In the new workplace reality, employees can work literally from just about anywhere – we are experiencing a true hybrid workforce. Yet as convenient as this might be for employees, IT, along with HR and other workplace strategists, faces considerable pressure to find a way to support this new model of working in a way that makes it easy for employees to do their jobs while not jeopardizing the organization’s security posture.
Fortunately, several fundamental shifts are enabling people to work from anywhere safely.
Modern Applications – In the Cloud
The most significant of these trends is the delivery and management of applications from the cloud, allowing access from anywhere in the world. This trend has challenged IT departments to manage and deliver secure access to these applications, with the same performance and ease of access that is expected from internally hosted applications.
Modern Provisioning – Starts with HR
This challenge has no single solution; however, some emerging technologies that start outside of IT, in the HR department, can come together to address the challenge. Human capital management (HCM) or human resource information systems (HRIS) are maturing. They are becoming the single source of truth on the status of employees and contractors and can feed employee information into IT and security systems. These HR systems are cloud-hosted and provide modern automated provisioning to corporate identity access management (IAM) systems like Azure Active Directory (Azure AD). This approach can ease on-boarding, off-boarding, group membership, and applying access permissions in an automated way, directly by HR. Continuous refresh of information between HR systems and IAM systems enable HR to manage the entire personnel lifecycle.
Modern Authentication and Access Management – Single Sign-On
The next component category is IAM systems that provide a single sign-on (SSO) experience to employees. Modern IAM systems, like Microsoft Azure Active Directory, can be integrated with applications to establish and manage user identities. Modern IAM can include enhanced security capabilities like multi-factor authentication (MFA) and advanced threat protection (ATP). The SSO experience can be extended to the cloud-hosted applications using standards like System for Cross-domain Identity Management (SCIM), for provisioning users in the applications, and Security Assertion Markup Language (SAML) or OpenID Connect, for authenticating users to the applications, further securing the work-from-anywhere ecosystem.
Modern Device Setup and Management – Cradle to Grave
A key hybrid workforce challenge is the setup and management of the devices in use by the workforce. Although device management has been around for a while, it has been traditionally based on on-premises devices, at least for initial deployment. Modern device management is an extension of the IAM systems, allowing IT to deliver an un-configured device to employees and automate the device setup for access, applications, and security, based on the provisioning information in the IAM system. Post initial setup, IT can manage the entire lifecycle of the device. This change is a fundamental enabler for the work-from-anywhere model.
Modern Access and Security – Always Connected
A significant challenge of the hybrid workforce has been providing secure access that performs well when employees are not in the office. Traditionally, employees have had to use remote access VPNs for some applications and access cloud-based applications directly over the Internet. The security challenge has been the lack of visibility of the Internet traffic when employees are out of the office.
A new category of modern access and security systems, called secure access service edge (SASE), addresses this challenge. SASE combines networking and security functionality into a unified global cloud-based service that replaces remote VPN access and WANs. Employees use a software client that is always on – whether in the office or working outside the office, that connects them to the corporate security environment for all application access. It is a cloud-native solution that is scalable and adaptable; provides global quality of service for applications, and is accessible from anywhere in the world. The SASE architecture improves the user application experience and reduces security risks — especially for the cloud applications.
Bringing it All Together
With the changing work-from-anywhere business and technology landscape, traditional techniques for protecting your systems and data are no longer enough. Security for a workforce that works from anywhere requires an integrated approach. Combining cloud-hosted applications with modern user provisioning, SSO, device setup/management, and an always-connected security access model will allow your business to securely manage your workforce and deliver a fantastic user experience. The bonus benefit of this integrated approach is that it will enable your IT department to operate a zero-trust security model that brings everything together more efficiently.
Scott is writing on behalf of the SCTC, a premier professional organization for independent consultants. Our consultant members are leaders in the industry, able to provide best of breed professional services in a wide array of technologies. Every consultant member commits annually to a strict Code of Ethics, ensuring they work for the client benefit only and do not receive financial compensation from vendors and service providers.
