Attack surface larger than ever as organizations shift to remote and hybrid work
“It was like changing an engine on a plane while it was in flight.” That’s how one security decision maker described the shift to remote work the pandemic forced last year. And as revealed by a survey of 1,250 security decision makers across medium to large organizations in the US, the UK, France, Germany and the Netherlands conducted by Citrix Systems, things haven’t gotten any easier.
Broadening attack surface
With end users working from anywhere – in some cases using personal devices to access cloud apps and corporate resources – the attack surface is larger than it has ever been. And many IT organizations are struggling to defend it. As the study found:
- 74 percent of security decision makers say procedures and controls have become more complex as their organizations transition to remote and hybrid work.
- 73 percent are fighting to keep up with the increased volume of security threats that the models create.
Enhancing the employee experience
Employees today want the flexibility to work when, where and how they want using the applications and devices of their choice. In addition to security decision makers, 3,603 knowledge workers were also polled, and 66 percent said it is “extremely” or “very important” to be able to work remotely or from home, on any device.
Savvy organizations recognize this.
- 86 percent of respondents say it is “extremely” or “very important” to create a seamless employee experience
- Around nine in 10 measure information security’s impact on employee experience and productivity.
Changing the game
“IT organizations are realizing that as they embrace hybrid work, their security posture needs to evolve,” said Kurt Roemer, Chief Security Strategist, Citrix. “Rather than traditional command and control-style strategies, they need to take a more intelligent, people-focused approach to security that protects employees without negatively affecting their experience.”
Most participants in the survey are taking actions to do this. In fact, 79 percent of decision makers polled say the pandemic has created an opportunity to completely rethink their long-term information security strategy with these objectives in mind.
Yet challenges remain. Among the top three cited by workers who participated in the research:
- Poor connectivity (43 percent)
- Navigating technical problems virtually (34 percent)
- Inability to get IT support quickly/easily (32 percent)
Investing in the future
The news isn’t all bad, however. While only 46 percent of security decision makers felt “somewhat prepared” for remote work when the pandemic hit, 84 percent now feel “very” or “somewhat” prepared to secure a hybrid, remote or at-home workforce.
- 58 percent say investments in security have increased over the last 12 months by an average of 40 percent.
- 71 percent say their company’s IT environment is now more secure than it was before the pandemic struck.
And that’s critical, because as the survey also makes clear, 52 percent of security decision makers believe most of their workforce will be permanently remote or hybrid.
“Hybrid work is the future of work, and IT will play a critical role in delivering it,” Roemer said. “With the right technology, they can provide consistent, secure and reliable access to the resources employees need to get work done, wherever it needs to get done, and empower them to be and do their best.”