As vaccinations continue to roll out and the global economy prepares to reopen, many businesses are planning to embrace a hybrid model of remote and in-person work. Many employees have enjoyed the benefits of flexibility over the past year, and employers realize that workers can be just as - if not more - productive while working remotely. These changes, while positive for a company's culture and workforce engagement, leave much to consider for IT teams. 

In 2020, IT leaders underwent rapid digital transformation practically overnight. Offices rapidly closed their doors and workers struggled to set up home offices while the world shut down around us. Meanwhile, remote workers, away from the built-in protection of in-office networks, became a target for cyber criminals. Now, as the world begins the next massive shift in work culture, IT teams should embrace the following measures to successfully adapt existing security practices to accommodate a hybrid remote work environment.

Maximize Visibility

As we move towards a hybrid remote and in-person corporate IT environment, maximizing visibility and effective management of devices, identities, and operating behaviors is critical. The rapid shift to worldwide remote work eroded the traditional enterprise security perimeter. IT and security teams that had not already invested in sound asset management, endpoint security, and identity management, were forced to move those disciplines to the top of the priority list. COVID-19 proved that there is truly no substitute for delivering a corporate tech stack and IT service desk that is optimized for, and thoughtful of, the needs of a mobile workforce. This will only become more important in a hybrid work environment. 

Embrace Zero Trust as the New Normal 

Whether employees are logging on to work remotely or socially-distanced in an office, assume workers are connecting from the worst possible network and design services and security around that standard. In the new normal of hybrid remote work, having no control over the network from which employees are connecting to business services demands strong validation to ensure that whoever appears to be accessing those services is who they say they are. Remote endpoint management tools and employees that are trained to use them effectively are vital to this success. IT departments should deploy mandatory annual (at a minimum) security awareness training for employees to help ensure effective security practices from every level within an organization.  

Require Multi-Factor Authentication

The past year has taught us that identity management and multi-factor authentication (MFA) is no longer optional. Passwordless authentication mechanisms are also rightly gaining traction as responsible measures to validate operator identities. To ensure endpoint protection with technology and personal devices functioning in a hybrid remote environment, IT teams must require MFA to ensure sensitive information remains proprietary as workers log on from less secure networks. Further, having the wherewithal to be alerted to and immediately respond to abnormal activities originating from a corporate asset is increasingly important. Otherwise, adversaries can go undetected for extended time periods, expose vulnerabilities and move laterally to high-value targets in the IT environment, greatly increasing the risk of data loss, theft, or fraud. 

Consider Security a Team Sport 

Effective security is a team sport that involves the deployment of tools, controls and policy, and shared ownership and awareness across the organization, especially in a hybrid remote work environment. It is not enough for a few people within an organization to monitor cybersecurity threats. All IT professionals must work together to ensure robust security practices are in place at all levels of the organization. Establishing a security council of cross-functional leadership to review and discuss security posture, events, and updates on a quarterly rhythm should be standard within organizations to prioritize effective security practices. IT teams should also look to establish and regularly test a clear incident response policy and plan to prepare for any incidents that may occur. 

Business leaders agree it is highly likely that many organizations will no longer see workers in the same location 40 hours a week as they did before the pandemic started. According to Gartner, 82% of company leaders plan to allow employees to work remotely some of the time.  With that in mind, it's vital that IT professionals start preparing immediately for this upcoming shift. While the world may return to some sense of normalcy, the global workplace is forever changed - it's time for IT teams to get ahead of hybrid remote work now to optimize success in the near future. 

##

ABOUT THE AUTHOR

As CIO, Chris Conry heads Fuze's global IT and information security functions, leveraging more than two decades of experience in IT and operational leadership, with a primary focus in growth-oriented high-tech businesses. Chris is a purveyor of cloud-first IT strategy and has a strong track record of delivering agile, business-enabling solutions for private and public enterprises.

Prior to joining Fuze, Chris drove large-scale IT transformation efforts, led IT integration activities for several mergers and acquisitions, and was accountable for corporate security and compliance as the vice president of IT & office services at Arbor Networks, The Security Division of NETSCOUT (NASDAQ: NTCT). In addition to Arbor, Chris held IT leadership roles at NMS Communications, GE Automation and Intellution.

Chris holds a BS in CIS from Bentley University and an MBA from the F.W. Olin Graduate School at Babson College.