In the past five years, where, how and when we work has shifted.
Even if your workforce is remote, hybrid or in-office, the lines between office and home have blurred irreversibly.
If you are in the arena of knowledge work, where most tasks are done on devices like laptops or mobile devices, it can be assumed that there’s a data bleed between what’s strictly personal and what’s strictly for work.
Even if you issue separate devices intended to be dedicated to work, it’s no longer safe to assume that there’s a leakproof barrier separating work data, devices, networks, and applications from any public or personal data, devices, networks, and applications.
In-office policies may create an illusion of separation — and, thus, an illusion of security — but the truth is far more complex. According to recent research, 84% of employees use personal devices for work-related tasks (known as “Bring Your Own Device,” or “BYOD”). An alarming 78% of employees admit to doing so even when company policy stipulates that using personal devices for work (and vice-versa) is unacceptable.
When writing or speaking on this topic, I always make it clear that this isn’t about malicious intent or employees deliberately exposing the workplace to risks. While internal malice exists, accidental exposure is far more common. Employees may be unaware of company policies surrounding cross-contamination between personal and work devices and data access. They may use the same logins and passwords. They may log onto corporate devices on unsecured public Wi-Fi networks for a quick email check. They may engage in “shadow IT” by using preferred tools and applications, even if those are unsanctioned by IT and, thus, unregulated.
In another version of this scenario, an employee may be aware of policies but not fully understand what’s at stake or be able to draw a clear line between their actions and the potential consequences. For many well-meaning employees, it’s easy to bend the rules when the stakes feel irrelevant.
SVP Product Management for Secure Unified Endpoint Management at Ivanti.
The illusion of BYOD security
To combat cross-contamination, imagine that you’ve issued dedicated devices for work. You strictly enforce that work devices are shut down at the end of the day, or perhaps even physically stay in the office so there’s no temptation to blur the lines. You have an unwavering policy prohibiting workplace usage of personal devices. You have ironclad perimeters set up banning access to prohibited tools and applications.
This can create a perception of security, just as in-office mandates can create a perception of control. But this can have the opposite of the intended effect, causing managers to rely on policies and infrastructure for regulations and letting their guard down.
In reality, people use the same passwords across devices. They use incognito mode to access the material they want to access. They address personal matters during their break time. And they often feel pressured to address work matters on their personal time.
Again, it’s not malice. It’s being human, and it’s the reality of our current, hyperconnected world. Using an in-office mandate as a corporate security measure is like using a net to hold water. The boundaries and restrictions are present and evident. Your territory is marked. And yet, while the “net” might prevent some big materials from floating past your boundaries, it can’t control the constant inflow and outflow of everything else.
As a leader, this is a challenging situation. It’s frustrating, and it may feel like trying to hold water in a net. That’s understandable. The traditional arsenal of IT tools, predominantly designed for in-office environments, falls seriously short in managing the current hyperconnected digital landscape. A mere 63% of IT teams are equipped to track BYOD alongside corporate-owned assets, leaving a gaping hole in corporate security protocols.
The good news is that the situation is not hopeless.
Embracing Unified Endpoint Management (UEM)
Regardless of your workplace model, it's time for a paradigm shift towards Unified Endpoint Management (UEM) solutions capable of managing the myriad devices accessing corporate networks. UEM solutions represent a quantum leap forward in cybersecurity, offering organizations the agility and flexibility to navigate the complexities of “everywhere work.” Over the past few years, UEM solutions have become incredibly popular among forward-thinking remote and hybrid workplaces. Still, it’s time for all workplace environments to recognize the ubiquity of everywhere work and look for a solution that matches the moment.
By extending security protocols to encompass personal devices and remote work environments, UEM empowers organizations to fortify their defense mechanisms against emerging threats. A UEM solution should be able to discover, manage and secure any device that may access corporate data and networks, regardless of who owns that device and where they’re using it. These solutions can help enforce comprehensive security measures like stringent password policies, system access protocols and data management software.
The truth is clear: data security cannot be confined within office walls, any more than water can be confined within a net. Whether your workforce is in-office, remote or a blend of both, the imperative remains the same: safeguarding sensitive information against evolving threats while optimizing productivity and supporting the digital employee experience. In-office mandates, although well-intentioned, may offer a false sense of security. The reality is that data breaches can occur irrespective of physical work locations. That means the focus must shift toward implementing comprehensive security measures beyond the perimeter (literal and proverbial). In embracing the principles of everywhere work, organizations lay the foundation for a secure, agile and future-ready enterprise.
We've featured the best endpoint protection software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro