy and review it, then implement it once everyone had agreed.
This doesn’t work anymore. By the time you’ve gone through that process, your need will have changed significantly.
The process must be more agile and iterative because this is the way all things are developing, whether it’s the importation of AI from fraud prevention or a switch from working in-office to working remotely.
You have to start doing something now and expect it to change going forwards.
You also want to avoid trying to solve each problem individually – you’ll end up with hundreds of answers for different devices and apps.
There needs to be a holistic solution that can encompass lots of devices and different workstyles, and you should develop these as reactively as possible.
Although it might seem complicated, it’s really quite simple: there is no perfect plan.
So start somewhere and adapt over time, and make sure you incorporate AI while you’re doing it.
***Calvin Hsu leads the global product marketing team responsible for products lines.
He is responsible for product strategy, messaging and positioning, launch execution, technical marketing, competitive intelligence, strategic alliances and market research for both on-premises datacenter solutions and hosted service provider markets.