The Rise of Hybrid Work and the Need for Secure Data
In today’s modern workplace, the traditional concept of working solely in physical offices on corporate devices is rapidly fading away. Employees now have the freedom to work from wherever they choose, using their preferred devices and networks. As organizations embrace this shift and redefine their understanding of work, they must also reevaluate their approach to security.
Currently, more than 60% of corporate data is stored in cloud applications, leading to the dispersion of sensitive information across various clouds and locations. Users can access and share corporate data directly, bypassing traditional perimeter-based security tools that were once effective in enforcing corporate policies. The addition of more cloud apps further complicates the task of managing and securing these resources. Additionally, employees often connect to corporate resources using personal devices, neglecting traditional security protocols.
Faced with this situation, organizations may feel compelled to choose between security and access. Restricting access to safeguard data can impede users’ ability to perform their jobs effectively, making it an unsustainable long-term solution, especially when working with remote workers, hybrid workers, and third-party contractors.
Consequently, IT and security teams are confronted with a critical question: How can organizations protect sensitive data without hindering the productivity gained from hybrid work?
The Inadequacy of Legacy Tools
Traditional IT and security tools are ill-equipped to address the demands of the modern workplace. These outdated, appliance-based tools, including firewalls and on-premises secure web gateways, were originally deployed at the perimeter to defend against threats. However, they were designed for a time when employees primarily worked in the office or connected through virtual private networks (VPNs). Furthermore, most employees used corporate-owned devices, simplifying management with tools like unified endpoint management (UEM) and mobile device management (MDM).
While these tools can keep devices up to date and restrict access to certain apps, they lack visibility into evolving risks faced by users working outside the corporate perimeter. The COVID-19 pandemic amplified the need for remote work, causing many organizations to rely heavily on VPNs to extend the perimeter to wherever users are located. However, VPNs often slow down work processes and operate under the assumption that the perimeter remains a relevant security measure.
Nowadays, not only are employees working outside the perimeter, but most resources are also located in various cloud apps. On-premises tools struggle to monitor all potential threat vectors and provide insights into risks such as phishing attacks or risky apps.
Embracing a New Approach: Protecting Data
To maintain the productivity benefits of hybrid work while ensuring security, organizations must shift their focus from strict access rules to protecting data. Employees have become accustomed to working from anywhere and employing personal devices. Hence, effective security measures must revolve around safeguarding data wherever it travels, including within cloud apps, private apps, and personal devices. Locking down data as in the past may give a semblance of control but is no longer practical.
In a hybrid work environment, organizations require a security service edge (SSE) platform that combines a unified policy engine with data protection measures like data loss prevention (DLP), user and entity behavior analytics (UEBA), and digital rights management (DRM). Such a platform enables encryption of data and the ability to restrict access when necessary.
Data has emerged as the lifeblood of organizations, and as employees work flexibly on various devices and networks, security teams must adapt accordingly. Rather than viewing access and security as opposing forces, prioritizing data protection enables organizations to remain secure without sacrificing productivity.
Looking Ahead
As the shift to hybrid work becomes more permanent, organizations must recognize the necessity of securing their data in this new landscape. Relying on outdated tools designed for a different era and fixating on access restrictions is no longer viable. Protecting data wherever it goes remains paramount. By embracing a converged approach to security and investing in an SSE platform that prioritizes data protection, organizations can confidently navigate the era of hybrid work, reaping the benefits it offers while keeping their sensitive information secure.
About the Author
Sundaram Lakshmanan serves as the Chief Technology Officer at Lookout, leveraging over 20 years of experience in network and security product development. With a track record of delivering innovative and market-leading security products, he has successfully led global engineering teams and held key positions in renowned companies such as Juniper Networks and Blue Coat (now Symantec). Prior to Lookout, he founded and served as the CEO/CTO of Anicut Systems.