Covid 19 has changed what we think of as the office. Workforces in many industries across the globe have shown that they can still be productive, if not more so, when working outside of an office environment, and companies are waking up to the fact that they needn’t spend the cash on a huge office space. While this may be good news for company pockets, this change comes with a host of new responsibilities that need to be taken ownership of if the future world of work is to remain safe and secure.
New responsibilities for the new normal
Enterprises are already starting to take stock of where their money is best invested and whether putting company resources into equipping the home offices of their workers is a more economic and efficient path. This, of course, comes with its own complications: should businesses be paying for the fastest home broadband connection and secure routers for their workers? What happens if a security incident takes place within a worker’s home, rather than the office? Where does corporate responsibility and liability begin and end in an employee’s home?
While each organization’s approach will depend on each company’s specific needs and the industry’s particular constraints, regardless - working this out will require a council of business leaders, across HR, legal, tech and security, and a secure infrastructure base from which employees can depend on. Not only do the organization’s responsibilities need to be considered - employees themselves have also developed expectations of the new work from anywhere lifestyle, demanding a seamless and equal experience whether they are working in an office building, from their home, a coffee shop, or at a train station.
IT teams have arguably faced the harshest pressures to make any combination possible – as long as employees could do the work. As such, many were forced to rush through solutions that allowed a workforce to move out of the corporate network and work remotely, adopting fast fixes that may have seen holes in their security measures. Sacrificing these solutions increased productivity and protected the bottom line - but unfortunately, penalized organizations’ security posture.
Breaking out of the shell
The good news is that many organizations have started to see the need to invest in ensuring the last-minute Covid-19 driven emergency workarounds are being developed into practical infrastructure for the future. Most organizations today have already incorporated aspects of a workable borderless enterprise. However, many security teams still cling to a traditional “hard shell” perimeter security mindset which may conflict with the demands of other parts of the business, and holds organizations back from the full benefits of embracing a totally borderless network that would provide the productivity and cost advantages that a finance team so desires.
Thankfully, companies are now looking towards new ways of providing secure traffic, for example through zero trust network access (ZTNA). This allows employees and users to be connected directly with their dedicated assets, without opening up the entire network to provide access to an application, re-establishing trusted “plumbing,” – which is a key building block for any organization operating with a potential model where every single employee becomes a branch office. This new approach to security achieves the same corporate-level protections for organizations, but supports a more agile, productive and cost-effective work culture at the same time – pleasing the wider business.
However, establishing this trust is no longer as simple as just putting your hands on a box and administering it, but requires building a partnership with a cloud security service provider. The security provider must therefore ensure to establish and maintain this trust as part of its core business model, and learn how to divert the trust that IT teams have built over years with physical infrastructure – and shift it toward zero trust. While technology is undoubtedly paramount, having a good relationship with a provider that can not only implement zero trust within an organization but also has the ability to discuss any worries or doubts, is crucial when building a borderless enterprise.
An even more beneficial component of this new frontier is the secure access service edge (SASE), which automatically applies identity- and destination-based policies independent of where users are – in addition to the above connectivity to known assets and connections to the wider internet. This allows employees to directly connect to the internet in a safe manner – even beyond the corporate perimeter.
As revealed in our recent EMEA State of Digital Transformation report, 55 percent of EMEA organizations are already looking into SASE solutions. As IoT and Operational Technology device popularity increases, there will be more data than ever processed at the edge. As more compute is also done at the edge, it increasingly makes sense to move security closer to this data to reduce latency and bandwidth requirements. This will be important, as data, CPU, and memory are still bound by Moore’s Law, meaning the stresses placed on networks will increase. Network latency will present the key puzzle for organizations to solve, and they’ll be able to solve it with SASE.
From remote to universal
In the future, we can expect to see more examples of hybrid working models as companies gradually, and at their own pace, return some staff to offices, while many continue to work from home. By 2021, we should no longer be making a distinction between office-based and remote access. The shift to remote work imposed by the pandemic has proven that employees can work productively from any location.
What matters is that employees can rely on seamless and secure connectivity regardless of their location. As such, we will see higher security risks for IT teams, and new pressures on other functions of the business. If organizations are to achieve this model and mitigate the new risks, IT teams will need to rethink their hard perimeter instincts, while business leaders will need to ensure they assign the right responsibilities to the correct teams and embrace new methods of building solid foundations from which to thrive on.
Marc Lueck, CISO EMEA, Zscaler