The New Normal: How Hybrid Work Affects Your Security Posture

As organizations dealt with the numerous challenges that arose in 2020, many were less concerned about secure access and more focused on simply continuing the flow of business. In many cases, providing remote access to employees exposed organizations to higher levels of security risk. With speed as the main driver for making the shift to remote, organizations often retrofitted whatever tools they had just to make things work for the short term.

Now, about 18 months later, remote work is no longer a temporary approach for many organizations. Hybrid work is either a permanent strategy or a pivot that organizations may need to make periodically. This is driving more thoughtful, thorough examinations of what it takes to keep hybrid work secure.

The transition can be unexpectedly challenging. All the elements that had to adapt last year to support remote work — IT infrastructure, staff skills and security principles — now must adapt again, this time in ways that are sustainable and well planned.

The pandemic forced many organizations to jump three or four steps ahead on their cybersecurity maturity curve. Now they are learning how to enable their environments securely, which often requires IT staff to expand their skills and expertise.

A security team might have had the right skill set for the previous architecture, but remote and hybrid work likely requires new capabilities. For instance, organizations ramped up their cloud adoption dramatically last year, and now they need to secure these environments. Often, staff simply don’t know what they don’t know. Not only are end users more exposed, but many security teams have been learning on the fly — both factors that increase overall risk.

Organizations are also assessing their infrastructure with an eye toward long-term hybrid work. One of the highest priorities is obtaining visibility into remote devices. In organizations without corporate device programs, IT teams may have struggled to attain security oversight and control over employees’ personal devices. There’s a pervasive sense that “we gave them this access, but we don’t know what they’re doing with it.¬¬”

Firewalls are another common concern. We still see quite a few firewalls that may have worked for the previous environment but are now oversubscribed. If an organization that typically has 100 users on its VPN at any given time increases that number to 1,000 users, that firewall will struggle to perform. 

Organizations may also need to establish best practices that are better suited to the current environment. The usage spikes of the past have, in many cases, become the new normal. Remote access hasn’t reverted to that small group that used it before; everyone in the organization needs it now. Accordingly, the infrastructure needs to be adequate for the task, and the right security principles, such as zero-trust network access, must be in place.

Establishing a secure environment for hybrid work is imperative, but it isn’t necessarily easy. Just as organizations encountered costs and complexities when they moved to remote work, many are now weighing the costs and complexities of more permanent hybrid scenarios.

For organizations seeking to overcome these challenges, CDW’s security maturity assessment can be enlightening and yield actionable results. We compare an organization’s security environment with those of other organizations of similar size and maturity, and we map out the steps to reach its desired end state.