2 Days In, 3 Days out: Securing the hybrid workforce

Work-from-home may be giving way to hybrid work models in the coming year, creating even more challenges for security and compliance.

As we discussed in part 1, many employers are allowing remote work for the foreseeable future, but there are some who are anxious to get back to the office—at least part-time. We're entering the dawn of the hybrid workforce, which represents a blend of employees in the office and working from home. 

By many accounts, this is the future of work. 

Back in July, ZDNet reported that more than two-thirds of workers surveyed by Salesforce would like to work from home full-time or follow a hybrid schedule. 

"Extreme flexibility and hybrid work will define the post-pandemic workplace, says a provocative new report from Microsoft. The need to stay productive has blurred the lines between work and home life during the pandemic and has left employees exhausted. That means "A thoughtful approach to hybrid work will be critical for attracting and retaining diverse talent,'' the report says.

As enticing as it sounds, hybrid work brings a number of challenges. Users are mixing personal and corporate data more than ever, and they are more susceptible to phishing attacks. IT also loses visibility when users are working from home.

If hybrid work becomes a permanent fixture, security measures will need to evolve, and the time to address these issues is now. In fact, 48 percent of organizations plan to start their hybrid work model this summer, according to a new report by West Monroe.

Risky business

When it comes to securing hybrid workers, network access tops the priority list (68 percent), according to a March survey report by Cybersecurity Insiders (registration required). Endpoint breaches are also a major concern, because remote and hybrid workers use multiple devices for work, raising the potential for data leakage and connecting with unmanaged devices.

While most IT-managed devices download and install security patches automatically when connected to the company network, that's not necessarily happening when someone is working remotely.

The riskiest apps organizations are concerned about securing include file sharing (68 percent), internet access (47 percent), video conferencing (45 percent) and messaging (35 percent), the report said.

Unique challenges of hybrid environments

Perhaps the most obvious challenge of a hybrid workforce is that the disruption of established processes, like communication and collaboration, will continue. It's just not as easy to brainstorm ideas or ask a colleague a question when you can't lean out of your cubicle. 

Speed is also an issue, notes Cole Torres, an independent IT consultant. "Remote workers are no longer sending requests directly over the internet. A traditional VPN solution will mean that all those employees are first sending the request to the office network and then the request goes out to the internet,'' he says. If the VPN connection introduces latency, the delays may disrupt business processes. 

This can also pose an issue as companies scale with remote workers but do not gain additional physical space, or when workers have bandwidth limits in their home locations, Torres notes. 

"Some companies will get stuck needing to build out dedicated fiber to their location, which comes with a hefty price tag,'' he says. "Looking at the network and network security as a service allows businesses to connect and utilize network infrastructure that they would not be able to afford on their own."

How to handle hybrid 

Torres is a firm believer that "Every company should assess the SASE model. Many vendors do not require any physical network hardware to implement this type of solution. It is easy, quick, and is manageable for any size company."

Most every company will utilize some type of cloud-based solution even if there are no remote employees, he adds. It's just the way technology is moving. SASE allows companies to implement an effective security model to defend their resources and gives companies the ability to expand as they see fit, regardless of the physical location of their employees and their IT resources.

For people who are using personal devices to access company data, also known as BYOD, mobile device management has evolved with the introduction of unified endpoint management. The UEM model combines deployment, management, and monitoring together into a single dashboard. It also supports BYOD and enables IT to set comprehensive rules and enforce them, thus simplifying security management tasks for all types of mobile devices.

The best way to deal with hybrid work arrangements is, "[To] always to put emphasis on communication, both verbal and written, and to enable employees to have strong internet connectivity into their homes,'' says Robert Johnson, founder of woodworking company Sawinery. People need solid internet connections to get the bulk of their work done, and "Fortifying this would definitely lessen the likelihood of any disruptions of work."

As companies adapt to the future of work, it's also a good time to re-vet vendors and partners as the risks of a third-party breach are certain to increase. If these vendors are not properly identified, controlled, and audited, the consequences could be dire for any organization.

Many of the changes instituted during the pandemic will have to be made permanent, scaled, and built to last. A truly distributed workforce, with services available securely from anywhere, at any time, on any device, is probably what organizations should be planning and working toward in the years to come.