The Double-edged Sword of Hybrid Work

By Mishel Mejibovski, Head of Operations and Strategy, SURF Security

While some companies insist on going back to their original work practices and are forcing their employees back into the office, many others have realized the benefits of hybrid work models and have adopted them as their new way of operations.

As this trend continues to grow, it inevitably forces companies to invest more resources in end-user security; According to Gartner, spending on security and risk management products and services will grow by 11.3 percent in 2023, reaching an all-time high of $188 billion.

Although remote work has its obvious benefits, such as increased flexibility and productivity, and while most industries made the shift to remote work following the pandemic, it also presents a new set of security challenges.

CISOs are faced with managing and securing new complex IT environments where business-critical applications and communications are spread throughout multiple clouds. Meanwhile, employees and third parties work from any given location and device while constantly opening up new attack surfaces. All this is keeping IT teams awake at night.

With employees and third parties accessing applications and data from various locations and networks, both on personal and corporate-owned devices, it has become increasingly difficult to ensure that these assets are protected against unauthorized access and breaches. One of the biggest concerns is the use of third-party devices and networks to access corporate assets. These devices and networks usually don’t have the same level of security as those provided by the company, leaving the assets vulnerable to attacks. Additionally, employees may be accessing these assets from different geographical locations, making it difficult for the company to enforce its security policies and monitor for potential threats.

To address these challenges, companies are forced to implement a variety of security measures to protect their corporate assets, adding to their security stack and making it more difficult to keep up with.

One of the most important requirements is the deployment of a comprehensive DLP strategy. Implementing an endpoint Data Loss Prevention solution enables organizations to protect sensitive data regardless of an endpoint’s physical location. It protects any type of data regardless of where it’s accessed and who’s accessing it. Working from home, or anywhere outside the office, is the new normal, and that is why DLP is so crucial as one of the means for providing a safe environment to work in.

Identity and access management controls are also a foundational security piece. They are crucial in ensuring that only authorized users are allowed access to corporate assets. This can include using multi-factor authentication (MFA) to confirm the identity of users as well as implementing role-based access controls to restrict access to certain assets based on an individual’s job function or level of clearance.

The zero-trust security model has also been gaining momentum for years and has become practically imperative considering the surge in remote working and cloud computing and high-profile cyber attacks taking advantage of new attack surfaces. This can include using network segmentation and micro-segmentation to restrict access to specific parts of the network, as well as implementing software-defined perimeter (SDP) solutions to create a secure and isolated environment for accessing corporate assets.

Web isolation is an integral part of a Zero-trust approach that is widely applied across organizations. It provides businesses with security against web-based threats by isolating their browsing activity away from their physical desktop.

Lastly, SaaS management solutions are becoming increasingly important as SaaS adoption grows exponentially, with 85 percent of organizations expected to become cloud first by 2025 with a market size well over $50 billion and growing. These solutions can help to ensure that all access to cloud-based assets is secure and compliant with company policies and regulations.

The era of hybrid work comes with many benefits, however. Now, the browser is becoming the main OS through which many employees perform most of their everyday tasks. Therefore, companies are finding it necessary to implement a variety of complex security tools to try to keep up with security gaps that occur. As a result, IT professionals and CISOs are having difficulty managing the volume of security tools, not to mention how costly it is with regard to licensing and administration.

Fortunately, there is a way to collapse the security stack into one single control point – the corporate browser. With the browser the first line of defense, the cyber security stack – CASB, VPN, DLP, SWG, and ZTNA – can all be consolidated into one centralized control point. Businesses need to ensure that their team members are able to access corporate data and applications, on-premise and cloud-based, with complete security. Implementing a zero-trust enterprise browser enables to easily track and provide complete authentication, validation, and authorization of team members who need to access only what is relevant to get the job done without interrupting their workflow.

Mishel Mejibovski is Head of Operations, SURF Security, which provides a zero-trust secure enterprise browser. www.surf.security. Mishel has extensive experience in the security space, from physical to technical. He was deputy head of the security department for El Al in the UK and also served in military intelligence for the Israel Defense Force.