Why it’s time to evolve your cybersecurity strategy in the new era of hybrid work
It wasn’t that long ago that most of us worked in an office. Fifteen months after the start of the global Covid pandemic and it is now certain that the future will not be a full return to the office or a continuation of the current remote working experience – it will be both. According to new data, the majority (77%) of UK employees would prefer hybrid work as the best way forward after Covid-19.
This new workplace reality will feature a hybrid workforce containing a mix of employees who work remotely and those who work from an office or other central location. If workers believe that they will be more productive in one place rather than another, they can choose to work in that environment or choose to work in a combination of the two.
Security must now evolve beyond the corporate perimeter and endpoint protection to encompass securing all forms of communication between users, devices, applications and web destinations.
It’s time to take on the hybrid home-office security challenge
The shift to permanent and highly flexible remote or hybrid work scenarios means that organizations must build on the important lessons learned in the months following the first Covid crisis. Businesses today need to be able to take work from anywhere, anytime, by anyone.
This means revising all interim fixes that were released on the fly to allow large-scale remote working about a year ago. The rapid evolution of the past year towards distributed workforce models has proved too tempting an opportunity for cybercriminals to pass up. Cyber incidents and data breaches skyrocketed in 2020, credential theft and social attacks such as phishing and business email compromises were found to be the leading causes of over 67% of all breaches.
If businesses are serious about taking advantage of the new flexible ways of working, they will need to seriously think about the hybrid workforce and the core networking and security requirements needed to enable and sustain it for the long term.
It’s time to reconsider the VPN
Before the pandemic, when only about 10-15% of employees were remote, users and IT teams could tolerate the performance and productivity issues associated with using VPN to access internal applications and resources.
Hybrid work, however, means working seamlessly between the office and remote sites. A capability that is lacking in traditional access tools such as VPNs, which slow down productivity and affect performance while creating security concerns by giving workers access to everything on the network without any policies or controls. data or threat protection built-in.
The reality is VPN is an access tool – not a security tool. Invented in the mid-1990s, VPNs weren’t designed for today’s cloud-based enterprise work environments. As a result, they do not provide the contextual control of policies, data controls, or threat protection that today’s savvy workers need when working across a myriad of apps, devices, and apps. of locations. But that’s not the only security challenge organizations today need to be mindful of.
Unsurprisingly, the events of the past year have seen a massive increase in the number of unmanaged personal devices connecting remotely to work-related resources as people strive to stay productive in the face of government mandates to stay in touch. House.
As a result, companies realized that they were ill-equipped to deal with rising security threats, such as malware and data theft, which were introduced by the increasing use of mobile devices. personal by the workforce for professional tasks.
Recent research shows how many organizations still don’t pay enough attention to securing unmanaged personal devices from malware and data theft. Almost half (49%) of organizations admit not knowing whether BYOD devices used by their employees have downloaded malware in the past 12 months. Meanwhile, 41% say they rely on endpoint malware protection for BYOD – an approach that is not ideal for personal devices that are difficult to control and manage – while more than a quarter ( 30%) do not protect against malware for BYOD in any form. all.
As organizations prepare to make the transition to permanent remote working or hybrid work models, connecting more devices to corporate networks will only serve to further expand the attack surface available to cybercriminals.
It’s hard to argue that the use of personal devices has helped companies improve productivity and employee satisfaction, while reducing costs, in what has been a really tough time. But solving the very real security issues associated with managing device access and mobile security continues to be a Cinderella dilemma that doesn’t get the attention it deserves.
Rethinking security for the realities of the world of work
Because people are people, employees often take shortcuts or engage in risky behaviors that create major internal security issues and vulnerabilities in an effort to get things done quickly. Whether it’s reusing passwords, using a public Wi-Fi network, installing ghost software on devices, or mindlessly clicking on a phishing link.
The BYOD trend along with the growth of software applications, cloud services and storage accessible from almost anywhere means that IT teams must quickly learn new security approaches that make it easier to control files, data and information, including including the ability to remotely wipe company data from a BYOD device – without touching an employee’s personal data.
In other words, what is needed is an adaptive, modular approach that provides real-time visibility and control to protect data across all types of applications – web, private, and on-premises applications. The good news is that today’s advanced cloud security solutions are ideally suited for BYOD scenarios. They also offer a way to do all of this and deliver a truly smooth user experience that doesn’t involve employees having to go through multiple authentication processes to undertake their daily work tasks.
To truly secure the remote and hybrid workforce, organizations should look to take advantage of options such as Zero Trust Network (ZTNA) access to manage access to their private or on-premises applications. They should also consider using a multi-mode Cloud Access Security Broker (CASB) solution that will provide all types of cloud and web security on the device to protect user privacy – and remove bottlenecks. performance that creates frustration for users and hinders their productivity. .
By deploying next-generation, cloud-based, scalable security solutions, they will be able to gain the real-time visibility and control needed to protect their data and their users, without the need for VPNs that can get in the way. achieving a truly secure and efficient digital workplace for users. Where and how they can choose to work.
Anurag Kahol, founder and CTO, Bitglass