Security and the “New Normal” Hybrid Workforce

By Bryan Kissinger, PhD | SVP and CISO, Trace3 Security Solutions

 

To mitigate cybersecurity risks within a new normal hybrid workforce, focus on Secure Access Service Edge (SASE) architectures and updated policies and procedures.

Our post-pandemic hybrid work model poses new and unique security challenges for organizations. With some employees returning to the office and some staying home for good, organizations now have to deploy and refresh security solutions for both environments. The same threats persist as before, yet now have double the attack surface. All of these threats present major security risks: phishing schemes, weak passwords, unencrypted file sharing, unsecured (home) wi-fi, print-from-anywhere technology, and network-connected personal devices.

How do you protect corporate data and other assets when people do their jobs both inside and outside of a company-managed physical office and network?

Hybrid Workforce

Hybrid employees pose one of the biggest threats to an organization’s network security. Yet most organizational leaders believe that hybrid work is here to stay. A recent survey conducted with Wakefield Research showed that almost half of responding employees (47%) would look for another job if their employer didn’t offer a hybrid work model.

Security and Hybrid Work Models

Work-from-anywhere policies and the work-from-anywhere ecosystem present an increased set of challenges for security teams as employees move back into the office and continue to work outside of a secure perimeter at home, the vacation hotel, etc. Hybrid workers may spend time in the company office, or they may work fully remote from home, or they may set up shop in third places like coffee shops, coworking spaces, or libraries.

As hybrid work establishes itself as the new normal, one of the most prominent risks comes from users connecting to unknown networks one day and back in the office the next. When this occurs, users create a much larger attack surface for organizations as malware may be acquired in one location and transferred to another.

A typical solution to this problem would be to require workers to use a virtual private network (VPN). But setting up a VPN can be very time-consuming and costly. Not only do time and cost factors pose a challenge, but security teams are now faced with an increase in adoption of cloud applications and the growing use of unmanaged devices—personal computers, cell phones, and more. It is often difficult to load VPN and other remote connection solutions onto personally owned-devices.

Security Approaches

Securing an organization’s hybrid workforce is critical for any modern business, regardless of the complications. Trace3 recommends several approaches to address this challenge. Within each approach, there are a number of solution partners to choose from.

First, identity and access management solutions work to secure users by validating through technologies like single sign-on and multifactor authentication to grant access to corporate resources.

Access Management: Technology and processes for managing identities and access permissions for users, computing devices, and applications.

Second, endpoint security and mobile security protects users’ devices by preventing malware, blocking exploits, and providing enabling detection and response.

Endpoint Security: A platform that is an integrated suite of endpoint protection technologies used to prevent file-based malware attacks, detect malicious activity, and provide the necessary investigation and remediation capabilities to respond to dynamic security incidents and alerts.

Mobile Security: A platform for detecting threats on Android and iOS devices through monitoring network activity, whether it be cellular or wireless, and by monitoring application activity.

Third, secure remote access and connected home security protect users at the network level ensuring safe communications.

Secure Remote Access: The ability to access a computer from a remote location based on predefined policies to grant remote access to specific network areas.

Connected Home Security: Protects smart home manufacturer’s devices in home local area network (LAN) environments, where they are at risk of attacks both due to their device’s own vulnerabilities and from lateral attacks originating from other unsecured devices on the same network.

Fourth, combining all of the above technologies, Secure Access Service Edge (SASE) architectures can secure SaaS applications by providing secure remote connections, data protection, visibility, and threat protection – on and off network.

Secure access service edge (SASE): A network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions such as secure web gateways, cloud access security brokers, firewalls, and zero-trust network access. These functions are delivered from the cloud and provided as a service by the SASE vendor.

Don’t forget about employee training. Regardless of workforce model, human error remains the number one reason malware is downloaded or credentials are stolen. When employees unknowingly participate in cybersecurity worst practices, hackers and cybercriminals are better able to access a company’s network and sensitive data. So, hybrid employees require added security precautions and support.

Trace3’s Security team includes engineers skilled in remote workforce infrastructure strategy and implementation. To learn more about hybrid workforce security, contact
security@Trace3.com.




BK
Bryan Kissinger, PhD. is an information security product and services leader focused on delivering technology-enabled solutions for complex business environments. Kissinger leads a team of professional security advisors focused on solving complex client security challenges, as well as managing Trace3’s internal security program. He’s a published author and public speaker known as an emerging technology advocate and designer of right-sized corporate IT and security programs.
Back to Blog