The future of work very much revolves around the future of security, writes Brendan McAravey, country manager of Citrix South Africa.
New ways of working offer exciting opportunities to boost employee productivity, creativity, and engagement, but they can’t come at the expense of security.
The work force in today’s businesses is predominantly young, and according to a Citrix commissioned study carried out by Opinium in 2016, younger people aged 18 — 34 are more willing to store private data on their computers when compared to their older counterparts.
Led by this younger generation in the work space, the practices that are already shaping the future of work like –BYOD, unprecedented mobility, any-network access, employee-centric experiences, have the potential of increasing risk for data, applications and networks.
The attack surface has never been so broad or so inviting–and threats have never been more sophisticated. At a time when data is both more valuable and more vulnerable than ever, how will we secure the future of work? As a guiding principle, we can’t rely on add-on security technologies and teams operating in siloes.
Security must be woven throughout both the IT architecture and the organisation to ensure that no matter how or where people work, the organisation is protected. At the same time, the measures we rely on can’t be allowed to impair the user’s experience or productivity.
Today’s workforce won’t accept arbitrary restrictions or barriers; the same creative spirit that fuels innovation will also lead them to seek consumer-market workarounds.
The key is to make cybersecurity everyone’s business. When employees are fully bought in to security–when they understand its importance and relevance, and they’re empowered to support it without sacrificing their own work, your security team becomes truly organisation-wide.
To that end, here are some security best practices for the future of work.
* Educate users: User education has been a tenet of cybersecurity since the early days. But that makes it all the more important to reinforce its importance, so that we never overlook it or take it for granted. As people gain the freedom to work anywhere, on any device, knowing how to do so safely must be a top priority. In the employee-centric modern workplace, it’s also important to consider how this education takes place. It’s not enough simply to recite lists of rules and protocols.
* Engage with lines of business: Security doesn’t happen in a vacuum. The most effective policies are grounded in a firm knowledge of operational processes. Regular meetings with business decision-makers helps employees understands the implications of new initiatives. It also helps get crucial perspective into the tools, workflows and practices that enable to drive value, helping design measures that maintain protection and control without getting in the way of business.
* Modernise and mobilise your security policies: Mobility increasingly defines IT – in terms of both the mobile devices people use, and the constant movement of people, devices and data from one place to another. Ensuring security policies reflect the real world – not some antiseptic, locked-down cybersecurity dream (and employee nightmare). Creating clear rules and guidelines to help employees stay safe without losing the freedom and flexibility they’ve come to rely on. Specify convenient yet secure alternatives to consumer-grade technologies.
* Enforce policies fairly and consistently: Inconsistent enforcement can doom even the best security policy – and can undermine the credibility of any subsequent policy. When security becomes part of the culture, the whole organisation becomes safer for the long term no matter what the future brings.
* Make it seamless – and automatic: The less you have to rely on human intervention, the more reliable security becomes. This can include everything from conditional access controls that show employees only the apps they’re authorised to use in a given scenario, to business data encryption by default on mobile devices. Open-in controls can prevent email attachments from opening in non-corporate apps. Micro-VPN can ensure security over public Wi-Fi. Automated logging and reporting can facilitate compliance and audit readiness.
There are many opportunities to make security more seamless and transparent for users, and simpler and more efficient for IT to maintain. As the scale and complexity of the enterprise environment continues to grow, steps like these will be critical to stay one step ahead.
The future of work gets a lot of buzz these days, and rightly so – it gets more exciting by the day. With these best practices, you can make sure it’s also growing more secure by the day.