The future of work is hybrid — is your security ready?
Article by Bitglass senior director of marketing Jonathan Andresen.
It wasn’t too long ago that most of us used to work in an office. Fifteen months into the global COVID-19 pandemic, it’s now certain that the future will not be a total return to the office or a continuation of the present remote working experience — it will be both.
A hybrid workforce is a mix of employees who work remotely and those who work from an office or a central location. If workers feel they are more productive in one location versus another, they can choose to work in that environment. Or they might work in a combination of the two.
Such a flexible work environment builds on an important lesson from the COVID-19 pandemic: enterprises need to support work from anywhere, all the time, by everyone. With some employees now returning to the office, it’s time to think seriously about the hybrid workforce and the key networking and security requirements that enable it.
Before the pandemic, when only 10-15% of employees were remote, users and IT teams alike could tolerate the performance and productivity challenges of using VPNs to access internal apps and resources.
Hybrid work, however, means working seamlessly between offices and remote locations — a capability lacking in traditional access tools such as VPNs. These slow down productivity and impact performance while creating security issues by giving workers access to everything on the network without any data controls or threat protection built-in.
In reality, VPNs are an access tool — not a security tool. They don’t provide the contextual policy control, data controls or threat protection needed for today’s mobile-savvy users working across various apps, devices and locations. Given VPNs were invented in the mid-1990s when Netscape was the main portal to the internet, it’s no surprise that they don’t fit today’s mobile to cloud enterprise work environment.
A hybrid workforce is built around the user having easy and secure access to all work data — whether cloud, web or internal applications hosted at the data centre, such as SAP, Oracle or other types of applications that have not yet moved to the cloud.
What’s needed is adaptive, real-time visibility and control to protect data across all types of applications, whether cloud, web or private and on-premises apps. But when it comes to agents, enterprises and users should have the flexibility to choose agentless or agents depending on the use case — such as agentless for browser-based private applications, which is ideal for BYOD scenarios.
Supporting a secure and productive hybrid workforce effectively while moving the needle on digital transformation initiatives requires a technology platform that adapts to changing business requirements.
Consider a modular approach to support hybrid workers, integrating zero trust network access (ZTNA) for their access to private or on-premises applications, a multi-mode cloud access security broker (CASB) for all types of cloud services, and web security on-device to protect user privacy removing performance bottlenecks.