By Chris
Conry, CIO, Fuze
As
vaccinations continue to roll out and the global economy prepares to reopen,
many businesses are planning to embrace a hybrid model of remote and in-person
work. Many employees have enjoyed the benefits of flexibility over the past
year, and employers realize that workers can be just as - if not more -
productive while working remotely. These changes, while positive for a
company's culture and workforce engagement, leave much to consider for IT
teams.
In
2020, IT leaders underwent rapid digital transformation practically overnight.
Offices rapidly closed their doors and workers struggled to set up home offices
while the world shut down around us. Meanwhile, remote workers, away from the
built-in protection of in-office networks, became a target for cyber criminals.
Now, as the world begins the next massive shift in work culture, IT teams
should embrace the following measures to successfully adapt existing security
practices to accommodate a hybrid remote work environment.
Maximize Visibility
As
we move towards a hybrid remote and in-person corporate IT environment,
maximizing visibility and effective management of devices, identities, and
operating behaviors is critical. The rapid shift to worldwide remote work
eroded the traditional enterprise security perimeter. IT and security teams
that had not already invested in sound asset management, endpoint security, and
identity management, were forced to move those disciplines to the top of the
priority list. COVID-19 proved that there is truly no substitute for delivering
a corporate tech stack and IT service desk that is optimized for, and
thoughtful of, the needs of a mobile workforce. This will only become more
important in a hybrid work environment.
Embrace Zero Trust as the New Normal
Whether
employees are logging on to work remotely or socially-distanced in an office,
assume workers are connecting from the worst possible network and design
services and security around that standard. In the new normal of hybrid
remote work, having no control over the network from which employees are
connecting to business services demands strong validation to ensure that
whoever appears to be accessing those services is who they say they are. Remote
endpoint management tools and employees that are trained to use them
effectively are vital to this success. IT departments should deploy mandatory
annual (at a minimum) security awareness training for employees to help ensure
effective security practices from every level within an
organization.
Require Multi-Factor Authentication
The
past year has taught us that identity management and multi-factor
authentication (MFA) is no longer optional. Passwordless authentication mechanisms
are also rightly gaining traction as responsible measures to validate operator
identities. To ensure endpoint protection with technology and personal devices
functioning in a hybrid remote environment, IT teams must require MFA to ensure
sensitive information remains proprietary as workers log on from less secure
networks. Further, having the wherewithal to be alerted to and immediately
respond to abnormal activities originating from a corporate asset is
increasingly important. Otherwise, adversaries can go undetected for extended
time periods, expose vulnerabilities and move laterally to high-value targets
in the IT environment, greatly increasing the risk of data loss, theft, or
fraud.
Consider Security a Team Sport
Effective
security is a team sport that involves the deployment of tools, controls and
policy, and shared ownership and awareness across the organization, especially
in a hybrid remote work environment. It is not enough for a few people within
an organization to monitor cybersecurity threats. All IT professionals must
work together to ensure robust security practices are in place at all levels of
the organization. Establishing a security council of cross-functional
leadership to review and discuss security posture, events, and updates on a
quarterly rhythm should be standard within organizations to prioritize
effective security practices. IT teams should also look to establish and
regularly test a clear incident response policy and plan to prepare for any
incidents that may occur.
Business
leaders agree it is highly likely that many organizations will no longer see
workers in the same location 40 hours a week as they did before the pandemic
started. According to Gartner, 82%
of company leaders plan to allow employees to work remotely some of the time. With that in mind,
it's vital that IT professionals start preparing immediately for this upcoming
shift. While the world may return to some sense of normalcy, the global
workplace is forever changed - it's time for IT teams to get ahead of hybrid
remote work now to optimize success in the near future.
##
ABOUT THE AUTHOR
As CIO, Chris Conry heads Fuze's global IT and information
security functions, leveraging more than two decades of experience in IT and
operational leadership, with a primary focus in growth-oriented high-tech
businesses. Chris is a purveyor of cloud-first IT strategy and has a strong
track record of delivering agile, business-enabling solutions for private and
public enterprises.
Prior to joining Fuze, Chris drove large-scale IT transformation efforts, led
IT integration activities for several mergers and acquisitions, and was
accountable for corporate security and compliance as the vice president of IT
& office services at Arbor Networks, The Security Division of NETSCOUT
(NASDAQ: NTCT). In addition to Arbor, Chris held IT leadership roles at NMS Communications,
GE Automation and Intellution.
Chris holds a BS in CIS from Bentley University and an MBA from the F.W. Olin
Graduate School at Babson College.