Hybrid Work Model: Keeper Security, Open Systems, More Address Security Concerns
The human element plays a big role in hybrid work security.
![hybrid work hybrid work](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt62ff0fba91e0761f/6523f87a4da4a36110ebad25/Hybrid-Work-Model.jpg?width=700&auto=webp&quality=80&disable=upscale)
iQoncept/Shutterstock
Keeper Security’s Marcia Dempster said despite security issues, the hybrid work model has helped organizations attract and retain talent.
“Before, it used to be we all have to be in the office and we have to find this specific person to do this job,” she said. “But they need to live in Las Vegas or they need to live in Chicago, or they need to live in Philly. Now, it’s this person lives on a ranch in Montana, but it’s the best person and we need her, so let’s do it. So I think it’s a double-edged sword. There are a lot of flaws there. And I think all of us in this room are trying to fix that and make it better so that people do have the flexibility to work from where they need to and be a part of their family’s lives or whatever the case may be. But at the same time, there’s a lot of risk there.”
ThreatBlockr‘s George Just said hybrid work is here to stay and few people are going to stay 100% remote. Hybrid work can mean using both secured and unsecured networks.
“What ends up happening is the cyber breach happens well off-net, and then I’ve now planted something that I’m just waiting for you to go back and connect with the office,” he said. “So now I know your cybersecurity stack has a blind spot. Because I’m coming from the trusted side, I can do a lot of damage. So it’s not just, “I need to make sure my users go to the right place and they’re all just accessing the cloud so it’s cool.” Do you know that laptop that’s sitting on your dining room table isn’t going to be used by your 15-year-old to go do something bad? You don’t know that. So the human element is always going to come in. And when the human element is moving constantly from trusted to untrusted and all that stuff, I can’t imagine any way that you could actually truly lock that all down. You just have to do the best you can.”
Open Systems’ Tim Roddy said secure web gateway (SWG) provides secure connections regardless of location. Open Systems provides SWG, as do competitors like Zscaler, Skyhigh Networks, Palo Alto Networks and others. SWG provides network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible.
“You’ve got connectivity and security all the time,” he said. “But there’s a human element that can screw up everything, there’s no doubt about that. But I think we’ve gotten to a point where we can connect it through a secure gateway. Now is our gateway 100%? No, there are zero-day attacks there and advanced persistent threats (APTs). So absolutely, if they can get to the endpoint, then you’ve got a place to start moving around and hunting around. That’s never going to go away.”
Sectigo‘s Jennifer Binet said her company puts digital certificates on “pretty much everything.” Digital certificates facilitate secure electronic communication and data exchange between people, systems and devices online.
“And it’s all done through that strong algorithm,” she said. “I’m not going to say it’s completely zero-day or any of those claims, but I am saying you can make it incredibly difficult [for cybercriminals]. So just making sure it’s a trusted device and that if it’s not trusted, it doesn’t get into the network, and having a secure algorithm back and forth in the exchange of keys. That’s key for us.”
Sumo Logic‘s Timm Hoyt said there’s a lot of good conversation about making it difficult for cybercriminals, but the inevitable truth is “something’s always going to get through.”
“Think about a customer and the SecOps team, and all of the alerts that are coming, coming, coming, and which ones are the most important,” he said. “And then how do I put either automation or human intelligence to solve that? That’s really where we are. An example is one of our customers … left India, stopped over in Paris Charles de Gaulle Airport to catch a plane to Boston, and while in Charles de Gaulle got on the free network and closed the laptop, and then that hacker was already in there and those alerts are coming through. So our platform is able to help that customer separate that signal through the noise and say, that’s something important, and eradicate that person before that employee landed in Boston.”
Binet said there are so many unknowns in terms of the ways people can steal data.
“We did a demonstration where we would carry around a suitcase,” she said. “You could just walk up to someone and no one knows what’s in it. You have tools that can sit there and they can siphon all that data, and you can get anything you want. I think it’s really incredibly hard to protect it all and keep it all locked down because they only need one [entry]. That’s tricky.”
Hoyt said the biggest reality is it can be as technically savvy and sound as possible from the corporation perspective, but “we still deal with people.”
Binet said there are so many unknowns in terms of the ways people can steal data.
“We did a demonstration where we would carry around a suitcase,” she said. “You could just walk up to someone and no one knows what’s in it. You have tools that can sit there and they can siphon all that data, and you can get anything you want. I think it’s really incredibly hard to protect it all and keep it all locked down because they only need one [entry]. That’s tricky.”
Hoyt said the biggest reality is it can be as technically savvy and sound as possible from the corporation perspective, but “we still deal with people.”
The post-pandemic hybrid work model continues to provide opportunities for cybercriminals to launch attacks and steal data.
A cybersecurity roundtable during this month’s MSP Summit and Channel Partners Conference & Expo tackled the issue of continuing security challenges associated with the hybrid work model. They also discussed how they’re helping customers better secure their hybrid workforces.
Gartner estimates that by the end of 2023, 48% of knowledge workers around the world will work either fully remotely (9%) or in a hybrid arrangement (39%). In the United States, fully remote and hybrid workers are expected to account for 71% of the workforce this year.
Roundtable participants included:
Marcia Dempster, Keeper Security‘s senior director of channel sales.
George Just, ThreatBlockr‘s chief revenue officer.
Tim Roddy, Open Systems‘ vice president of marketing.
Jennifer Binet, Sectigo‘s senior vice president of enterprise sales.
Timm Hoyt, Sumo Logic‘s senior vice president of worldwide partners and alliances.
Hybrid Work Model Presents Many Unknowns
Dempster said cybersecurity issues persist in hybrid work because “you don’t know where people are logging on from.”
Keeper Security’s Marcia Dempster
ThreatBlockr’s George Just
Open Systems’ Tim Roddy
Sectigo’s Jennifer Binet
Sumo Logic’s Timm Hoyt
“You don’t know how they’re connecting to your systems or which Wi-Fi they’re using,” she said. “There are so many factors that go into us sitting in an airport or sitting here at a conference. And are you using a VPN or are you using a connection manager? Or how are you storing your credentials? If I’m on public Wi-Fi and I’m logging into my bank, is that a great idea? Probably not.”
Scroll through our slideshow above for more from the roundtable on cybersecurity and the hybrid work model.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like