The Future of Work is Hybrid – Is Your Security Ready?
This blog was originally published by Bitglass here.
Written by Jonathan Andresen, Bitglass.
It wasn’t that long ago that most of us used to work in an office. Fifteen months into the global COVID pandemic it’s now certain that the future will not be a full return to the office or a continuation of the present remote working experience – it will be both.
A hybrid workforce is a mix of employees who work remotely and those who work from an office or a central location. If workers feel they are more productive in one location versus another, they can choose to work in that environment -- or work in a combination of the two.
Such a flexible work environment builds on an important lesson from the COVID-19 pandemic: enterprises need to support work from anywhere, all the time, by everyone. With some employees now returning to the office, it’s time to think seriously about the hybrid workforce and the key networking and security requirements that enable it.
Before the pandemic, when only 10-15% of employees were remote, users and IT teams alike could tolerate the performance and productivity challenges of using VPNs to access internal apps and resources. Hybrid work, however, means working seamlessly between offices and remote locations – a capability lacking in traditional access tools such as VPNs. These slow productivity and impact performance while creating security issues by giving workers access to everything on the network without any policy or data controls or threat protection built in.
In reality VPNs are an access tool – not a security tool. They don’t provide the contextual policy control, data controls or threat protection needed for today’s mobile savvy users working across a myriad of apps, devices and locations. Given VPNs were invented in the mid 1990s, when Netscape was the main portal to the internet, it’s no surprise that they don’t fit today’s mobile to cloud enterprise work environment.
A hybrid workforce is built around the user having easy and secure access to all work data – whether cloud, web or internal applications hosted at the data center, such as SAP, Oracle or other types of applications that have not yet moved to the cloud. What’s needed is adaptive, real-time visibility and control to protect data across all types of applications, whether cloud, web or private and on-premises apps. But when it comes to agents – enterprises and users should have the flexibility to choose agentless or agents depending on the use case – such as agentless for browser based private applications, which is ideal for BYOD scenarios.
Effectively supporting a secure and productive hybrid workforce, while moving the needle on digital transformation initiatives, requires a technology platform that scales and adapts to changing business requirements. Consider a modular approach to support hybrid workers, integrating Zero Trust Network Access (ZTNA) for their access to private or on-premises applications, a multi-mode Cloud Access Security Broker (CASB) for all types of cloud services, and web security on-device to protect user privacy removing performance bottlenecks.