Best Practices for securing a Distributed Workforce
Jonathan Nguyen-Duy, Vice President, Global Field CISO Team at Fortinet outlines some key best practices to help businesses and IT team secure a distributed workforce on a long term basis and how they can meet the needs of a remote workforce.
In times like these, it’s tempting for IT teams and company leadership to get caught up in the latest developments or next month’s trends, especially when it comes to how and where work is done. But organizations that develop a long-term strategy for all scenarios—extended work-from-home, return to the office or hybrid models of any flavor—will come out stronger than ever after the pandemic.
Any provider worth your investment should be able to ensure adaptability no matter your circumstances or how much or how often your plans may change. They should be able to support you whether a full return to office culture is imminent or majority-work-from-home is anticipated – or any combination in between. Perhaps most importantly, they should be able to do it all securely.
A Hybrid Workforce Model
For many businesses around the world, there’s been no hard-and-fast decision on whether or when the majority of employees will return to an in-person office setting. Companies are hearing a variety of concerns from workers about returning too quickly to pre-pandemic working conditions.
Overall, employees seem to prefer remote work – a new report from Pew Research found that about half of those surveyed would like to stay remote, at least part-time, even after the pandemic. Analysts at Global Workplace Analytics forecast that 25-30% of the workforce will be working multiple days at home per week by the end of 2021.
Because the work forecast is so murky, it’s difficult for IT teams to figure out whether they should be preparing for a mass return to the office or maintain a permanent hybrid model. And network flexibility is the least of their concerns. Security needs in particular have had to shift rapidly to accommodate WFH scenarios, and traditional security solutions require a significant amount of heavy lifting to shift between different business models.
Now, IT leadership and their teams have been tasked with planning for the next 12 to 24 months based on a range of potential in-person and work-from-home scenarios, the balance of each depending on geography, capacity, public infrastructure and many other variables.
Adaptability is the Name of the Game
The reality that businesses should prepare for is that there will be no “one size fits all” approach moving forward – even businesses that return to a majority of in-person work may still have some people working remotely, either on a long-term or short-term basis. So, organizations need to have a security solution that can fit any of these approaches – one that can adapt to any type of hybrid work model.
For providers, there is no longer a choice between being the best option for a largely remote workforce and being the best option for a mainly in-office scenario. Rather, the ability to flexibly but securely address all scenarios is the name of the game. The smartest providers are already using this historic period as an opportunity to invest in innovation, including in advanced technologies like SD-WAN to not just support traditional branch offices, but to enable the home office as the new branch.
The key to making the right investments is thinking about security and networking as a converged solution, rather than as discrete elements. So, how can you accomplish this?
Best Practices for Adaptability and Convergence
Organizations need to look for a solution that brings security and networking together. This convergence across the connected environment—from the core to the branch to data centers to the cloud—enables organizations to effectively see and defend today’s highly dynamic environments. At the same time, it preserves an excellent user experience for employees and customers, keeping them engaged and resilient.
Ask the hard questions of your current or prospective provider. Find out if they are able to:
- Support zero trust network access for secure remote access
- Monitor on-network and off-network endpoint behavior for continuous protection
- Support Secure SD-WAN to optimize WAN performance
These are foundational as organizations become more distributed and virtualized. It will be important to consider how to provide on and off-network security when access is needed for remote workers, traveling employees, partners, IoT and other edge computing devices, as well as branch offices and traditional enterprise locations. If their answers do not demonstrate proven capabilities, move on.
Meeting the Needs of Remote Work
With different rules for each country and state – sometimes for each county – and ongoing pandemic highs and lows, trying to sort out the best work arrangements and network configuration for an organization has proven difficult. Many employees are skittish about returning to the office, and about half of remote workers would like to keep this arrangement. And it’s not just more users requesting access outside the traditional perimeter. Indeed, the new normal is characterized by a much more distributed and disaggregated enterprise ecosystem. This not only expands the perimeter but permanently changes enterprise networking, requiring a stronger focus on broad, integrated and automated solutions.
Going forward, organizations of all sizes will be focused on delivering business outcomes and end user experiences. This means success is defined by optimal network and security performance – working as an integrated solution. This leads to a situation in which networking and security must converge in order to deliver the needed performance for a much more distributed enterprise – across the LAN, WAN and cloud edges. The best practices outlined in this piece can help frame your organization’s decisions as it adapts to any number of challenges.