Enterprise security executives are currently grappling with ways to secure their employees' network access and data privacy as new workforce trends continue to take shape. Recent reports show 40% of Gen Z employees plan to take a 2022 "workcation" — working remotely while traveling rather than taking paid time off (PTO). Deloitte's 2022 travel outlook reveals workers who intend to participate in this "workcation" trend plan to also travel twice as much as employees who prefer regular PTO.
This traveling work trend is causing companies to evaluate the strength of their security and network access. Employees are beginning to connect their work devices through international networks and services that are not regulated or monitored, increasing vulnerabilities for hackers, ransomware and other cyber threats. As this trend continues, here is what security executives and IT leaders should consider:
Update legacy security infrastructure with modern systems
With more employees traveling more frequently, traditional connectivity solutions, such as the virtual private network (VPN), will not provide adequate data privacy and security. While a VPN does allow workers to access company documents and data from anywhere with internet access, this model also assumes anything that passes through its perimeter can be trusted automatically and completely (usually referred to as the "castle and moat" security model). Essentially, anyone who is able to enter the network via the VPN can then access and even exfiltrate all company data found within that perimeter. It’s easy to see how VPNs can appear quite appealing to hackers and cyberattacks, especially as employees connect to their company networks in airports, foreign countries and locations that are less secure than their homes or offices.
One way of bolstering the security capabilities of an existing VPN is by running it alongside a more advanced network security solution, such as a zero trust network access (ZTNA) model. In adherence with the zero trust security framework, ZTNA solutions facilitate secure connectivity by ensuring no trust is automatically given to any entity at any time. Instead, trust must be granted explicitly (and then verified continuously) according to the ID of the user or device — allowing traveling workers to connect safely from any location, and only to applications they are granted access to so that lateral movement of malware is not possible. In a model precisely opposite to the VPN, ZTNA never grants access to the complete corporate network, effectively hiding sensitive information and applications from bad actors.
Because the prospect of shifting to an entirely new security model can feel overwhelming, many organizations see benefits in temporarily adding ZTNA to their VPNs. This allows them to experience firsthand the advantages of the new approach before commiting to a full migration.
Improve collaboration between security and IT teams
Security and IT departments have historically operated separately within an organization, with IT teams focused on providing the necessary tools and solutions for business continuity, and security professionals striving to provide secure solutions to maintain compliance and protect against threats. Though the siloed nature of these two departments may have made sense in the past, many companies are now struggling to improve their cybersecurity measures because of this very division. Under this system, when either department wants to implement a new solution or tool, they are often stopped in their tracks by the other team when the solution isn’t adaptable or they have other concerns involving cost, integration, etc.
Moving forward, enterprise executives must improve the relationship between IT and security teams to allow for more collaboration and better communication between the two departments. Working together, the teams will be able to find and implement technological solutions that provide both connectivity and security — and meet the needs of all stakeholders.
Improve continuing education for employees
Educating employees about the value and importance of security will always be integral to a company’s security, no matter what network model or security tools you are using. Keeping employees informed about recent breaches and incidents will help them understand the risks and encourage them to participate in cybersecurity measures. By keeping communications open about current threats and cyber trends, employers are encouraging employees to operate out of a place of sensibility and understanding.
As the workforce continues to adopt new demands and preferences and the remote work environment continues to evolve, security professionals will need to rethink the way they boost data protection and security. Strategies that used to work just two years ago are no longer viable for the future of work and the increase in cyber threats. Now is the time for enterprise executives to establish a strong security model that provides protection, performance and efficiency for organization and employee devices.