Experts warn that the eventual shift to a hybrid workforce introduces new security threats. As the pandemic eases, it’s expected that many organizations will allow employees to choose where they want to work on any given day.
That calls for a new approach to security, said Kurt Roemer, Chief Security Strategist with Citrix Systems at a CanadianCIO virtual roundtable with IT leaders in western Canada. “We need to design for the hybrid workforce,” said Roemer. “In this environment, security has to follow individuals and their devices no matter where they are.”
Roundtable participants acknowledged that new strategies are necessary. As one IT leader from B.C. put it, “We built a castle with a drawbridge and a moat. Those are gone and the walls are coming down.”
This is all part of digital transformation, Roemer said. Participants discussed some of the key aspects that should be included in a multi-layered security strategy to prepare for the hybrid workplace:
Secure Access Service Edge (SASE)
A SASE framework brings the network and security together into one single-pass architecture with unified management. This moves the security from the data centre closer to the users so that employees can have the same security and experience wherever they are, said Roemer. He noted that traditional VPNs do not offer sufficiently granular security controls to do this and don’t provide the same experience because they still go through the corporate network.
The SASE approach is based on the cloud. However, one health care executive said cloud can still be a challenge because of data residency and privacy requirements. Another IT leader noted that cloud providers are now making it easier to maintain data residency in Canada. As well, the security best practices for cloud have matured and are exceptional, said Roemer.
Innovative solutions will be needed for organizations that have critical operational and privacy requirements like health care, said Roemer. For example, he suggested that they could use cloud resources offline or containerize them so that continuity is always maintained. “It’s about resilience,” he said.
A software defined wide-area network consolidates your network edge infrastructure and manages everything from a single location. “It helps push the endpoint security to where the user is,” said Roemer. It improves performance by prioritizing certain streams of traffic and, as one IT leader pointed out, it also helps to reduce network costs.
Zero Trust involves moving away from the enterprise trust model to an approach where you shouldn’t implicitly trust anything, said Roemer. “After declaring Zero Trust, every access attempt is evaluated to ensure it’s appropriate according to identity and within the context,” explained Roemer.
Data loss prevention (DLP) tools and network micro-segmentation can also play an important role in a Zero Trust environment. “DLP supports data classification so you protect the most important data and eventually get to the holy grail of automated data governance,” said Roemer. Micro-segmentation prevents hackers from being able to find their way to different parts of the network.
Participants said one of the biggest challenges is changing an organization’s culture. However, as one IT Director in the resources sector put it, “You have to accept that security issues will happen and put the cultural change in motion now.”