A New Security Focus for a Hybrid World

A Gartner survey last summer reported that 82 percent?of company leaders said they would allow at least some of their employees to work remotely sometimes for the indefinite future. As this past year has played out, companies have continued to iterate on exactly what that would mean for their employees, but across the board, one word has dominated future of work discussions: flexibility.

Why flexibility is a priority is clear. Hybrid workplaces can improve work-life balance and employee retention. How we engineer flexible workplaces, however, is more complicated. From an IT standpoint, working from home created fertile new ground for cybercriminals. With remote work becoming a more constant part of the landscape, security solutions and postures need to become more durable as well.

IT leaders and employees are rightfully concerned about protecting their employers’ information as well as their own personal information, especially as the ways we are using our devices continues to evolve. At HP, we’re having more frequent and meaningful conversations with customers who want to prioritize security and prepare for the next phase of remote and hybrid work. With this in mind, I thought it would be helpful to share three of the most pressing questions my team is fielding from customers these days.

?1. How do we manage shared network environments?

Once upon a time, everybody was issued a company laptop that they used specifically for work. Today, practically every device is a mixed-use device. A laptop that an employee uses for work could also be used for entertainment, or for homework. A spouse may use it for online shopping.

At the same time, more devices than ever are connecting to home networks. With the rise of the internet of things, many households may even have more devices on the network than they realize. In these environments, it’s dangerous to assume every user is who they say they are. Zero-trust approaches to authentication and access management are likely to be a key part of the answer to this challenge. These approaches are difficult to manage without friction, however. The best systems attempt to understand what users are doing and match those actions to the appropriate security policies.

Where we previously looked at security as a fence around a device, now that devices can go anywhere it’s harder to ensure they are secure. Our HP Sure Click Enterprise security system goes a step further, walling off everything a user opens. Files, applications and webpages each get their own virtual machine. If a user clicks a malware attachment, it can’t infect the device itself. This is just one example of a solution built for a world in which our devices have taken on new meaning and uses.

?2. How can we reduce the potential for human error as threats are increasing?

Some device security issues can be solved with good “security hygiene” practices. ?Most of us lock our doors at night as a bare-minimum security precaution. But how often do people do the same with their computer? Whether in a home or office setting, employees need to take better care to secure their physical devices and make sure to log out of any systems that could be targeted on the network. We should be re-educating employees about the evolving security best practices that are needed in hybrid work environments.

Human error is also to blame when cyber attackers gain access to systems by using social engineering. The Colonial Pipeline and JBS meat packing facilities were just the latest in a long string of ransomware attacks. Reading a convincing phishing email could be all it takes to let a criminal into the organization. Training people to recognize phishing or other fraudulent attempts to secure data is vital.

Companies must also broaden their approach so that security is baked into technology more comprehensively. Automation that can mitigate or eliminate human errors is critical. Tools like HP’s Sure Start self-healing BIOS offer another layer of protection as hardware detects and repairs problems before users even know they exist.

3. How can we better secure our government/corporate data?

Secure access starts with zero-trust authentication and technology tools that reduce the chances for human error to introduce threats. It also requires rethinking the way we interact with devices and data. The more distributed computing environments become, the less secure it is to keep data on local devices. Secure cloud solutions that use a fast, secure virtual desktop infrastructure effectively take the physical devices out of users’ hands.?

These types of setups also eliminate some of the problems with mixed-use devices and household networks, since they allow companies to bypass them entirely. From a security standpoint, virtual cloud solutions shift focus to endpoint protection and secure remote access.

Getting security wrong can be costly

Ultimately, we need to change how we think of computers themselves and look at them as security devices, rather than computing devices. From a practical perspective, that means IT departments need to understand that that investing in new devices is more than an exercise in acquiring lowest cost technically acceptable hardware, but also taking a new approach that prioritizes device and network security. Getting a cheap price on hardware won’t matter if you end up spending millions of dollars to remediate a security breach.

As the global workforce continues to evolve, security protocols have to advance even faster. The feasibility of long-term hybrid work depends on it. I look forward to helping HP’s customers as they create the flexible, collaborative and secure workplaces of the future they want for their employees.