Cybersecurity and Hybrid Work: What CISOs Should Know
- By George Lee, RSA
- February 10, 2021
It is no secret that the ever-changing health and safety guidelines over the past year of unprecedented challenges have significantly impacted the way we work. It also led to the widespread adoption of the so-called blended or hybrid workplace.
As the concept continues to become the norm for many this 2021, organizations must act with utmost urgency to address the emerging cybersecurity and risk challenges associated with distributed networks and accelerated cloud deployments.
Below are the top five considerations for CISOs as they assess the state of their current hybrid work environment and look to remain one step ahead of cybercriminals:
1. Thoughtful access governance is paramount
Access governance is already a tough nut to crack in a centralized facility. It becomes increasingly difficult in today’s dynamic work setting. Security teams will find themselves struggling to gain assurance of who has access to what, recognize and prioritize identity risks as they arise, and comply with the myriad of policies and regulations.
For the hybrid workplace to succeed, organizations need to re-evaluate their existing governance policies for user access and authentication methods. Critical to this is also making sure that they have the right technologies to distinguish legitimate devices and users from malicious ones with more precision.
2. Become proficient with automation
Many organizations are turning to automation to streamline manual processes and transform legacy infrastructures. In cybersecurity, the role of automation boils down to better and faster management of complexity. Distributed networks and devices, increased workforce mobility, and multiple cloud services make the IT team’s workload unmanageable. It becomes a crisis in any kind of cyberattack when real-time is of the essence.
Automation can help identify attacks even before they happen and save time for cyber staff. It also enables them to focus on other essential tasks. And, as the threat surface continues to expand, there is really no alternative but to embrace automation.
3. Prepare for data privacy challenges as employees return to the office
When employees start to return to the office full-time, and with some visiting the office once or twice a week, organizations will have to handle personal data generated as part of mandatory health checks and contact tracing around their office’s premises. Questions around who gathers and manages the data, how it is used, and most importantly, how it can be secured against any unauthorized access add to challenges in data privacy as the hybrid workplace becomes a long-term reality.
4. Hybrid systems can make data handling complex
In the accelerated digital transformation phase, the mix of on-premises and private-cloud systems makes data handling more complex. This is why the zero-trust approach has become one of the top two researched security approaches and one area that generated the most significant interest. With zero trust, it suggests that organizations need to completely rethink how they define trust in considering how to secure critical data and resources.
When the breadth of the enterprise digital ecosystem is fully considered, scaling this approach can become daunting: is it really possible to “never trust” all devices and to “always verify” access to the entire infrastructure? While the zero-trust implementation is still taking shape, what security teams need to focus on is prioritizing critical projects to maintain business continuity and protect what matters most.
5. Secure the next journey to the cloud
As organizations look to build and sustain resiliency in the next phase of their digital transformation, many do not fully grasp the security and risk implications of this journey to the cloud. Also, as organizations take steps to break down the data silos and as the cloud becomes more widely used, new security policies would have to be implemented, taking into account the different security requirements for cloud versus on-premises architectures. This is a complex process but essential for securing this cloud journey.
Despite the hybrid workplace becoming a common topic in 2020, we are just barely scratching the surface of this new work revolution. When business continuity plans were implemented during the global lockdown, organizations recognized the need to be more agile and ensure that their cybersecurity posture adapts to the shifting work patterns. By doing so, they can future-proof their business for the next disruption.
George Lee, vice president for Asia Pacific and Japan at RSA, wrote this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/Melpomenem