There are a variety of network security tools that operate behind the scenes, so much so that users aren't aware they even exist: firewalls, email security tools, Web filtering appliances, and such. Other solutions badger users constantly with requests for credentials or additional steps, causing frustration (not always necessary).
Case in point: When I visited a company recently, a VP asked if I could help with a video-recording session in Camtasia, but first he had to install the software. He booted up his laptop, whose encrypted drive prompted him for a password. To get into Windows he had to put in his Active Directory username and password, which he told me requires updating every three months and has fairly high complexity requirements, so it's hard to remember.
When he finally got into his laptop and began to install Camtasia, he was asked for the admin password. He didn't have that password, so he had to call for IT to come and enter it. If he had been on the road, it would have been even harder: He'd need a VPN connection, hope his connection would pass muster with the Sophos network-security tool, and supply a SafeNet token to get access.
It's easy to understand why in this company's last IT survey, users praised IT for its support but lambasted IT for excessive security burdens.
Where should IT draw the line between securing the network and preventing productivity? The truth is it's not an all-or-nothing answer. All it might take is a look at the security tools in use to see if a different set or better integration would reduce the number of hurdles users have to deal with.
For example, though your company laptops may have their own built-in hard drive encryption, you might choose to use the BitLocker drive-encryption tool in Windows so that users can go with the same username and password to gain access to the drive with which they access the computer and the network.
Using a single-sign-on tool for various apps and services can also reduce the burden on users while maintaining the desired security posture. For example, Centrify, Okta, Ping Identity, and many others offer cloud-based identity management tools to pool user logins.
If your road warriors are VPNing into the network, you might consider looking into modern options in Microsoft servers like Direct Access, which replaces VPN connectivity and allows for an always-on connections based on certificates rather than tokens or passwords.
In some organizations, there's a battle between the CIO and CSO. For example, in a BYOD environment, the CIO would probably tout the benefits of user satisfaction, increased productivity, and reduced TCO, whereas the CSO would seek to stringently control the devices or avoid BYOD completely. Such issues make for healthy dialog to determine the right balance in each organization, but if the CIO-CSO relationship is about battling, it's usually a lose/lose situation -- for them, the company, and the users.
A layered approach is often best when dealing with security, so you can't get rid of all obstacles to access. But you must make sure your security reduces the burden on users to the minimum required to get the security you truly need.