There are many scenes in the classic movie "The Princess Bride" that are often quoted. I can't recall a day on the Internet when someone doesn't use Inigo's response to Vizzini's incorrect use of the word, "inconceivable."
Admit it. You just recited Inigo's response.
One of my favorites, though admittedly lesser remembered, exchanges takes place outside the castle walls as our intrepid heroes are preparing to enter with the goal of rescuing Buttercup.
WESTLEY: Now, there may be problems once we're inside.
INIGO: I'll say, how do I find the Count? Once I do, how do I find you again? Once I find you again, how do we escape?
This exchange – in particular, Inigo’s response – popped into my head as I began to consider the challenges and threats we need to monitor as we return to work.
The reason for this is that many of us aren’t returning to work. At least not every day.
I could cite surveys from analyst firms, technology companies, and independent writers, but you've no doubt seen them all, and they all say the same thing: hybrid work is the new normal. We aren't going back to the way things were. The heated debate about what a successful hybrid work model looks like can be seen across the Internet, with pros and cons and potential pitfalls cited and quoted in business and technology publications. But let's ignore that for that moment and consider the most likely scenario: on any given day, some of your coworkers will be in the office, and others will not.
And that raises the first question I have: how do we know?
E-mail kindly offers us the ability to notify colleagues and collaborators when we are out of the office, but this traditionally means we are really out of the office. Like, on vacation. How do we know whether we can walk over to quickly discuss a matter with a colleague or not? Even employees of smaller companies with smaller campuses can surely appreciate the desire not to spend ten or more minutes walking over to talk to a coworker only to discover they're "working from home" that day.
“Once I’m in the office, how do I find Cindy? Once I do, how do I find you again? And how do we escape the parking garage?”
While we can certainly file this concern under "first world problems," there are significant challenges to be faced if your workforce will be operating in a hybrid work model.
Capacity challenges
This first challenge is availability. Consider that your corporate network has not yet been subjected to the volume of video and chat traffic that is about to ensue. With some people out and others in, it seems likely that the communications tools we’ve grown accustomed to using will continue to be used. The growth in traffic is likely to put more stress on your network than you might have planned for, necessitating a serious look at its capacity and even, perhaps, its architecture.
Complicating capacity needs is the growing adoption of IT as a Service or, as Deloitte calls it, "XaaS." A recent study of theirs found significant growth in the US. Similar trends can be seen in our research with respect to AI-based security services, much of which are delivered via SaaS. Whether it’s updated security signatures, daily threat feeds, or other time-sensitive data, the availability, and performance of the corporate network have a direct impact on security in a digital-driven world.
As dependence on security as a service increases, we need to pay more attention to the network to ensure those services can deliver updates and operate without being slowed down by a congested network.
IP is no way to secure IT
A new, migratory workforce also poses a direct challenge to security. While we’ve long been shifting away from IP-based controls to secure corporate resources, that shift needs to happen faster. The transitory nature of devices used by employees will drive demand toward a zero-trust approach that focuses on identity-based access and control. When endpoints are mobile, so is their IP. You can’t trust it at all. We need to drop our dependence on IP addresses and look to identity instead.
Some organizations have been on a trajectory toward zero-trust for a while now. It’s become more urgent to get on the path since the abrupt distribution of the workforce due to the pandemic.
“In 2021, 42 percent of respondents from a global survey report that they have plans to adopt a zero-trust strategy and are in the early phases of doing so. In general, 72 percent of respondents have plans of adopting zero-trust in the future or have already adopted it."
Beware of nastyware
The CDC is still suggesting health checks as we return to the office. You know, check your temperature, make sure you’re feeling okay.
Maybe your organization will – or won’t – follow this advice. But when applied to devices returning to the office, it is a sound policy. After all, there is a risk of user devices becoming infected at home and bringing malware, spyware, ransomware, or some other nastyware into the office.
Many organizations take advantage of a VPN to secure remote access to resources. The process of “logging in” often requires a system scan to ensure a clean bill of health. A similar daily health scan of devices is likely a sound approach to ensuring only healthy devices are allowed to access your corporate network.
Someone, in the early days of the pandemic, said we were never going back to normal. And in many ways, they were right.
The pandemic has proved to be a disruption of epic proportions to every aspect of our lives – and to our corporate networks.
It’s time to consider how we transform all aspects of IT – from the network to security – to better deliver and defend the services a hybrid workforce will need to succeed.
NetOps teams, like Spider Man, have great powers and great responsibilities. Increasingly, they are adopting a Zero Trust approach to network operations to help fight their battles.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
