Supporting, empowering, and securing remote and hybrid workers is now a business necessity. As of February 2022, 42% of workers had a hybrid schedule and 39% worked entirely from home, according to a Gallup survey of 140,000 U.S. workers.
Looking forward, the Gallup numbers are even more compelling:
- 53% of workers expect to continue with a hybrid arrangement and 24% expect to work exclusively remotely.
- Nine out of 10 prefer some degree of remote work flexibility.
- 54% of employees working exclusively from home said they would look for another job if their employer stopped offering remote work options.
- 38% of hybrid workers also said they would look for another job if remote work was not an option.
In a work environment that is being characterized by some as “The Great Resignation,” empowering remote and hybrid work is now table stakes.
That means adopting best practices in securing remote workers so they don’t inadvertently cause harm to your organization or themselves, now or in the future. It also means adopting a cyber-aware corporate culture as adversaries increasingly target the larger attack surface and added vulnerabilities of the hybrid work world.
How do you address both the technology and cultural challenges of cybersecurity in this highly fraught environment? Here are five key step that leaders in IT, cybersecurity, and business can take to make your organizations and workers safer, more secure, and more productive:
No. 1: Look for an integrated, end-to-end platform model
One of the biggest problems that has beset cybersecurity teams the past few years has been the proliferation of point solutions. Some companies have dozens or even hundreds of point products. An integrated platform, with solutions designed to work together, eases the burden on cybersecurity teams that are already stretched thin. This model is not only more effective in supporting the remote workforce, it is also more cost efficient. As one example: customers using Microsoft Azure Active Directory (Azure AD) for identity and access management (IAM) saved an average of $8.8 million over a three-year period, according to a Forrester Total Economic Impact™ Study.
No. 2: Leverage cloud-based security for a single management view
Because of their reliance on multiple point products, most organizations manage their security products with separate consoles, creating visibility silos. This model is not only inefficient in today’s environment, it is also risky; it limits your ability to get a single view across all environments, including multiple clouds. With cloud-native platforms like Microsoft Defender for Cloud and Microsoft Defender for Cloud Apps, you can protect every layer of the cloud, regardless of the cloud provider. You can identify, react to, and mitigate threats before they are able to inflict harm on your organization.
In addition, cloud is a much more efficient model for delivering security solutions than on-premises infrastructure. With an integrated, end-to-end cloud platform, you can deploy innovation faster while simplifying and accelerating the processes involved in issuing alerts, updating protections, identifying threats, managing policies, and ensuring secure remote access.
No. 3: Start building a Zero Trust architecture now
With remote work, a Zero Trust architecture is essential for many organizations in managing user identity and access. With a Zero Trust architecture, the model is “never trust, always verify.” This means every request from every user is authenticated, authorized, and encrypted in real time. While the value of Zero Trust has never been questioned, some organizations have had issues around how to implement it seamlessly and cost-efficiently. Microsoft customers have a huge advantage and opportunity because they can easily adopt Zero Trust across their entire portfolio with solutions many organizations are already using, such as Azure Active Directory and Microsoft Defender for Cloud Apps.
No. 4: Modernize your SOC with automation and intelligence
Machine learning, artificial intelligence, automation, and shared threat intelligence are revolutionizing the world of Security Operations Centers (SOCs). If your organization is not leveraging these capabilities, you are fighting a losing battle: You won’t be able to keep your best people and you won’t be able to keep up with adversaries, who are adept at using automation and machine learning to launch a wide range of attacks.
A modern SOC should be cloud-native, built on a security information and event management (SIEM) foundation that features built-in automation, AI, and machine learning. A cloud-native SIEM will not only be much less expensive to manage, it will also deliver improved response times and a better user experience, according to a report from IDG called SIEM Shift: How the Cloud is Transforming Security Operations.
For example, a cloud-native platform like Microsoft Sentinel serves all four aspects of security operations: collecting data at cloud scale, detecting threats, investigating threats with AI, and responding to incidents rapidly with built-in orchestration and automation of common tasks. Microsoft Sentinel helps to secure your entire enterprise by integrating with existing tools, applications, and other security products. In addition, Microsoft Sentinel can be deployed as a service to lift the burden on your own SOC teams and leverage the security expertise of Microsoft.
No. 5: Establish ongoing cybersecurity training and awareness
Not every cybersecurity challenge can be solved with technology alone. In today’s environment, many employees are working remotely and from home for the first time. This increases the attack surface exponentially and increases vulnerabilities that can result from shadow IT/unapproved applications and the growing sophistication, velocity, and intensity of phishing attacks to gain access to corporate networks. Solutions such as Zero Trust are becoming essential, but it is also important to supplement technology with cybersecurity training, awareness, and practice. Even with cybersecurity teams working remotely, training can take place without disrupting workflows or productivity. This is not a time to ignore cybersecurity training for the remote workforce; it is a time to strengthen it.
Taking the next step
For many organizations, this is—and should be—a flex point in cybersecurity. The rapid expansion of the remote workforce is forcing companies to come to grips with modern security challenges and shift to a security model that is integrated, end-to-end, automated, cloud-based, centrally managed, and increasingly intelligent.
Microsoft has the strategy, solutions, expertise, and vision to help organizations of any size in navigating this transition. For more information on how your organization can leverage best practices in securing your remote workforce, please review the articles and resources cited in this article and throughout this special information hub.
