Current and Future Challenges with Hybrid and Remote Work Models

By: Justin Wray and Tim Grelling | June 15, 2021

Many organizations are shifting to hybrid work models because of COVID-19. This model brings with it some unique security challenges. In this blog, we are going to walk through some current and anticipated future security risks we see with the hybrid work model, along with some high-level recommendations on remediation.

Changing Perimeters and Endpoints

From a security perspective, one of the biggest challenges with COVID-19 and work-from-home is moving perimeters and endpoint security. When the pandemic hit, your perimeter moved from being the actual perimeter of your location within your environment and all the way back to the terminals. Organizations started with a simple view of where the perimeter was to one where the perimeter became the endpoint, all users, and all data.

This has caused significant security concerns around how that data is being accessed, transmitted, and stored. This is especially an issue in flat environments where getting in at one point can give you access to everything. It is critical to protect those endpoint devices that are now the absolute edge of your environment and make sure they are secure.

Bring-Your-Own-Device Risks

On top of the issues that organizations had with the moving perimeter, many also had to face challenges from bring-your-own-computing-platform situations. If organizations didn’t have laptops or portable devices for their workforce, or couldn’t purchase them when the pandemic hit, users ended up using their own devices to continue working. Suddenly, the company data was the perimeter because users were using devices that the organization couldn’t control.

In the past, data literally lived within an organization’s walls. Now, it’s everywhere. It’s critical for security (related to changing endpoints and BYOD risks) that your security program focus on where the data is, how to control it, and how to secure it. One of the biggest challenges with remote work, BYOD, and everything is making sure that data isn’t leaking out of your environment. If you can track that, then measure it and establish solid controls you are one step closer to mitigating those risks.

VPN and Remote Access Vulnerabilities

Organizations that had cloud-related infrastructure could leverage that to enable a remote workforce (though many found they had to change process and security around those cloud solutions to reflect the increased need from the workforce). Security risk around this cloud infrastructure goes back to securing endpoints, used devices, and BYOD situations.

Other organizations used (and still use) a more traditional approach of connecting to the home office – essentially to the datacenter you have within your facilities. Organizations are set up to have that user endpoint connect right back to their on-prem environment. That connection can increase the risk around your remote access.

When we look at trends in security vulnerabilities, the adversaries are focusing on this weakness. When we look at good targets from a technology standpoint, things that are remotely accessed (like email systems) are often on the list. However, VPN and other remote access solutions have been highly targeted over the last year.

In this case, it’s vital to ensure that patching and servers are up to date (we also consider this one of the top security gaps we’ve seen in recent years). It’s equally critical to evaluate authentication methodologies and use multi-factor authentication for remote access.

Return to the Office

At some point, it is likely that people will come back to the offices – though what exactly that will look like is difficult to say as the situation continues to evolve. When the pandemic happened in 2020, overnight we told our people to work from home, and almost no one had an opportunity to plan for the security fallout. But now, with a likely return to the office, you do have the opportunity to plan how you get people to securely return to the workplace.

Conclusion

As the hybrid and remote work landscape continues to evolve, the security team here at Core BTS will continue to monitor best practices so we can help our clients stay ahead of future security challenges. If you are looking for more information about how your organization can develop a progressive and holistic security program to address threats like this, then contact us today. We would be happy to help.

New call-to-action

As the Managing Director of Security Advisory at Core BTS, Justin helps organizations strategically maximize their security investments. With over 15+ years of industry experience, he has a unique perspective on the type of cybersecurity threats organizations face today.
As the Director of Innovation of Core BTS’ Security Practice, Tim specializes in helping clients develop strategies that cover all aspects of their IT security. Having been in the industry for 20+ years, Tim has worked with numerous Fortune 500 companies in various industries on their cybersecurity assessments.

Subscribe to our Newsletter

Stay informed on the latest technology news and trends

Relevant Insights

Healthcare Personalized Medicine: Leveraging Genomics and AI for Tailored Treatments

Faster, cheaper genome sequencing and more intelligent AI algorithms promise a new era of precision medicine. Genomics and artificial intelligence...
Read More about Healthcare Personalized Medicine: Leveraging Genomics and AI for Tailored Treatments

.NET MAUI and the Future of Xamarin 

At the 2020 Microsoft Build Conference, the company announced .NET MAUI as the next evolution to Xamarin.Forms. This move comes...
Read More about .NET MAUI and the Future of Xamarin 

Your Student Data Deserves a Higher Grade of Clarity

Discover the intelligent way to manage and leverage student data for optimum outcomes. Is your school district or institution drowning...
Read More about Your Student Data Deserves a Higher Grade of Clarity