Mitigating Security Risks As a Hybrid Organization

The pandemic has hastened our transition into the world of hybrid work. With most organizations becoming hybrid today, the workforce is more spread out than ever, more data is hosted and transferred across the cloud, and security risks are at an all-time high. Illumio CTO and co-founder, PJ Kirner, unpacks how business leaders can incorporate Zero Trust strategies into hybrid work and resilience plans.

The way we work has fundamentally changed over the last few years, and workplace and business leaders must now determine what protocols to put in place at their organizations to make the teams most successful. Specifically, the hybrid work model is quickly becoming the standard for most office workers. According to a recent AT&T survey, 81%Opens a new window of business leaders expect hybrid work to be the primary workplace model by 2024, up from 42% in 2021.

This increased adoption of hybrid work comes at a time when the threat landscape is expanding – as organizations continue to accelerate cloud adoption (which leads to more complexity and gaps between cloud environments) and connect more devices to the internet, often at times with a lack of network visibility for those devices that are at home.

With attacks on the rise (in the past two years alone, 76% of organizations have been attacked by ransomware, and 66% have experienced at least one software supply chain attack), cybersecurity must factor into every hybrid strategy. Here’s what business leaders should keep in mind as they adapt their future-of-work plans to keep the hybrid workforce secure, enhance organizational resilience, and ensure business continuity in the face of today’s dynamic threat landscape. 

Adopt Zero Trust and Assume Breach

Zero Trust is a cybersecurity strategy that makes organizations more resilient to these attacks. Forrester writesOpens a new window , “Zero Trust is an information security model that denies access to applications and data by default” – in other words, it minimizes implicit trust.

Zero Trust is predicated on assuming a breach. However, despite Zero Trust being a widely accepted best practice, many security leaders don’t believe their organization is at risk. According to research conducted by ESG, while more than one-third of respondents have been victims of a successful ransomware attack and 90% list Zero Trust as a key security priority for this year, nearly half of security leaders do not believe they’ll be breached. 

Today, breaches are bound to happen. There are too many avenues for bad actors to exploit to gain access to an organization, too many blind spots, and too many unknowing insiders that can inadvertently put their organization at risk – especially in a hybrid work world. For example, consider all the remote workers using their local coffee shop Wi-Fi to do work or take business calls or working from a hotel on the road — they’re connecting to unsecured wireless networks, and that network could be a vector for an attack.

What’s more, today’s hyperconnectivity invites even more risk into the equation as the software supply chain grows. Modern organizations today must assume breach. Additionally, with the attack surface widening, organizations need to shift their security approach to focus on building security from the inside out. The days when organizations could focus solely on keeping bad actors outside perimeter walls by relying mainly on security at a perimeter are long gone – hybrid work is another thing eroding any efficacy of perimeter controls.

Putting Zero Trust into Practice 

When it comes to advancing or accelerating your Zero Trust journey, the best strategies start with visibility – understanding your whole hybrid environment. You need to be able to see communications between workloads, applications, and endpoint devices (i.e., laptops) across the entire distributed IT estate, at home, at the hotel or in the office to accurately understand and respond to threats and pinpoint risk proactively.

From there, prioritize. Organizations should focus on shoring up their most high-value or at-risks assets first. Then, you can determine which security controls are best suited to address your unique operational and environmental needs. While it may seem that you need to get on the Zero Trust bandwagon, it’s more important to take time and analyze your present business situation and future scope before taking the plunge. Your high-risk assets need a stronger security stance, but so does the rest of your organization and every process within it. It’s wiser to take a step back, plan better and then invest in scalable security that fits your present and projected needs.

Make Progress Now

According to ESG’s researchOpens a new window , 39% of all security spending over the next 12 months is earmarked to advance Zero Trust initiatives – it’s a key priority for most organizations. In light of this, my biggest piece of advice is to get started now. It can be tempting to wait to create “perfect” plans on paper before making tangible progress, but we’re not any more secure until we implement the security controls. So, make incremental progress ASAP. 

As hybrid work remains the norm, so too will the risk associated with it – the time to reduce risk and build resilience to attacks is now. The key to smarter, efficient and effective security in our hybrid environment is to embrace technology offerings like Zero Trust that enable protection for systems, processes and resources across the organization. Are you ready to make progress on your path to smarter security?

How are you building a more resilient organization with Zero Trust? Share with us on  FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

MORE ON HYBRID WORK: 

• Challenges and Advantages of Hybrid Work Setup You Should Know
• The Next-Gen Office Will Lean on Hybrid Workforce: Here’s How To Develop It
• Mastering Security in a Hybrid-Work Setting

Image Source: Shutterstock