We’re on the cusp of creating and embracing workspaces of tomorrow, and it’s an exciting time. New business models, products, services and delivery models are already indelibly shaping how and where employees work. And as technology advances converge with corporate and user imperatives, workspaces are becoming more flexible and collaborative than ever.
In the face of this workspace and workstyle makeover, many companies, unfortunately, are taking a myopic view of the security implications. However, as the workspace evolves, security postures cannot remain static. There’s a greater need than ever to implement measures to secure data, infrastructure, applications and users.
As progress barrels ahead – and companies look to harness change to drive productivity and cost-savings, and attract and retain employees – there are three key areas security teams will need to address:
1. Acknowledge it – the workspace is changing
Today, 80 percent of knowledge workers work remotely at least one day per week. According to Frost & Sullivan, by 2020, up to 1.55 billion employees will be responsible for work that does not confine them to a desk. This more amorphous concept of office space is, in part, a reflection of the employee population, with millennials – typically accustomed to anytime, anywhere information access – now the largest generation in the workforce (Pew Research).
Consequently, endpoints are shifting to new perimeters, devices and platforms – bringing a host of security implications that often confound traditional perimeter security models. With mobile employees frequently accessing data outside of corporate layers of security, there’s potential for leakage and compromise. Organizations need to understand where their critical data resides, and how and where it’s being accessed – and then put acceptable-use policies in place.
2. Users – you are the weakest link
Accustomed to working in secure office environments, employees often develop a false sense of invulnerability wherever they’re working – a mentality that’s at odds with sophisticated security threats. It’s not uncommon to fall prey to attacks, and a majority of security professionals view phishing/social engineering as among the two most common threats users experience.
At Dimension Data, through our ongoing research and work with clients, we see many companies experience a sort of “Monday Morning Mania.” That is, their users bring devices home for the weekend, unwittingly pick up viruses and malware (by connecting on unsecured WiFi, browsing non-work-related sites, etc.) and deposit those threats into the network simultaneously on Monday when they log on. IT teams face the need to combat this network degradation, and it’s important for companies to take steps to mitigate this risk.
3. Devices, devices everywhere
According to Frost & Sullivan, today’s user uses an average of four connected devices a day – and will be using five daily by 2020. While there are great benefits for business agility, these new Internet-connected points also open up corporate systems to additional avenues of attack, with potential for the Internet of Things (IoT) to spiral into the Internet of Threats.
Also exacerbating IT teams’ concerns is what must be regarded as a general institutional failure to provide adequate security support for BYOD initiatives. As employees opt to use the devices they believe are most convenient and productive, companies continue to struggle with how to manage the influx of outside devices/apps. To prevent BYOD from morphing into Bring Your Own Danger and eliminate off-network “blind spots,” security postures need to support devices when they go off-premise, be more expansive in terms of the devices they cover, and provide protection at the domain name system (DNS) layer.
Creating a multipronged strategy
Cybersecurity plays a key role in workspace transformation, and organizations should adopt a multidimensional strategy – addressing users across different generations, multiple devices, new communications/collaboration applications, IoT-enabled environments, and diverse locations and networks. Additional tips include:
- Be predictive, not just reactive. For example, as organizations push the endpoints of a BYOD infrastructure, a predictive security posture would highlight how their users connect on a daily basis, and alert IT to deviations to address threats before they happen. Context-aware security analytics, along with “red-teaming” (where an internal IT team proactively hunts threats), are other important elements.
- Harness cloud security services to protect any device that connects to the enterprise network and to amplify security controls as necessary. Cloud data loss prevention protects sensitive data in cloud applications, and should be used together with cloud-based web security.
- Consider managed security services to monitor threats 24×7, get expert risk assessments, understand current and future needs, and drive outcomes.
- Deliver end-user education. Employees need to know that cyberattacks most likely won’t come from the odd-looking executable files used in the past. Cybersecurity committees can extend awareness, education and user vigilance across the enterprise.
Time for a cybersecurity health-check?
Just as we undergo health screenings to determine wellbeing, it’s important to apply the same principles to cybersecurity. Organizations should ask when they last went through a cyber health-check and resolve to carry them out regularly. To stay agile and capitalize on the benefits that future workspaces provide, it’s essential for IT to be ready, today, to anticipate, prevent and mitigate tomorrow’s threats.