Secure-by-design technology is more vital than ever in today’s hybrid workforce

The workplace of the early 2020s is one that we wouldn’t have recognized even five years before. Today, 58% of U.S. employees say they can work remotely at least part of the time, according to McKinsey & Company. These shifts are creating massive changes in corporate culture and oversight.  At the same time, they have created outsized challenges for IT teams — which were already stressed and stretched thin — as they contend with employees’ do-it-yourself approaches to IT and an expanding threat environment. Resellers who can offer those IT teams better tools for managing the hybrid office securely will have a better foundation on which to build long-term customer relationships.

At the start of the pandemic, nearly half of global office workers bought a PC, laptop or printer to support working at home, according to new HP Wolf Security research. But in most cases, security wasn’t top of mind. In fact, 68% of them say security wasn’t even a major consideration in their purchase; functionality and cost were far more important criteria. In addition, 43% say their laptop wasn’t checked or installed by IT. Security approaches built around on-premise hardware and networks will inevitably fall short under these circumstances. 

These trends underscore the importance of addressing the growth of shadow IT: The same cloud technology that made it relatively seamless for many knowledge workers to transition to remote work can expose them to vulnerabilities. Since the costs can be accounted for within those departments’ operating budgets, IT is often none the wiser—a growing dilemma as companies increasingly focus on building a robust hybrid workforce without exposing the enterprise. Increasingly sophisticated cybercriminals are doing just that, exploiting these weaknesses and maximizing the attack surface.

For the IT channel, these shifts require a sophisticated approach that rethinks the way devices interact with one another on increasingly fragmented networks. It also has to shift the burden of detecting and mitigating threats so that strapped IT teams can get much-needed support from end users and the equipment itself. A zero-trust security posture, in which all users and activities are monitored for legitimacy, is a must in the era of hybrid work.

Intelligent endpoint security is the first line of defense 

In the early days of the pandemic, business continuity often superseded any security concerns—perhaps a reasonable decision in a time of massive disruption. Now, however, IT security teams face the challenge of understanding the full scope of shadow IT within their organizations. In addition to addressing the use of unauthorized SaaS deployments, they must assess the endpoint vulnerabilities. Who is using an unsecured laptop? How many people are using home printers for sensitive work materials? 

Endpoint security challenges are real: In just one example, 64% of IT decision makers reported loss of data from unsecured printing practices in six months of remote work, according to a 2020 report from Quocirca. And between 2008 and 2021, the FBI recorded a 207% increase in cybercrime events, with losses hitting almost $7 billion last year, according to the agency’s 2021 Internet Crime Report. Cybercriminals no longer need advanced coding skills; instead, they can buy plug-and-play malware kits and malware as a service for as little as $5 or $10.

At the same time, many employees lack understanding of the threat environment. For example, nearly a third of office workers say they have clicked more frequently on malicious emails since working from home, according to the HP Wolf Security research. Yet very few of those workers (30%) reported these errant clicks to IT. Among the 70% who didn’t inform IT, nearly a quarter said they didn’t think doing so was important. One in five said reporting involves a “hassle factor.”

These results indicate a failure of the human firewall — one that may be directly related to remote and hybrid work environments. In the past, more than a third of office workers “popped over to IT” when they had a problem, according to the HP Wolf Security research. That type of casual interaction is much more challenging to achieve when working from home and may be particularly daunting for recent graduates and other workers who joined an organization during the pandemic. To be effective, partners should prioritize security solutions baked into the tools they deploy in ways that are easily implemented by default for their customers. Simplicity and functionality reduce the temptation for end users to take shortcuts that could significantly impede the security of their organizations.

Coping with IT staffing challenges

In addition to coping with the challenges of the shift to hybrid work, IT leaders are watching their own teams deal with the pressure of staying ahead of modern threats.  Consider the following findings from HP Wolf Security research:

• 57% of cybersecurity professionals say their organizations have been impacted by the global cybersecurity skills shortage.

• 83% of IT teams say the pandemic has put even more strain on IT support because of home worker security problems.

• 77% of IT teams say they fear their staff will burn out and consider quitting.

These results would be concerning even in an industry that was fully staffed. Yet the need for technology professionals will continue to outstrip supply for the foreseeable future, according to TechServe Alliance. And while the numbers are telling, the IT channel has a unique opportunity to step into the breach with stronger, more connected security solutions intelligent enough to help IT teams take control of shadow IT, manage the threat environment and minimize the impact on their own workload.

How the channel can respond

The IT channel can play a critical role in ensuring that security is understood across the enterprise to be an essential component of the hybrid workplace. After all, cyber risk has enormous potential for reputational damage, not to mention the cost and resources necessary to manage and recover from a breach. The channel can support IT teams as they make the case for strategic investments in secure infrastructure, as well as the development of policies and procedures that support the way their organizations work today.  

To make the most of this opportunity, partners must look beyond mere product sales to a more strategic approach that is built on relationships. Like any strong relationship, the connection with a customer should be based on empathy and understanding. Organizations are looking for seamless, integrated solutions from the channel to help them address their evolving challenges. It’s critical that the solution set provides tools that are both comprehensive and practically useful. Otherwise, customers may find themselves cobbling together an ad hoc collection of products and services that don’t coordinate well—and that may create problems down the line. 

Solutions must also be durable, and capable of responding as threat landscapes evolve. For example, laptops, PCs and printers with security built in rather than bolted on can provide a more seamless and less restrictive end user experience. Embedding non-intrusive security technology into the endpoint also gives users a better security experience while protecting the business and generating a better foundation on which to build out more sophisticated tools as needed. The result for customers is more confidence and better protection as they embrace new ways of working. For partners, it also offers an unparalleled opportunity to fortify operations.  

Organizations must assume that breaches are occurring, and continually verify and authenticate access to and between resources based on context. Partners who take on a similar mindset – and who are armed with the right solutions, insights and approach – will be distinctly positioned to win in a hybrid world. A zero-trust approach also reduces the need for frequent security updates. Systems that look for patterns of activity and isolate threats enable security teams to deploy updates on their own timelines, since they can be confident that common threat vectors have been rendered harmless. Removing the time crunch from software updates can reduce the burden on cybersecurity teams, preserving resources for the many other critical tasks IT teams need to perform. 

Making security table stakes

Even before the shift to a distributed work environment, it was difficult for end users to prioritize security appropriately. Their businesses demand their attention, and constantly evolving cyber threats mean that responses appropriate for one moment are outdated the next. On top of those ongoing demands, the move to hybrid workplaces has shifted back-office structures and ways of working—requiring a new perspective on how to protect the enterprise. Secure-by-design technology enhances employee productivity while simplifying IT security and manageability. 

Building strong, transparent relationships allows the IT channel to get an up-close view of customers’ business strategies, and the tech problems they don’t know how to solve. This approach creates a flexible and proactive cycle in which channel partners serve as trusted advisors, rather than transaction-based vendors.  Offering customers the tools to deploy an adaptable security strategy based on zero-trust principles solves their business and cybersecurity problems simultaneously while increasing the value partners bring to customers.  

Kobi Elbaz, HP