The work-from-home (WFH), remote work environment is here to stay. However, it is now evolving to one in which employees will be routinely toggling between onsite and multiple remote work locations. This hybrid workplace environment presents even more challenges for IT and security teams charged with maintaining data and network security for an increasingly distributed, mobile workforce. Standardizing security on any device – thus enabling employees to use the device of their choice – is the central challenge ahead.
Employees are using a mixture of personal and corporate devices, often at several locations in one week. Younger employees, to whom the cloud and mobile devices are second nature, are also driving new trends like ‘hoteling.’ Think of a flexible visitor’s workplace an employee can use on site as needed – like an Airbnb or Vrbo – for a few hours or a day. This also maps to the trend of companies already downsizing physical office space to reflect the hybrid environment.
To support this more fluid work approach, companies are embracing virtual desktop infrastructure (VDI) or Desktop as a Service (DaaS) faster than ever before. This means companies must face the reality that the endpoint is no longer a static desktop – and won’t likely ever be again. With access to a VDI or DaaS, it’s likely that an employee could leave their corporate laptop onsite on a Friday, choose to work from home Monday, and use a personal device for that day’s work. All while the organization maintains full management and control of that user’s work.
Security in this hybrid work world is a top concern. Cybersecurity pros directly point 20% of data breach activity to remote work. Since the pandemic, ESG research reports nearly half the organizations they surveyed report some increase in cyberattacks. Furthermore, 65% of those surveyed who are using VDI or DaaS still have concerns over the endpoint and require visibility or management of the endpoint before it can connect to the virtualized desktop. These companies are also concerned about attacks that may have occurred but fell under the radar. They will need to put traditional security models aside and look at alternative ways of securing a myriad of endpoints to bring a level of security standardization that supports desired business outcomes.
There are a number of considerations for improving endpoint security to achieve better control over VDI and cloud workspaces. Mindful of the emerging ‘back-and-forth’ pattern of employees in today’s hybrid workplace environment, the IT organizations supporting them must consider the following best practices:
- Re-examine your work model. Does it work in the new era? Is it too mired still in legacy ideas of a static desktop? Traditionally, executives have been skeptical of virtual desktop infrastructure (VDI) and desktop-as-a-service (DaaS) approaches and were not fully comfortable with WFH. This has changed. Now, ESG reports, 70+ percent of executives are giving remote work a thumbs up. This is a new vote of confidence in the use of VDI and DaaS across the workplace. It now challenges the traditional model of doing things: where endpoints have been less than agile, the endpoint OS is tied to the vulnerability of Windows, and security protocols pre-date the new normal, post-pandemic culture.
- Revise your endpoint security strategy for the perimeter-less workspace. The security perimeter has not only expanded, it’s disappeared. As employees work agilely from office to home and elsewhere, the security perimeter has been shattered. So, how are you going to take control?
Companies are looking at VDI and the control aspect because with so many people now distributed all over the place it may be more important to limit people to what they should not do in addition to giving them the freedom to do what they want. Setting the right level of policies is becoming more critical due to remote working and it is a key concern of executives. Policy control is achieved through rules embedded in Citrix workspace apps or retrievable from Microsoft Active Directory, for example, and can be supported with additional rules via the endpoint OS. A review of critical policy rules is vital to determining whether the company is fully protected from both internal and external threats.
- Don’t confuse an operating system with a digital workspace
For too long the workspace has been tied to the operating system and delivered as one on a physical machine. More and more of the workspace, its applications, its data and now the desktop have moved to the cloud. The workspace you deliver doesn’t need to be the same as the operating system you require on the endpoint. In fact, in many cases, it should not be the same!
- Evaluate your endpoint management and control solution. Managing the endpoint in this new hybrid work world can actually be simpler than before. A centralized endpoint management and control solution will help streamline oversight of all endpoints from a single console and provide efficiencies in assigning access and policy controls, patching updates, and other threat prevention measures.
- Gauge the performance of your endpoint OS. Does the OS support a hybrid environment, with flexible use, in various workplace locations? Does it create more risk? Put in place an OS that supports Windows in the datacenter or cloud, and streamlines patching and other security updates across the entire endpoint environment. Since companies are using cloud-based applications, delivered via VMware, Citrix or Microsoft, it makes sense to un-tether Windows from the endpoint. A more resilient, Linux-based OS allows this to be realized. Its key benefits include fewer security gaps and less exposure, while supporting centralized policy control. In this way, users can feel confident their profile and apps, and security are up to date, whether they’re mobile or on site.
- Take an asset inventory. If your company has a lot of aging hardware, no doubt you’re experiencing issues with Windows 10 which is a memory and storage hog. By moving Windows off the endpoint, the heavy lifting in security and storage now occurs in the cloud. This gives companies the benefit of using a small footprint OS that can execute a narrower list of security updates at the endpoint with much less staff time. And it can extend the life of hardware investments by several years, saving much-needed budget.
IT and security teams need to work closer together to achieve the common goal of supporting the hybrid workspace environment. Information sharing and security strategy collaboration is a good start. Step back and take a close look at the way your organization is approaching the workplace. Then, against the landscape of a multi-device, cloud-based environment, you can begin to fine tune your approach to endpoint management and control.
By improving policy and access controls, moving Windows off the endpoint, and using an endpoint OS that includes a streamlined and simplified centralized endpoint management solution, you can help your company thrive in the hybrid era. This will not only mitigate security risk, it will also help set your organization up for success as more younger, mobile-centric employees flood the workforce and organizations adopt new trends like hoteling and “work from anywhere.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.