Current and Future Challenges with Hybrid and Remote Work Models

By: Justin Wray and Tim Grelling | June 15, 2021

Many organizations are shifting to hybrid work models because of COVID-19. This model brings with it some unique security challenges. In this blog, we are going to walk through some current and anticipated future security risks we see with the hybrid work model, along with some high-level recommendations on remediation.

Changing Perimeters and Endpoints

From a security perspective, one of the biggest challenges with COVID-19 and work-from-home is moving perimeters and endpoint security. When the pandemic hit, your perimeter moved from being the actual perimeter of your location within your environment and all the way back to the terminals. Organizations started with a simple view of where the perimeter was to one where the perimeter became the endpoint, all users, and all data.

This has caused significant security concerns around how that data is being accessed, transmitted, and stored. This is especially an issue in flat environments where getting in at one point can give you access to everything. It is critical to protect those endpoint devices that are now the absolute edge of your environment and make sure they are secure.

Bring-Your-Own-Device Risks

On top of the issues that organizations had with the moving perimeter, many also had to face challenges from bring-your-own-computing-platform situations. If organizations didn’t have laptops or portable devices for their workforce, or couldn’t purchase them when the pandemic hit, users ended up using their own devices to continue working. Suddenly, the company data was the perimeter because users were using devices that the organization couldn’t control.

In the past, data literally lived within an organization’s walls. Now, it’s everywhere. It’s critical for security (related to changing endpoints and BYOD risks) that your security program focus on where the data is, how to control it, and how to secure it. One of the biggest challenges with remote work, BYOD, and everything is making sure that data isn’t leaking out of your environment. If you can track that, then measure it and establish solid controls you are one step closer to mitigating those risks.

VPN and Remote Access Vulnerabilities

Organizations that had cloud-related infrastructure could leverage that to enable a remote workforce (though many found they had to change process and security around those cloud solutions to reflect the increased need from the workforce). Security risk around this cloud infrastructure goes back to securing endpoints, used devices, and BYOD situations.

Other organizations used (and still use) a more traditional approach of connecting to the home office – essentially to the datacenter you have within your facilities. Organizations are set up to have that user endpoint connect right back to their on-prem environment. That connection can increase the risk around your remote access.

When we look at trends in security vulnerabilities, the adversaries are focusing on this weakness. When we look at good targets from a technology standpoint, things that are remotely accessed (like email systems) are often on the list. However, VPN and other remote access solutions have been highly targeted over the last year.

In this case, it’s vital to ensure that patching and servers are up to date (we also consider this one of the top security gaps we’ve seen in recent years). It’s equally critical to evaluate authentication methodologies and use multi-factor authentication for remote access.

Return to the Office

At some point, it is likely that people will come back to the offices – though what exactly that will look like is difficult to say as the situation continues to evolve. When the pandemic happened in 2020, overnight we told our people to work from home, and almost no one had an opportunity to plan for the security fallout. But now, with a likely return to the office, you do have the opportunity to plan how you get people to securely return to the workplace.


As the hybrid and remote work landscape continues to evolve, the security team here at Core BTS will continue to monitor best practices so we can help our clients stay ahead of future security challenges. If you are looking for more information about how your organization can develop a progressive and holistic security program to address threats like this, then contact us today. We would be happy to help.

New call-to-action

As the Director of Services of Core BTS' Security Practice, Justin helps organizations strategically maximize their security investments. With over 15+ years of industry experience, he has a unique perspective on the type of cybersecurity threats organizations face today.
As the Director of Innovation of Core BTS’ Security Practice, Tim specializes in helping clients develop strategies that cover all aspects of their IT security. Having been in the industry for 20+ years, Tim has worked with numerous Fortune 500 companies in various industries on their cybersecurity assessments.

Subscribe to our Newsletter

Stay informed on the latest technology news and trends

Relevant Insights

7/19 CloudStrike Incident Response

Updates on the 7/19 CloudStrike Incident Response  An update to the security firm's Falcon service last night has led to...
Read More about 7/19 CloudStrike Incident Response

14 Must-Know Insights About Azure VMware Solution (AVS) for Your Hybrid Cloud Strategy

In today's digital landscape, businesses are constantly seeking ways to enhance their IT infrastructure, improve agility, and reduce costs. Enter...
Read More about 14 Must-Know Insights About Azure VMware Solution (AVS) for Your Hybrid Cloud Strategy

Managed IT Services for Automotive Dealerships

An MSP can simplify IT management and drive business continuity at a predictable cost. Here’s all you should know: The...
Read More about Managed IT Services for Automotive Dealerships