security considerations for remote work

Security Considerations for Any Digital Workspace Project

Team Performive
by Team Performive on

Even before the catalyst of a global pandemic, organizations were being pushed to function with more mobility and accelerated digitalization to keep up with the needs of their workforce. Employees are no longer centralized in an organization’s main office, utilizing only corporate devices—they are remote, geographically spread-out and likely to use a mixture of personal and corporate devices. In order to stay competitive and remain a desirable place to work companies need to adapt their internal IT strategies to best serve remote work.  Speaking strictly internally, employees are working primarily from mobile sources whether it be devices or networks and they expect a smooth, consistent experience using whichever device they choose. Before allowing employees to use mobile devices or non-corporate networks, there are a few digital workspace initiatives that should be explored for the sake of productivity and most importantly, security.

With a digital workspace strategy IT teams are better equipped to handle the delivery of apps and data employees need to work across any device. Keeping the focus on not only the people using these applications and programs but also how and where they use these applications and programs is an important distinction and one that makes a big difference. For example, financial services professionals not only have specific applications, but they may be extended across global environments, with location specific requirements.

There are also questions of device ownership which can get a little tricky. Ideally, in a digital workspace, it shouldn’t technically matter who holds ownership of the device since it will be managed the same way. If an employee owns a device and they want to use it for work purposes the company can usually always purchase it from the employee in order to wipe it. However, if an employee is using a device that has personal data and private information they will want to know what IT is doing with it and whether or not any data of theirs is at risk of being lost or compromised. Security plays a huge factor in determining if a company even needs to take ownership of the device in the first place. If IT has the ability to wipe any corporate information that ever touches the device, and of course have the right management capabilities and policies in place to ensure that corporate information cannot escape their control, then device ownership is not necessary. Containerization is a popular way to deal with a situation like this, as it allows for native containers that protects personal data and apps. Platforms like iOS, Android, and Windows 10 are equipped with this ability.

Consider also the fact that employees may want to accomplish things at different times and that may require different devices, different experiences, and different ownership policies. Real opportunity comes in the form of taking advantage of small form factor to make employees more productive and agile when using portable devices that are always connected. Access management is important and needs to be fast and intuitive. Threats are becoming more complex and should be met with a zero-trust policy that is non-restrictive so not as to reduce usability.

You can tailor granular access policies based on:
• Network location
• GPS location
• Specific users
• Strength of authentication
• Authentication challenge timing preferences
• Re-authentication only when context changes

A digital workspace strategy is based on the ability to help IT teams ensure smooth, policy-based access, using the device their employees choose. Consider the needs of employees, policies for device ownership, and above all security requirements and moving forward with a digital workspace initiative will be a seamless and easy process.