It’s baaaack. BYOD, which first emerged as an enterprise security concern more than (welp) a decade ago, is creeping back up the list of things keeping CISOs awake at night.
That’s because hybrid workplace arrangements are fuelling a resurgence in the use of personal mobile devices for work purposes. BYOD isn’t the only factor to consider when assessing security in a hybrid workplace, however.
We’ll be exploring four hybrid workplace security considerations here, but before moving onto the other three, let’s take a closer look at the potential risks of a BYOD renaissance.
Nothing bolsters BYOD behaviour like WFH, and this pandemic has been all about WFH. According to a 2021 survey of more than 8,000 executives in 30 countries:
- 48% say their staff are predominantly using employee-owned BYOD devices for remote work
- 42% say staff predominantly use a mix of BYOD and corporate-owned devices for remote work
- 74% expect even more BYOD use among their employees post-pandemic
In the constantly simmering stew of cybersecurity risk, BYOD is once again bubbling up to the surface. Ninety-eight per cent of enterprises say they’re worried about the security of endpoint devices when their staff commute for hybrid work between home and the office with devices (either BYOD or corporate-issued ones) in tow.
As the survey researchers ominously remind all of us in their report, “if an employee forgets to install a security update, or the device is lost or stolen, they could inadvertently put company data at risk.”
To secure BYOD endpoints during the pandemic, many organizations have relied heavily on VPNs. About 40 per cent of enterprises say they use VPNs as their “primary method of mitigating corporate data exposure via home-based devices.” That makes VPNs the second most popular security tool for WFH (remote desktop technology like DaaS is still the most popular).
As the hybrid workplace model becomes more entrenched, VPNs appear to be losing some of their lustre. Only three per cent of companies plan to rely on VPNs in the next two to three years as their primary user authentication method for WFH, a massive decline from the 40 per cent favouring VPNs today.
Enterprises are already seeking alternatives to VPNs: a whopping 97 per cent are either in the process of implementing Zero Trust or planning to do so.
According to data collected from 17 countries by IT consulting firm GlobalEdge Group LLC, Zero Trust and SD-WAN are both gaining popularity for hybrid workplace security as VPNs lose traction in the marketplace.
“We think the use of VPNs may fall off in coming years as organizations adopt a variety of alternative network encryption methods that are easier to manage,” the GlobalEdge researchers predict in their report.
Hybrid cloud risk
Enterprises aren’t just shifting to hybrid work; they’re also moving toward hybrid cloud.
The latest Aptum Cloud Impact Report shows 86 per cent of organizations have adopted a hybrid or multi-cloud approach to cloud deployment, with many of them doing so to enable remote work. What does hybrid cloud mean for security?
“For many organizations, the move to hybrid (cloud) has meant their environments have become increasingly complex as data and workloads are now located across a range of cloud and non-cloud infrastructure,” Aptum researchers state in the study.
In Aptum’s poll, 90 per cent of organizations said the biggest headache in managing their cloud environment is the lack of “a clear mechanism to detect and respond to security threats across all environments.”
The study’s authors posit that a hybrid workplace model combined with a hybrid cloud model could exacerbate security challenges.
“Moving workloads between the two environments puts data at risk,” they wrote. “Therefore, in a hybrid work environment, organizations need to consider securing point A and point B, as well as the movement of data between them.”
As hybrid workplaces flock to collaboration tools and platforms, hackers are inevitably following them there.
Atlassian’s Confluence collaboration tool is the latest target. A vulnerability allows hackers to launch malware, ransomware, bot and cryptomining attacks via Confluence. Atlassian, which also runs the Trello and Jira collaboration platforms, has since introduced a patch for all current and past versions of Confluence.
How often are collaboration apps used as launch pads for cyberattacks? Collaboration apps were the second most common method for deploying malware in both 2020 and 2021.
On the bright side, enterprises appear to be taking notice—and taking action. Figures from Metrigy Research show 64 per cent of organizations were either using or planning to use a dedicated collaboration security platform in Q3 2021, up from 53 per cent in Q1 2021.
Hybrid work has changed where, when and how we work; cybersecurity will probably have to change with it.
Like the face masks people hastily MacGyvered out of thin cotton T-shirts in early 2020, the cybersecurity deployed at the start of the pandemic may no longer fit the unique security needs of hybrid workplaces today.