Imagine being a tightrope walker suspended over a canyon, balancing each step while negotiating the wind’s constant push and pull. The scenery is breathtaking, but you don’t dare look down; every moment demands your full attention. Now, replace that canyon with the vast landscape of the digital world, the tightrope with cybersecurity, and the walker with organizations navigating hybrid work. Doesn’t seem so different, does it?
In a recent conversation with Joel Burleson-Davis, SVP of Worldwide Engineering, Cyber, at Imprivata, I delved into this cyber-tightrope situation that many organizations find themselves in today in our hybrid work landscape. It’s a conversation I often have with clients who I help transition to the office and figure out their hybrid work model; the knowledge I gained from Burleson-Davis will help me inform my conversations with them – I hope it will help you as well.
A Fractured Set of Tools
Firstly, it’s important to acknowledge that most companies are dealing with a fractured set of tools. The exponential growth of the hybrid workforce during the pandemic led to an explosion of variables. It was simpler when everything was confined to the office. An implicit trust in the security of the office environment has now been replaced with a hybrid or even fully remote workforce dealing with different home networks, locations, and devices.
Employees working from different locations and networks, often on their own devices, introduced unprecedented variables into the mix. It’s like trying to host a potluck dinner, and instead of everyone bringing their favorite dish, they’re bringing their own ingredients, and you’re expected to cook a feast!
Take Bob, for instance. He’s your classic remote worker, operating from his home with a myriad of devices, often including his personal laptop. Now, Bob is not intentionally reckless, but his son accidentally clicks on a dubious link while using his laptop. That’s all it takes for your organization’s data to be compromised.
Shift From Implicit to Explicit Security
Secondly, the move from implicit to explicit security is like upgrading from a beat-up car with a dodgy transmission to a fully loaded spaceship – complex and resource-intensive.
The implicit trust model says, “Hey, if you’re in our building, you’re fine. We trust you.” But with a remote workforce, that assumption becomes risky. We now need to be explicit and deterministic about security for endpoints, users, and their identities.
Imagine you’ve lent your neighbor your house keys while you’re on vacation. Implicit trust would be like hoping they won’t throw a house party while you’re away, but explicit security is installing cameras to ensure they don’t.
Budgeting for Cybersecurity
Thirdly, budgeting for cybersecurity is a bit like deciding between buying a sports car or investing in your retirement fund. The sports car seems more exciting but is a riskier proposition. Companies must decide how much to spend on employee devices, both in-office and at-home, and security.
Investing in a fully managed IT setup for each remote employee seems like the sports car option – expensive and flashy. But Burleson-Davis has seen that vendor consolidation and getting value from bulk discounts can make it more feasible. It’s like finding a mint condition sports car at a garage sale – it still requires a substantial investment, but it’s a deal you can’t pass up.
Convincing Leadership of The Importance of Cybersecurity
Perhaps one of the trickiest tasks in the realm of cybersecurity is convincing those at the helm of its importance, especially if they haven’t experienced the devastating effects of a ransomware attack or a security breach. After all, asking them to imagine a disaster is like telling them to picture a shark in their swimming pool. Unlikely, but terrifying nonetheless.
However, considering the costs involved in recovering from such incidents, investing in cybersecurity is akin to buying shark repellent — it’s a sensible precaution. Fortunately, industry trends suggest that most leadership teams are recognizing the importance of cybersecurity. The increasing acceptance of cybersecurity is like a collective sigh of relief as more swimmers are donning their shark repellents.
In the constant endeavor to provide robust, zero trust, explicit security solutions, one key factor is often overlooked in the cybersecurity realm: convenience. After all, if your shark repellent takes an hour to apply, it’s less likely to be used.
Striking a balance between security and convenience is a crucial tightrope. By integrating cybersecurity solutions seamlessly with the digital environment, an effective solution allows users to work securely and efficiently without being constantly reminded of the lurking threats.
Organizations are walking a tightrope with cybersecurity in hybrid work. The balance between maintaining productivity and ensuring security is precarious. Because when it comes to cybersecurity, every step matters. It’s about layering security solutions effectively, verifying identities meticulously, and nurturing a culture of cybersecurity awareness.
In the end, companies need to ensure that Bob, and all the other employees in their organizations, can perform their duties securely from any location. The tightrope act of cybersecurity in hybrid work might seem daunting, but with the right tools, techniques, and a relentless focus on explicit security, we can all stay balanced and secure.
Remember, in the world of cybersecurity, it’s not about preventing plates from falling – it’s about ensuring they never fall in the first place. As the nature of work continues to evolve, our approach to cybersecurity must evolve with it. In this new age of work, let’s commit to equipping our workforce with the tools they need to balance their responsibilities confidently, without fear of falling into the abyss of cyber threats. It’s a challenge, undoubtedly, but one we must meet head-on to ensure the future of hybrid work is as secure as it is flexible.
Organizations face a delicate balance in ensuring cybersecurity in the hybrid work landscape, requiring explicit security measures and a focus on convenience and awareness…>Click to tweet
Image credit: Sora Shimazaki/Pexels
Originally published in Disaster Avoidance Experts on May 18, 2023