How to move security to the edge to protect the changing workplace

Experts warn that the eventual shift to a hybrid workforce introduces new security threats. As the pandemic eases, it’s expected that many organizations will allow employees to choose where they want to work on any given day.

That calls for a new approach to security, said Kurt Roemer, Chief Security Strategist with Citrix Systems at a CanadianCIO virtual roundtable with IT leaders in western Canada. “We need to design for the hybrid workforce,” said Roemer. “In this environment, security has to follow individuals and their devices no matter where they are.”

Roundtable participants acknowledged that new strategies are necessary. As one IT leader from B.C. put it, “We built a castle with a drawbridge and a moat. Those are gone and the walls are coming down.”

This is all part of digital transformation, Roemer said. Participants discussed some of the key aspects that should be included in a multi-layered security strategy to prepare for the hybrid workplace:

Secure Access Service Edge (SASE)

A SASE framework brings the network and security together into one single-pass architecture with unified management. This moves the security from the data centre closer to the users so that employees can have the same security and experience wherever they are, said Roemer. He noted that traditional VPNs do not offer sufficiently granular security controls to do this and don’t provide the same experience because they still go through the corporate network.


The SASE approach is based on the cloud. However, one health care executive said cloud can still be a challenge because of data residency and privacy requirements. Another IT leader noted that cloud providers are now making it easier to maintain data residency in Canada.  As well, the security best practices for cloud have matured and are exceptional, said Roemer.

Innovative solutions will be needed for organizations that have critical operational and privacy requirements like health care, said Roemer. For example, he suggested that they could use cloud resources offline or containerize them so that continuity is always maintained. “It’s about resilience,” he said.


A software defined wide-area network consolidates your network edge infrastructure and manages everything from a single location. “It helps push the endpoint security to where the user is,” said Roemer. It improves performance by prioritizing certain streams of traffic and, as one IT leader pointed out, it also helps to reduce network costs.

Zero Trust

Zero Trust involves moving away from the enterprise trust model to an approach where you shouldn’t implicitly trust anything, said Roemer. “After declaring Zero Trust, every access attempt is evaluated to ensure it’s appropriate according to identity and within the context,” explained Roemer.

Data loss prevention (DLP) tools and network micro-segmentation can also play an important role in a Zero Trust environment. “DLP supports data classification so you protect the most important data and eventually get to the holy grail of automated data governance,” said Roemer. Micro-segmentation prevents hackers from being able to find their way to different parts of the network.

Participants said one of the biggest challenges is changing an organization’s culture.  However, as one IT Director in the resources sector put it, “You have to accept that security issues will happen and put the cultural change in motion now.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Cindy Baker
Cindy Baker
Cindy Baker has over 20 years of experience in IT-related fields in the public and private sectors, as a lawyer and strategic advisor. She is a former broadcast journalist, currently working as a consultant, freelance writer and editor.

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now