Today’s workforce is mobile and global—no longer tied to a specific desktop or even a desk in the corporate headquarters. That’s why forward-looking companies must build digital workspaces that enable employees to work anywhere, anytime, from any device.
And yet this new working landscape naturally causes concerns about data security. The expanded attack surface and increasing sophistication of threats means that IT leaders must shift away from traditional approaches—or combine old standbys with new approaches.
“Organizations need a holistic program that sets out a security strategy for the ‘new normal’ of the digital workspace and how people want to work,” says Christian Reilly, VP and CTO of Citrix.
Here are several key tactics to help companies ensure security as they design and build their digital workspaces.
Tactic #1: Understand user behavior
Employees now use multiple devices to do their work, and they’re logging in from multiple places such as home, coffee shops, and airports. It’s becoming increasingly difficult to track and secure all these devices everywhere they go.
“We’re seeing a significant shift toward understanding what users do, rather than trying to secure every conceivable device or component on the traditional network,” Reilly says. “If we know what the user does, then we can track all those transactions and access requests, for example, irrespective of the device or location.”
Reilly likens traditional security methods to the longest-ever game of cat and mouse between the good guys and the bad guys.
“That’s not to say we need to throw away everything we’ve done before,” he says. “But there are new methods, new ways of thinking, and new technologies available to help us concentrate on the user and therefore be more effective overall.”
Tactic #2: Seriously commit to continuing education
Humans make mistakes. Workers will accidentally download an attachment they shouldn’t or click what looks like a viable email link containing a virus. That’s why it’s important to continually educate users about security issues.
“The organizations that are best at addressing this issue are constantly doing internal testing, fire drills, simulated attacks—all done deliberately to see the human response,” Reilly says. “They are absolutely and utterly committed to continuous education on security.”
And it’s not just about testing for user responses. IT and security professionals must follow up with workers to explain and educate them about potential scenarios. “It’s important to get people to understand that there’s no difference between corporate and personal data, that it’s important to protect both,” Reilly says.
Tactic #3: Become a security enabler
The digital workspace gives CIOs and CSOs the opportunity to empower line-of-business (LOB) executives to help eliminate the security bottleneck.
“We’re increasingly seeing demand for delegated administration in the digital workspace,” Reilly says. “That means IT can empower lines of business—whether that’s a supervisor, a line-of-business expert, or the head of HR—to provide the right access to people within the context of that department.”
This is a win-win for both parties: while business departments gain identity and access control, “IT retains overall visibility for a 360-degree view of the user and the digital workspace,” Reilly says.
Adaptable, flexible, secure
The challenges of battling cyberthreats aren’t going to end—or get any simpler. By focusing on key security tactics in the digital workspace, organizations can enable employees to get their work done in a secure manner while also giving them the flexibility they need.
“The whole purpose of the digital workspace is to make it intelligent and adaptive to drive individual productivity and to make security paramount yet invisible,” Reilly says.