An “everywhere,” hybrid workforce is no longer concept, but reality. But securing hybrid workplaces requires big changes to how IT security gets done, argues Jason Lee, the CISO of Zoom in this Expert Insight.
The “everywhere” workforce is no longer a concept, it is a reality.
While hybrid work creates flexibility and scalability, it presents a complex IT challenge that requires a more thoughtful approach to security. Exposure points become exponential as employees work from offices, homes, coffee shops, airports, and more, tasking IT with securing and controlling a diverse set of environments.
This requires security leaders to design a strategy that helps protect employees no matter where they are or what they do, one rooted in the variability and flexibility associated with this new world of work.
Everything starts (and ends) with endpoints
A distributed workforce results in disparate data, which is particularly tricky in an era of growing data privacy regulation. Data protection and privacy are fundamental to the success of any organization — compromised or mishandled information has consequences, chief among them: damaged customer trust.
While data security has always been more focused on big breaches, IT now needs to focus on contextual endpoint security to be able to scale data protection to meet the needs of an everywhere workforce. Start with establishing defined principles and outcomes for how data is handled in different environments.
Security leaders should also deploy comprehensive mobile device management (MDM) to support this distributed workforce, which will likely use both personal and corporate devices in day-to-day work. With MDM, you can manage and secure employees’ mobile devices — laptops, smartphones, and tablets — regardless of the service provider or operating system.
Always verify, never trust
Today’s users face more complex threats than ever before, necessitating an “always verify, never trust” mode of operating, otherwise known as a zero-trust model.
A zero-trust approach draws on technologies such as multi-factor authentication, identity and access management (IAM), encryption, scoring and file system permissions, and more. Multi-factor authentication, in particular, ladders into the nature of an everywhere workforce, as it strategically leverages the personal smartphones employees already have on hand to help add extra security layers.
Zoom’s own IT team has already implemented a zero-trust strategy. We offer employees a robust Bring Your Own Device (BYOD) program that was designed to both enable collaboration via personal devices and help safeguard company information via multi-factor authentication.
Elevate your training programs
Basic, yearly security training can no longer be the only option for upskilling your workforce — education needs to be both continuous and in-depth. From phishing schemes to business email compromise, invest in ongoing training that covers the spectrum of threats facing your employees.
Additionally, when new technology becomes a part of a business’s infrastructure, employees should receive hands-on training sessions and dedicated tutorials. Any new software must have adequate controls that make sense to the people who administer and use the technology every day. Implementation should be paired with dedicated tutorials and hands-on training sessions on the software.
By expanding your company’s training, you can help employees understand the role end users play in the overall security posture of an organization. This creates a culture of security, where all parties feel invested in the overall protection of an organization, even if they’re disconnected from a physical location.
Enabling the everywhere workforce
The hybrid workforce means more endpoints and more environments, but it also means more opportunities for leaders to instill security as a foundational piece in a company’s culture.
By embracing and tailoring your strategy to the new needs of employees, you can create a realistic and scalable approach to security that will evolve as the business does. Businesses can simultaneously future-proof operations while prioritizing the employee experience.