Simplify and secure: How Aussie businesses should be operating a hybrid workforce

As our workplaces have changed, so too has the cyber-threat landscape. We have seen how quickly our country and businesses can go in and out of lockdowns. Leaders have had to rapidly adopt remote working practices and rely more on cloud-based tools to keep employees and customers engaged.

According to John Karabin, Director of Cybersecurity at NTT Australia, this is why it is crucial to integrate a secure workplace solution into business functions, enabling employees to work from wherever they are and from whatever device they choose.

“The name of the game from Australian businesses in this day and age is simplification,” says John. “Businesses need to streamline and simplify their environments, moving away from legacy systems and reducing the number of applications their business runs on. The more applications a business runs on, the more risk exposure the business has.”

The status of quo for business continuity does not work anymore

As Sean Duca, VP and Regional Chief Security Officer for APAC & Japan at Palo Alto Networks puts it, business continuity is difficult to plan for at the best of times, but the lesson from COVID-19 is that ‘unplanned accelerated transformation’ must be a core part of future scenario planning. For that very reason, automated and cloud-based tools offer flexibility and consistency and should be factored in from the ground up.

COVID-19 has rapidly accelerated the adoption of new architectures, and companies should have the technological flexibility to deal with future crises. Building in Zero Trust and SASE, as well as increasing the level of automation (including AI and machine learning), helps to ensure that hardware and applications are resilient around the clock, according to Sean.

“The emphasis now needs to be on identity, rather than the device itself. This means looking at the identity of the user and what that allows them to do, the applications they can access, and what they can do with those applications,” says Sean. “This Zero Trust approach means that you have to really lock it down to the person and understand what an individual can do when they log into a corporate network to ensure you stay protected.”

Keeping consistency between the office and remote working

“When you think about the hybrid workforce, you want to ensure that there is consistency between how an employee is protected in the office and how they are protected while working remotely,” continues Sean. “That means having a clear policy for securing what’s most important to your business.”

He says that these changes and the new way of working will only increase the importance of cloud-based solutions and have lasting consequences for the work environment. The shift to remote working in early 2020 exposed the limitations of the tools people use to work remotely, partly due to massively increased workloads.

As John outlines, “The environment we work in is changing constantly and businesses need to adapt. As businesses transform and change rapidly, they need to be reimagining what their security profile needs to be with their environment. It’s no longer just “work from home”, it’s “work from anywhere”; whether that’s your home or a cafe or down the beach.”

Changes are likely still to come, and businesses need to prepare

COVID-19 has resulted in the most rapid workplace transformation in modern history, and it has served as a wake-up call for traditional security and business continuity practices. If the last year has taught us anything, it is that change can come at any time and in any way, and businesses need to prepare for that.

“You can never say “we’ve nailed it, we’re fine”. The reality is that we live in a dynamic world and our environments change all the time, and so too do the risks,” concludes John. “Knowing what the most critical parts of your organisation are, what could cause a material impact to your business, and managing those risks appropriately is what we should be striving for.”

Five key takeaways from John Karabin and Sean Duca for local businesses:

1. Embrace the change – Take the opportunity to move away from legacy systems and streamline architectures to improve business efficiency.
2. Simplify – Reducing the number of applications your business is using, simplify the process for managing them, increase visibility and incorporate a secure-by-design cloud native approach is key to keeping your business secure.
3. Understand what and where your critical systems and data are – When it comes to staying secure, it is important to identify what the most critical parts of an organisation are, prioritise protecting these and then work backwards.
4. Find the right partner – There is a skill shortage in the world for cyber security, so look for external organisations that can assist your specific area of business in need. Finding the right partner will generate a lasting journey to building a more resilient digital business.
5. It’s not if but when – Cyber security incidents will invariably be experienced by every organisation.  Understand and regularly evaluate your operational maturity to current and future threats. Always ask, what more can be done?