It’s one of the worst-kept secrets in security: if a company’s security measures are slowing things down, end-users are going to turn them off.

“Employees are often guilty of circumventing security policies and procedures in an effort to meet their employers' efficiency demands,” says Scott Schober, president/CEO at Berkeley Varitronics Systems, Inc.

Schober is one of the experts and influencers who offered opinions and advice on the question: In today’s world of hybrid work, what are the key considerations to assure optimal experiences for workers while keeping users and data secure?

We reached out to technology influencers and experts to explore how the world of hybrid work has changed that security dynamic and what IT and security leaders can do to address the challenges. Their responses fell into two broad categories: People and technology.

From the Technology POV

Varitronic’s Schober cited the circumvention issue but sees the current environment as a chance to do things differently.

“Organisations have a unique opportunity to carefully build security into their newly established hybrid workflows,” he says. “When security protocol is established early on, employees embrace the changes because they are not seen as disruptions or burdens on efficiency and everyone benefits.”

There are some fundamental technologies, says Ben Rothke, senior information security manager at Tapad. “While the work environment may be changing, the core information security controls should be in place.”

These ideas are in line with an emerging framework for cloud-based productivity suites, including such key attributes as being cloud-first, a zero-trust approach, operating at a global scale to detect everything, and protect everyone.

Will Kelly, content and product marketing manager focused on the cloud and DevOps, homes in on identity. “Enterprises need to move to a standard identity and access management (IAM) solution to secure their collaboration platforms,” he says. “Securing data, especially sensitive corporate documents, calls for a data classification tool that can add descriptive metadata to the documents from which security tools can make decisions about the appropriate level of protection.”

Cedric Wells, director, IT infrastructure services at Gorilla Glue, offers a three-part plan.

“First, forget the old mindset that everyone will be coming back to the office permanently and so your corporate firewalls will be good enough,” he says. “Or worse, deciding that regardless of where a user is, ALL their traffic needs to be tunnelled back to HQ. Instead explore one of the always on next-gen VPN solutions out there. This will not only provide a much better user experience but also provide more flexibility and scalability while also providing the right level of security.”

Second, he says to “implement conditional access. We need our security systems working for us behind the scenes ‘while we sleep’ and making decisions based on certain behaviours without our intervention.”

Lastly, as organisations become more flexible with their work offerings, some folks will be working on the go and likely from mobile devices. “It's important to have the right MDM and MAM policies in place to protect the organisation from data loss.”

The last thing most employees want to think about is the security of their data, says Jason James, CIO at Net Health.  “Therefore, solutions must be frictionless whenever possible,” he adds. “This means reducing or eliminating unnecessary steps in favour of secure, but inconspicuous solutions. Single sign-on solutions must be employed to allow users to securely transition from one service to another without remembering dozens of different passwords or logins. In many cases, these solutions not only make environments more secure but also remove cumbersome barriers for accessing needed information.”

People Who Need People

As Scott Schober noted, there are ways to make following security protocols more user-friendly. “Make the security guardrails as invisible as possible to your end users and ensure that organisational change management is part of your planning for rollout,” says Kayne McGladrey, security architect, strategy and GRC practice lead at Ascent Solutions LLC. “This increases adoption of new collaboration technologies by ensuring that users are aware that the solution exists and understand that it’s easy to use. End users won’t use a solution specifically because it’s secure; rather, they’ll adopt it if it meets their needs easily and quickly.”

Cloud-based workspace solutions like Google Workspace are emerging as preferred platforms for hybrid work. Jack Gold, president and principal analyst at J. Gold Associates, LLC, says workspace-as-a-service implementations must be user friendly with an optimised user experience and access to all relevant corporate apps.

“The role of an enterprise is to protect its vital assets – its data. Yet it’s also critical that organisations make sure that their security procedures do not impede user productivity that ultimately can cost the organisation a 10%-15% reduction in user productivity, and that’s a huge potential lost opportunity cost,” he says. “So bottom line, understand the user needs, deploy the right technology to keep them productive in any situation, and implement the best available security for each instance by moving toward a zero-trust model that can maintain user productivity and enhanced security.”

Pay attention to “new hacking techniques,” says Frank Cutitta, CEO & founder of HealthTech Decisions Lab. “We’ve all been through dozens of required security training courses in our enterprises where we learn about phishing and ransomware. But the hybrid workforce needs to be educated about new hacking techniques on the fringe that were unrecognisable in previous months,” he says.  “For example, my interviews with healthcare CISO’s taught me about the explosion of COVID-specific phishing attacks against provider databases. While hybrid workers should be fearful of security breaches, learning just how creative hackers are can be quite entertaining while increasing the awareness of user security vigilance.”

Securing Seamless Collaboration: Seize the Opportunity

“What makes the hybrid experience so desirable for most people isn't the ability to work in your pyjamas all day,” says Gene De Libero, chief strategy officer at GeekHive.com. “It's the flexibility to get work done when it's most convenient - and when you're most productive. To provide this flexibility, start by developing and implementing a cybersecurity policy protecting users and data while fostering collaborative experiences in a decentralised, secure, and private workplace. This is critical to keeping employees engaged, effective, and connected.”

Hybrid work has closed the gap between personal life and the work life and raised security to the forefront. It’s a golden opportunity, says Gorilla Glue’s Cedric Wells.

“As the lines blur for a seamless customer experience in a users' personal and professional life, IT leaders have a unique opportunity to lead this charge; and also to add value to their organisation in this new hybrid workforce world.”