The move to remote and hybrid work, coupled with the natural growth in the use of digital systems by employees, has substantially increased the threat surface organizations must protect. And as the threat surface has expanded, the number of new, innovative and more virulent cyber threats has increased, with most of them aimed directly at employees. As recent attacks against JBS Packing, Colonial Pipeline and others have shown, security must be improved, starting at the employee level.
Breaches resulting from employee actions are increasing. A recent Egress study found that 40% of severe data breaches resulted from stressed or distracted employees. They are now a primary attack vector, and SecOps teams can’t ignore that reality or avoid working to mitigate the risks. In fact, Kurt Roemer, Chief Security Strategist for Citrix, recently noted, “Everyone from individuals to global organizations needs to ask themselves: Am I ready for the threat?”
The natural reaction of many firms has been to make employees the first line of cybersecurity defense, even as the companies roll out more onerous and complex security stacks. The initial effort was an emphasis on employee cybersecurity training. However, a recent academic paper published by Sage Journals noted that this training has been less effective than expected. In addition, it has become more common, as cybersecurity tasks demand more time, for employees to experience “cyber fatigue” and disregard them. When security is intrusive, employees say, it:
- hinders productivity
- increases the time necessary to complete tasks
- reduces flexibility and agility for completing tasks.
The two primary cybersecurity issues that need to be resolved to improve the employee experience are access to apps/data and running the security tools. Organizations need a better solution for solving both elements of the problem.
Access is critical. Restrictive security approaches that try to limit what employees can do are a non-starter. Nearly half the management respondents from The Economist’s Intelligence Unit study on the experience of work indicated that employees must have access to information to get work done. When employees feel as if their ability to work effectively is being limited, the impact on morale can be substantial. The second aspect, making security unobtrusive and reducing cyber fatigue, demands new approaches to defensive posture. Constantly adding to the security stack and then forcing employees to employ it isn’t sustainable.
Digital Workspaces Deliver Both Cybersecurity and Positive Employee Experiences
Modern, best-in-class digital workspace platforms are designed to solve both sides of this problem. They are an ideal platform for delivering both apps and data to employees in a seamless, rapid manner. They also are secure by design, providing far greater protection for the organization without burdening employees.
Two essential, newer security features deliver both improved security and a productive digital work experience.
The zero trust security model holds that no device can be trusted by default, even if connected to a corporate network. The notion of a secure perimeter is dead. Instead, zero trust relies on mutual authentication to check the identity and integrity of devices. For employees, this approach simplifies and streamlines obtaining secure access across applications and tools. Zero trust leverages single sign-on (SSO), eliminating the need for unique credentials for every app or service. Employees only have to log on once.
The second modern security approach is Secure Access Service Edge (SASE). SASE integrates the connection and the security stack, providing it as a cloud service directly to employees. Security is based on identity and can leverage the zero-trust implementation. For employees, SASE improves application performance since different network segments can be used to cut bottlenecks. Security is also simplified because there is no need to engage multiple security tools to gain access. And security can be better tailored to unique employee needs or work scenarios.
“Security and experience are two sides of the same coin. A realistic way to look at security is to make it frictionless,” emphasizes Meerah Rajavel, Citrix CIO. “That means that you have guardrails. You have the control, but security does not get in the way of the employee experience.”
The Sum of the Parts Improves the Employee Digital Experience
The digital workspace, coupled with zero trust and SASE, provides a vastly improved digital employee experience, far superior to making employees deal with unique security tools each time they want access to a different app. Being secure by design, the digital workspace doesn’t demand employees become fluent in cybersecurity and engage in constant vigilance. Instead, the focus is on complete work and optimal productivity.
“The goal is to guide the workforce experience and security outcomes to be continuously situationally aware and contextually risk-appropriate. This enables us to move forward confidently and support a new way of working without compromising security, collaboration or business productivity,” says Dion Hinchcliffe, vice president and principal analyst at Constellation Research.
The combination of remote/hybrid work and increasing cyber threats demands that organizations secure employee digital activities without adding complexity. Best-in-class digital workspaces deliver security without cyber fatigue. It’s a “win-win” for the entire team (both IT and others).