Taking the first steps toward a hybrid-first cybersecurity environment

Hybrid cybersecurity

Ian Jennings, CEO Technical & Operations, BlueFort Security, gives us his insights into the future of the workplace and the hybrid environment.

With the New Year in full swing, physical offices have remained largely empty, and while official work from home advice is still in place, it’s become clear over the last two years that, by and large, people enjoy flexible working.  With ‘Plan B’ restrictions coming to an end in the UK, the question of an office return is in the air.  But while people will be free to return to the workplace, it’s unlikely things will ever go back to the way they were pre-pandemic. 

With a successful vaccine rollout, many businesses took an optimistic outlook in the second half of 2021.  Some, such as business answering services provider Moneypenny, brought virtually all of their staff back to the office as soon as reasonably possible.  Many organizations, however, have taken a hybrid approach.  Indeed, a closer inspection of Google’s billion-dollar bet on a return to office working reveals a clear ambition to create a new and permanent hybrid working culture; a working culture where employees are encouraged – but not required – to be in the office.  

Hybrid working cybersecurity challenges

A long-term hybrid working culture – particularly following two years of employees largely working remotely – presents a significant challenge for Chief Information Security Officers (CISOs).  In a recent survey of 600 UK CISOs, 30% admitted that since March 2020 they have lost track of movers, joiners, and leavers.  What’s more, 29% stated they are missing corporate devices.  The key challenge that CISOs are facing is mitigating the ever-increasing cybersecurity risk brought about from the growing complexity of their IT environments.  Their number one priority in 2022 will be IT discovery.  After all, it’s virtually impossible to effectively protect what you don’t know is there.

Security teams must now contend with user sprawl and device sprawl.  In the past, their focus would have been on securing one main location – the office.  Now, location is a fluid notion.  The concept of networking in this context is increasingly difficult to define.  To help overcome this challenge it’s vital to compile an in-depth – and ongoing – view of the organization’s IT estate.  Only by knowing what assets you have within your environment can you apply effective security controls. 

A hybrid-first security mindset

Procedures and processes for this new world need to be reviewed from the ground up – all with a hybrid-first policy.  The challenge is not insurmountable for security leaders that remain flexible and adopt new ideas.  Desmond Tutu once said that “there is only one way to eat an elephant: a bite at a time.”  What he meant is that everything in life that seems daunting, overwhelming, and even impossible can be accomplished gradually by taking things one step at a time.  For CISOs facing this challenge, the overarching focus should be on improving visibility, intelligence, and control over their network and devices.  Breaking this down, there are three key first steps CISOs should be considering:

1. Visibility: Focus on identity

Identity runs through the core of visibility, intelligence, and control.  Start by establishing who your users are, what they have access to, and building a robust joiners and leavers program.  Any and every user account that has been neglected in some way over the last two years is a potential weak point.  The culmination of this has led directly to the data sprawl now endemic in organizations.  Security teams need to understand everything that is happening on the network in an identity context – whether that’s a human user or a connected device – before they can begin to get them under control.

2. Intelligence: Look at new technologies

A new hybrid-first security framework requires modern technology solutions.  Extended detection and response (XDR) is a good example.  Many CISOs will be grappling with the decision of where to focus their immediate efforts – applications, devices, or the network.  XDR pulls all three areas together.  As well as the network, XDR gives visibility into the cloud and certain software as a service (SaaS) applications – visibility on the application level as well as the device. 

These capabilities will be crucial in a new hybrid-first framework, moving the traditional security operations center (SOC) focus from the office network to a much wider and deeper view of the organization’s environment.  The threat landscape is now fundamentally different.  Less focus on the office and network and more focus on applications and devices will provide a better and more holistic view of risk, what’s happening in the environment, and where the organization’s exposure resides.

3. Control: Design from the ground up

Security strategies that were created even three years ago are now obsolete.  The pace of change is increasing exponentially and sitting on the fence is no longer an option.  CISOs need to adopt policies and procedures that deal with location independence and network independence.  Hybrid working is now ‘business as usual’ and CISOs must work to design modern, fit-for-purpose hybrid-working strategies from the ground up.  Perhaps the worst thing any CISO could do as employees return to the office is to carry on as though they were operating in a pre-pandemic world. 

Read More:

The hybrid-first world has new and very different demands, but the mistake to avoid is viewing this as a bad thing.  There is a multitude of benefits to be realized.  Ultimately, organizations will have more secure applications and devices.  As policies and procedures mature, organizations will enjoy more agile and robust business processes.  But before this can happen, there is baggage to dispose of, plasters to remove, and new perspectives to cultivate.  For those willing to think differently, hybrid working will ultimately provide the catalyst for a more secure environment.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Ian Jennings

Ian co-founded BlueFort Security with David Henderson in 2007 to deliver cyber-security specialist technical expertise and support to businesses that were becoming increasingly at risk from ever-sophisticated cyber attacks. Together the pair have built an award-winning business with a proven track record in delivering complex solutions around remote access, cloud transformation, and zero-trust application delivery.

Ian has 20 plus years of cyber security technical skills and knowledge which underpin the services and support that BlueFort Security delivers to its customers. Under Ian's guidance, the BlueFort team has secured a wide range of cyber security credentials including Cyber Essentials Plus, ISO27001, ISO9001, as well as a number of vendor-specific accreditations including FireEye partner recognition award 2018, RSA partner of the year 2018, MobileIron outstanding engineer award 2015 and RSA Top partner of the year 2011.

Prior to founding BlueFort Security, Ian held senior technical roles with Armadillo Managed Services and Interop Technologies. He holds a BSC in Computer Science and Management Studies from the University of Leeds.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...