Digital workplaces and security, the difficult balance

By Chris Vaughan, Area VP and Technical Account Management, EMEA at Tanium

  • 2 years ago Posted in

Digital workplaces, or virtual collaborative spaces, represent the new modern digital HQs, enabling companies to navigate the COVID-19 crisis and successive lockdowns while limiting the damage to their organisation. As we look to the future, it’s clear that work will be hybrid and digital workplaces now have their place in the information systems of organisations worldwide. But to take full advantage of their benefits, it is necessary to anticipate and respond to the associated security challenges presented by this new era of work.

Benefits and challenges of digital workplaces

While digital transformation was already underway for many companies depending on maturity and sector, the pandemic accelerated this process significantly. It is now inconceivable to turn back the clock, given the numerous advantages for employees: flexibility in terms of work location and hours, transparency and fluidity of exchanges, and ease of connection.

The adoption of digital workplaces and introduction of collaborative platforms like Slack or Teams has freed employees from the constraints of office work only policies. That said, expanding beyond the traditional on-premises work environment has significant impact on the boundaries of IT networks, with a large number of devices geographically distributed. While employees’ ability to work remotely allows organisations to ensure continuity of service during lockdowns, this new paradigm raises important security issues.

Visibility and control

While employees’ devices and the software they use are at the top of the IT system pyramid, it is important to remember that they might be connecting to other servers. Bottom line is that wherever these devices are, the IT department needs to be able to see and manage them to secure them. What's new is that these assets, which used to be located only on the company's premises, are now widely distributed across private homes, semi-professional coworking spaces, etc. and are often connected to unsecured Wi-Fi hotspots.

This poses several challenges for IT managers. First, you must be able to identify all your assets, wherever they are, even if they only connect temporarily and change location regularly. Once identified, you must be able to know their configuration: has this machine that only connects remotely from time to time received and installed the latest critical patch? Remote or not, operating systems and applications need to be up to date to maintain cyber hygiene and reduce the risk of cyberattacks. This means having the ability to intervene if needed on a multitude of networks, with very different bandwidths and security levels depending on where you are.

The problem arises again when employees then return to the company's offices. It is imperative to be able to check the security level of the workstation and, if necessary, isolate it until it is brought into compliance.

License management

Another key consideration concerns service and license management. IT departments must be able to identify and adapt the digital applications and services available to employees according to their actual needs. For example, an employee working in a store will not need the same services

as an employee in charge of inventory or supply chain, even though both need digital services that are integrated into the company's overall digital workplace.

This approach to streamlining applications and services can result in significant savings on licensing costs, which are too often overlooked. Indeed, under the guise of small monthly expenses, the addition of these license costs can represent a very significant expense item.

Controlling assets in the event of an international crisis

The last question to be asked has been raised by recent international crises, whether pandemic or geopolitical conflicts. It is a question of ensuring that we always have visibility and control over all assets, even if they are distributed in other parts of the world. While we can hope that this type of crisis rarely happens, it is the responsibility of IT departments to anticipate and prepare accordingly. International organisations should be able to quickly identify and, if necessary, isolate or even erase critical data from these desktops and servers, or risk having it fall into potentially hostile hands. And this must often be accomplished with few local human resources and degraded internet access. This should be a key consideration for any global organisation when choosing asset management and security tools.

Not only do digital transformation and digital workplaces represent excellent growth opportunities for organisations, but they also meet the level of service that users now expect from their employers. However, it is important to properly anticipate the security challenges associated with these evolutions and to prepare your organisation accordingly, or risk falling victim to the next data breach.

By Darren Thomson, Field CTO EMEAI, Commvault.
By Oliver Feiler, Head of Global Alliances and Strategic Partnerships EMEA, Nozomi Networks and...
By David Higgins, EMEA Technical Director at CyberArk.
By Manuel Sanchez, Information Security and Compliance Specialist, iManage.
Anita Mavridis, VP of Product at Zivver, and Sue Musumeci, Director of Quality & Clinical...
By Danny Lopez, CEO of Glasswall.
Nadir Izrael, Co-Founder and CTO at Armis discusses the importance of critical infrastructure...
By Darren Thomson, Field CTO EMEAI at Commvault.