Why Hybrid Work Has Made Secure Access So Complicated

Gone are the days of working only in physical offices on corporate devices. Employees now have the freedom to work wherever they want, using whatever device or network is most convenient for them. And as organizations change their idea of what work looks like, they also have to change their idea of what security looks like.

Right now, over 60% of corporate data is located in cloud applications, which means sensitive data is scattered across different clouds and locations. Users can access and share corporate information directly, bypassing the perimeter-based security tools that used to be effective for enforcing corporate policies. The more cloud apps you add, the more complicated it becomes to manage and secure them. And this security dilemma is compounded by the fact that people are often connecting to corporate resources with personal devices without following traditional security protocols.

In this situation, you might believe you need to make a tradeoff between security and access. Locking everything down by default will safeguard your data — but it will also prevent users from accessing the resources they need to do their jobs. That's not a good long-term solution, especially when you're working with a combination of remote workers, hybrid workers, and third-party contractors.

This brings up a pressing question for IT and security teams: How can organizations protect their sensitive data without hindering the productivity gained from hybrid work?

Legacy Tools Can't Keep You Secure

Traditional IT and security tools simply aren't cut out for the way we work today. These old-school, appliance-based tools like firewalls and on-premises secure web gateways were set up at the perimeter to fend off threats — but they only worked when everyone was sitting in the office or connected over virtual private networks (VPNs). On top of that, employees were almost exclusively using corporate-owned devices that were straightforward for organizations to manage with tools like unified endpoint management (UEM) and mobile device management (MDM).

These tools can help keep devices up to date or block access to certain apps, but they have no visibility into the risks your users are faced with, which are constantly changing as people work outside the corporate perimeter. As work from anywhere became more common due to the pandemic, many organizations began to rely fully on VPNs to extend the perimeter to where users are. But they slow down work and operate under the false assumption that the perimeter still matters.

It's not only your employees who reside outside the perimeter nowadays — most of your resources are located outside the perimeter, too, sprawled across countless cloud apps. Your on-premises tools just aren't equipped to keep tabs on all the possible threat vectors or provide insights into risks like phishing attacks or risky apps.

If you want to maintain the productivity boost that comes along with hybrid work while keeping your organization secure, you'll have to leave the idea of the perimeter behind.

Don't Choose Between Security and Flexibility

With hybrid work here to stay, it's no longer practical to expect employees to follow strict access rules. People have gotten used to working from anywhere and using their own devices. So, to make sure your security measures are effective while still allowing for flexibility, your focus needs to be on one thing: data.

This means you need to find a security solution that protects your data wherever it goes — and that includes cloud apps, private apps, and people's personal devices. You can't lock down your data like you used to, so it may feel like you're losing control. But really, it's the first step toward a new, converged approach to security.

To stay secure in a hybrid world, organizations need a security service edge (SSE) platform that combines a unified policy engine with data protection features like data loss prevention (DLP), user and entity behavior analytics (UEBA), and digital rights management (DRM) that enables you to encrypt data and restrict access when necessary.

Data is now the lifeblood of your organization, and as people work wherever, whenever, and on any device, security teams need to adapt. Instead of focusing on the false dichotomy between access and security, focusing on data protection will enable your organization to stay secure without sacrificing productivity.

About the Author

Sundaram Lakshmanan is the Chief Technology Officer at Lookout. He brings over 20 years of network and security product development experience and has a successful track record of delivering innovative first-to-market and market-leading security products, as well as leading the global engineering team. Prior to Lookout, he was the founder and CEO/CTO of Anicut Systems, a Distinguished Engineer at Juniper Networks, and held senior positions at Blue Coat (now Symantec).