Johannesburg, 17 Aug 2022
Implementing Zero Trust in a simplified, consolidated environment will help organisations overcome some of the challenges they now face as workplaces transition to hybrid environments.
This emerged during an executive roundtable on securing hybrid work, hosted by Netskope in partnership with ITWeb this week.
Rich Davis, head of cyber security strategy EMEA at Netskope, said hybrid work no longer meant only employees working from home or the office: “It’s not just about location, it’s about multiple locations, devices, applications and identities. It’s becoming about culture and a new mentality, where people want the choice now to work for a company anywhere. This creates complexity for the organisation, which must contend with remotely patching devices, onboarding new staff and machines, and enabling productivity outside of the typical traditional security environment.”
One trend to come out of the pandemic is that organisations can’t put in the same stringent controls they did in the past, Davis said. “How we give people access and how we enable people to do their jobs will be questioned. If our people believe they are more productive and agile using shadow IT tools, should we be supporting that? And how do we do so in a safe and secure manner? We need to provide secure access anywhere, for anyone, to any device.”
Davis said another consideration in a hybrid work era is that organisations must now do more than they had to in the past to attract skills. “To encourage and retain staff – particularly millennials – we must ask if controlling what devices people can use and what they can access is a sustainable approach. Many organisations are asking ‘what are we allowing people to do and how will we support that?’. User experience is key, and we can’t take the stick approach to security that we used to take,” he said.
Roundtable participants said their organisations were challenged in protecting data when staff based at home used unsanctioned devices, or when they worked for more than one company.
Participant Adrian van Eeden, CIO of GIBS, said it was common in academia for employees to have their own businesses or work for more than one educational institution: “It can be tricky because you don’t know what people are doing with your assets – there are issues such as security, compliance and license management to consider. We’re saying this might be the way the world is going, and we’re taking the role of an enabling employer.”
Davis commented: “People I talk to every day question whether to allow unsanctioned apps, and the impact of the company’s data going where it shouldn’t.”
He said the risks in this emerging environment encompass demographics, legal/regulatory, political, environment, technology, geographical and economic risks. However, where there is risk, there is opportunity, he said. “If we can enable people to work better and give the business a competitive edge, security becomes an enabler,” Davis said.
He noted: “Business needs speed and scale, and there is a war for talent, and security needs to support the business to address these needs. Supply chains are essential and must be protected, and we also need to protect the edge – which is now everywhere.”
The key technology principles for supporting hybrid work are to accelerate and simplify, consolidate, create convenient convergence points, reduce latency, remove friction, adapt for multi-cloud, develop skills for the future and build in fast and granular data protection, Davis said.
The hybrid work transition demands secure digital transformation across networks, cloud and data, underpinned by a Zero Trust approach and a converged network and security platform, he said. “Teams, and businesses as a whole, are undergoing transitions. I’ve seen networking and security teams going about their separate transformations, but they are so interlinked they need to be addressing this together. We need to look at how the technology stack influences staff recruitment and retention and supports hybrid work,” Davis said.
To provide fast and secure access from any device and any location, many organisations are now looking at how Zero Trust can be mapped across networks, security, apps and data, he said.
“It’s not just about applications, it’s also about data exchange in various instances and how we govern what users are allowed to do. We have to remove implicit trust, refine least privilege access and continuously monitor the environment right down to data level – governing what content is in a file being uploaded to a third party application, or what content is being pasted into somebody’s personal Gmail account. We need to allow people access where they should, support hybrid work and support shadow IT to an extent, and still secure the organisation,” Davis said.
“Zero Trust is the right way to solve the challenges. But it is going to add work – first, you need to understand what the business is trying to achieve, gaining visibility into the applications in use, knowing what the business’s crown jewels are, and then building out a framework to allow the organisation to deploy new technology very quickly and support a hybrid work model.”
Share