Our POV: The State of Hybrid Workforce Security 2021

BrandPost
Dec 22, 2021
Data and Information SecurityIT Leadership
Palo Alto Networks
Credit: iStock

By Jason Georgi, Field CTO, Prisma Access / SASE at Palo Alto Networks

What Is This Report?

The State of Hybrid Workforce Security 2021 report looks at how organizations are viewing the challenges and opportunities of hybrid work as the need for a long-term plan to enable secure hybrid work has become increasingly paramount. The independent third-party research firm ONR interviewed 3,000 enterprise IT professionals from around the world. The study included C-level executives as well as practitioners.

Why Is It Important Now?

With the onset of the pandemic, remote work moved from being an optional alternative for convenience to a new standard, as it was often the only way many organizations were able to continue functional operations.

At this point in the pandemic, the reactionary phase of racing to give employees access to enable remote work has already passed. Organizations are now grappling with the new normal, where employees expect to be able to work remotely, as well as in the office, in a hybrid approach.

Chasing limits on stopgap measures for enabling remote work no longer makes sense. As the reality of the new normal sets in, the time for assessing what works, what doesn’t, and what’s next is here.

Now is the time of reckoning to identify the gaps and figure out a strategy for what’s next. Securing hybrid work is a very real thing that organizations and business leaders must face if they want to attract and maintain talent.

Key Takeaways

  • The majority of organizations faced challenges with enabling secure remote work access. The report found that 61% of organizations struggled to properly enable security for work from home at the onset of the pandemic.
  • Nearly half (48%) of organizations admitted that they compromised on risk mitigation and security controls in order to enable remote access for employees. Adding further insult to injury, 35% of organizations noted their employees purposefully disabled security measures for remote access.
  • On a positive note, 71% of organizations reported that employee satisfaction has grown since shifting to remote work, which is a good thing since only 15% expect to return to traditional inoffice operations. The report also found that 44% of organizations expect to keep more than half of employees remote, with a majority expecting to support a hybrid environment.
  • Looking to the future, the majority of organizations (71%) responded that the expectation is for security to be mostly handled in the cloud over the next 24 months as the move to secure hybrid workforces continues.

Our Advice for Leaders:

Make Securing Hybrid Work a Strategic Opportunity

Look Beyond the Traditional VPN

In the past, enabling remote access simply meant provisioning VPN resources. Today, with hybrid work as the norm and applications residing on-premises and increasingly in the cloud, the traditional approach to VPN just isn’t enough.

During the pandemic, legacy applications sitting in data centers started failing. Users would try to access their usual apps over VPNs, and many of those applications were latency-sensitive, and therefore, meant to be accessed on-premises or over low-latency connectivity. Backhaul VPN architectures were a poor match for workforces trying to do their jobs from home.

Cloud and software-as-a-service (SaaS) applications were impacted as well due to the backhaul of VPN user traffic to the data center, just to be directed back out to the internet. This led to the painful challenge of remote users turning off the VPN so they could improve the performance of accessing cloud and SaaS resources. As a result, many users were directly accessing SaaS services without any augmented security whatsoever. This created both a visibility gap and holes in organizations’ security postures. Simply put, enterprises can’t secure what they don’t see.

For these reasons, it’s incumbent on organizations to look beyond the legacy VPN approach to a more modern, resilient access approach that provides security and visibility regardless of where the traffic is going, whether to the data center, to the cloud, SaaS or web.

Use the Cloud to Secure Hybrid Work

The report clearly showed that organizations are increasingly planning on making use of the cloud to secure remote and hybrid work. The cloud helps organizations provide availability and resiliency in an approach that scales as needed.

Cloud-delivered security is a very parallel mindset to cloud adoption for IT business applications, where there is limited capacity on-premises. While the cloud can be more cost-effective, the larger benefit is often about agility, giving organizations the capacity to scale on demand as situations and usage patterns change.

Secure the Work Environment at Home with Zero Trust

More often than not, working from anywhere means mixing home access with corporate access, which can represent a risk for enterprise security. Today, being able to ensure at-home workers are as secure as on-premises is critically important.

That means having the right approach to security for access, no matter where the user is located. A Zero Trust approach makes sure that only identity-based access is granted to applications, and security is constantly monitored and evaluated. Policies based on a Zero Trust strategy can help to limit the risks of a home environment, providing a layer of inspection and control for every time a device attempts to access a corporate resource.

Consolidate and Rationalize

The time is right for IT leaders to turn to their teams and gain a clear understanding of what they actually have in place. While the initial response to the pandemic was reactionary, now is a moment to assess an organization’s app and security landscape and what is actually providing access to users no matter where they are, whether they’re at home, in the branch, or anywhere in between.

Rationalizing the purpose and usage of solutions that are in place today provides a real opportunity for consolidation—one that did not seriously exist previously. Many organizations will be able to drive better outcomes around security posture, reducing risk, and improving total cost of ownership.

Consolidating the number of disparate tools in use to provide secure user access improves security posture consistency and reduces the number of policies that have to be administered. Besides reducing needed multi-product training and management effort, a platform approach drives better economies of scale, resulting in a lower total cost of ownership. Net-net, consolidation delivers a far more effective approach for security.

Refocus on the Digital Agenda

Savings from consolidation can and should be reinvested in digital transformation—especially those projects that were put on hold in order to react to the urgency of sending workers home at the start of the pandemic. Instead of provisioning overlapping and duplicate resources for remote work, IT resources can be re-injected in digital initiatives that help to move the business forward. Optimized resources can be leveraged for initiatives like moving applications out of on-premises deployment and refactoring them to be modern cloud native applications.

What The State of Hybrid Workforce Security 2021 report clearly shows is that many organizations have been faced with challenges securing the remote workforce. Simply put, there are a lot of organizations in the same boat.

Now is the time to solve the challenges and embrace hybrid work in the right way so that employees can work effectively. By making use of cloud-based security technology that enables a Zero Trust approach that can help to secure all application traffic and home users, organizations will be able to focus on what matters—pushing forward their digital agendas.

Read the full State of Hybrid Workforce Security report here.

About Jason Georgi:

Jason is the Field CTO for Prisma Access / SASE at Palo Alto Networks. An accomplished technology executive with 25 years of experience, Jason leverages his extensive background in technology solutions to work with C-level executives on enabling business outcomes through technology and security strategy.