Forcepoint recently worked with Fujitsu in an online summit discussing the hot topic of how to embrace hybrid working as we return in part to in-person working. It now looks like full-time, office-based working is going to be the exception rather than the norm, and so managing the borderless office will remain a challenge for IT and security professionals over the next twelve months.
Fujitsu’s Head of Strategy and Growth, Workforce and Workspace Services, Andy Davis joined Forcepoint to discuss the changes and measures organizations need in order to stay secure, in addition to a presentation of how SASE and Zero Trust can work together to provide enhanced security, more agility and a better user experience.
Some of the highlights from our discussions are below, but you can hear more by listening again to the Fujitsu Securing the Workforce of the Future Summit.
We all know that the pandemic has changed our perceptions of what technology is capable of and what it can do, in both our personal and our work lives. Adopting new remote ways of working and technology has bridged the gap, and allowed us to get on with business as normal – as far as we could.
But, what happens next, how do we reimagine the future to have a more sustainable, healthier, and more inclusive way of moving forwards? I believe that we now have an opportunity through this period of change to think about how we can build better for the future.
Customers who were not already in a cloud environment did accelerate the adoption of cloud services, but we do now need to take a breath. Organisations need to think about the needs of their people going forwards, the tools they will need to be successful, and what they need to focus on to match business strategy.
We will be experiencing a blend of working patterns where people access data from anywhere, with any device. We need to make this a seamless experience for the employee, one that doesn’t discriminate those choosing to work remotely, but equally it needs to be done in a manner that is secure yet flexible!
I do think the answer comes with analytics, both for the protection of the employee and the employer. We have to ensure that remote workers are following processes and adhering to regulatory policy. But, we need to give them freedom to get their jobs done combined with the certainty they’ll be secure while doing so – and it is cyber security teams that achieve this that will be enable their organisations to be most successful.
Analytics is an enabler, delivering freedom for an employee based on trust earned through the way they do their work whilst adhering to policy. With risk-adaptive technologies, cyber professionals can track any changes or shifts in behaviour, adapting our policies automatically to increase risk levels and add in preventative controls, and then if behaviour shifts back to “normal”, then any additional control is removed. It means we protect the data, and the employee experiences nothing more than the ability to get their job done wherever they want to do it. Of course for anyone who may have made a mistake – it should hopefully prevent the accidental data breach. And for anyone who was attempting data exfiltration – it should stop the breach before it occurs.
Nicolas Fischbach, Forcepoint:
Thank you Andy. It’s a really interesting discussion, and what’s so fascinating is that what we have done so far is really only a minimum viable product. As you said, we’re only just beginning our journeys here to manage and control this all-remote workforce.
One of the ways to do it is of course SASE, and why is that? As you know with people working from anywhere, and data breaches so prevalent, for those working in cyber there’s a real need for agility. Cloud is augmenting and replacing in some cases on-prem apps and infrastructure. With multiple products of course, complexity can also increase – it’s a perfect storm.
SASE – Secure Access Service Edge – is really trying to address this. The goal is to deliver more productive users, simpler, more agile networking and converged cloud services replacing fragmented on—prem hardware. However I would argue that access-centric SASE doesn’t go far enough. In these scenarios you can end up with inconsistent data policies, endpoint agent sprawl and no hybrid enforcement for sites.
Security is not just a function, it’s about risk management – particularly from a board director’s point of view. By putting data, however, at the centre of your SASE architecture, you’re going beyond cloud access to ensure that you’re securing users, and also the critical data in your organization.
Too many diverse policies can cause complex, inconsistent implementations across the organization. With unified data protection policies, you’re enforcing these everywhere – endpoint, to cloud. It means you can create a risk-based strategy and apply that across the architecture, and also ensure (as per Zero Trust principles) that this risk monitoring is done continuously, based on user behaviour.
What we’ve done in the last year, as I mentioned, really is the first step. With data protection at the heart of our SASE architectures and risk-adaptive policies built in to protect our employees, we can build on these remote access blueprints and create a converged platform to deliver simpler, more agile operations.
To hear more from Andy Davis and Nicolas Fischbach listening again at the Work securely anywhere, keep data safe everywhere. Also in the Summit: Three Key Considerations to Secure The Workforce of the Future. Indi Barak, Managing Security Consultant at Fujitsu explores three key factors which must be addressed to capitalise on the value of your security investments and secure the future workforce.