Express Computer
Home  »  Guest Blogs  »  Implementing an effective workspace security strategy

Implementing an effective workspace security strategy

0 42

By Peter Firstbrook, Distinguished VP Analyst at Gartner

Hybrid work necessitates an all-encompassing set of security controls that operate seamlessly within modern IT infrastructure. Phishing, identity theft and ransomware have remained top of mind for business leaders despite the significant investments to combat them. The challenge is intensified by the growing arsenal of security tools designed to address individual security threats in isolation. This drives up the complexity of evaluating, managing and integrating these tools as part of a coherent security strategy. A segmented approach to security tool administration also weakens the security posture, thereby providing threat actors an opportunity to target the workspace for initial access.

To enable a secure hybrid workplace, security and risk management leaders need a comprehensive workspace security strategy that integrates security across device, identity, email, data and application access into a cohesive and modular solution.

Adopt workspace security to enable secure hybrid work

For the successful implementation of modern hybrid work, organisations must not only devise an optimal hybrid strategy but also need to fully embed security in the modern workspace. This requires adopting a holistic workspace security strategy that places the worker, rather than their device, at the centre of protection and delivers the required security outcome for the business. Instead of viewing endpoint, email, identity, data and application access as separate security problems to solve, shift focus to a more cohesive strategy assessing how well security components fit together to improve the overall workspace security.

The focus must be on developing a more robust set of integrated and well-managed security controls, helping reduce complexity and break organisational silos. As the first step, security and risk management leaders must assess the current and the future state of their hybrid workspace and evaluate security requirements for workers using managed and unmanaged devices. Then, they should evaluate the acceptable level of administration complexity before adopting new tools.

Ultimately, the goal should be to identify the approach that is most suitable for the organisation based on the trade-offs the organisation is willing to make, rather than the approach that is the most popular within the market.

Build integrated workspace security teams

A workspace security strategy should be a cross-functional initiative led by the Chief Information Security Officer (CISO). The aim is to simplify processes, ensure consistent security policies, and enhance protection levels. The primary focus should be on designing a robust workspace security solution. This involves aligning security policies across various controls – identity, email, endpoint, and data – irrespective of the device used by the worker. By doing so, we can ensure a secure and efficient workspace for all.

The adoption of a workspace security strategy, along with a shift to integrated workspace security teams, will offer benefits such as:

  • Reduced complexity
  • Lower operational overhead
  • Alignment of business and security
  • Ease of integration
  • Improved security posture

Reduce complexity on the endpoint protection side

Organisations that continue to use separate tools for Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) should consider the immediate benefits of consolidation. These are mature technology sectors with many providers offering combined functionality through a single endpoint agent and administration console. This integration not only streamlines operations but also enhances overall security management. Gartner predicts by 2029, 50% of organisations will evaluate endpoint protection platforms as part of a comprehensive workspace security strategy, up from approximately 20% in 2024.

To tackle identity threats and enhance security operations, consider the possibility of integrating or consolidating related capabilities. For instance, integrating Identity Threat Detection and Response (ITDR) and Extended Detection and Response (XDR) with your Endpoint Protection Platform (EPP) could be beneficial.

In today’s workspace, advanced phishing attacks like Business Email Compromise (BEC) are common. Therefore, it’s crucial to assess the robustness of anti-phishing measures across various channels – email, web, messaging, and collaboration. Implementing strong controls in these areas should significantly reduce the risk of successful attacks.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image