Man working on laptop from home, hybrid working

The balancing act between security and agility

Does security suffer if firms adopt agile trends like hybrid working?

06 December 2023Dheeraj Rawal

In this blog find out:

What are some of the hybrid working trends? Do they matter? Are there advanced security solutions to cater to these changing business needs? Read on to find out how both security and agility can be achieved.

The status of hybrid working as of today

Businessman working on laptop and sitting in café

During the pandemic, businesses saw remote working as a last resort to maintain operations. Back then, remote working was supposed to be a means of business continuity. Fast forward to 2023, remote and hybrid are ‘normal’ ways of working. Hybrid working has transitioned from being a perk/benefit to an employee right. Businesses are facilitating these new ways of working by demonstrating a lot of agility – by onboarding new tools, technologies, platforms, cloud-based apps and more. Investments in agile and productivity tools like video conferencing, employee well-being and engagement, productivity and collaboration, project management, internal communication, etc. have gone up remarkably.

It’s a mix of trends

About 45% of European companies1 have permitted their workforce to work remotely from home for about three days a week. In Germany and the Netherlands, most organisations prefer an ‘office-first hybrid’ – where the organisations decide when workers and teams can work remotely. Other hybrid working models include fixed hybrid, flexible hybrid and fully remote. All these models vary in terms of how, when and where the worker can work. Furthermore, these working models involve various device policies such as: 

  • Choose your own device (CYOD)
  • Bring your own device (BYOD)
  • Corporate owned personally enabled (COPE)
  • Corporate owned business only (COBO)

What do employees want?

Infographic 2

These trends are unlikely to fade away anytime soon. Office workers prefer remote jobs and here’s a study that clearly indicates this. On average, less than 20%2 of the jobs posted on LinkedIn had a remote job option, yet it received more than 50% of the total applications.

One McKinsey study3 reported that 71% of people who prefer hybrid work / remote work models are likely to switch to another company if their current workplace discontinues / replaces the hybrid / remote work model with a full-time office model. But why? When you look at the results from this Cisco workplace survey4, the reasons why workers like hybrid working are straightforward. Here’s what employees say when asked why they prefer hybrid working:

  • 76% have saved money    
  • 68% have improved physical fitness 
  • 74% have improved family relationships 
  • 82% feel motivated 
  • 55% are less stressed

These metrics are vital to business since they also contribute to work efficiency. Therefore, businesses will pay attention to adopting or accelerating hybrid trends to offer a better digital experience, enable efficiency and improve collaboration.

Keeping one eye on cyber security, too

Jumping on the digital experience bandwagon increases the attack surface. Gartner highlighted ‘attack surface expansion’ as one of the top 7 cyber security trends for 2022 in its report5. Gartner attributed this ‘attack surface expansion’ to the increase in remote working. This is why boardroom conversations in the post-pandemic world are drifting towards having strong protection, resilience and compliance measures. Companies must evaluate application security, network security, cloud security and more while rolling out new services or onboarding tools.

According to an EY report6, 64% of the corporate board members in the American region consider ‘cyber security and data privacy’ amongst their top five priorities. Cyber security is no longer just seen as an IT topic, but has evolved as an enterprise risk. Businesses, on the one hand, need to allow new ways of working like hybrid work and, on the other, ensure that these ways are secure. As workers often use their personal devices to access business applications and data, the number of endpoints increases. Additionally, as the workforce is outside the office perimeter, traditional data protection measures are no longer effective. There’s no defined perimeter today, as remote workers are working from different locations and are on the move.

White paper: Security Services Edge to unify defensive strategy

As cloud adoption and hybrid models grow, learn how you can secure your businesses with an SSE strategy.

Old times when stringent security meant a slow experience

Back in the day, when stringent cyber defence measures were to be applied, the user experience would take a beating as it would be too difficult to access any applications due to inflexible data protection policies, complex access methods and so on. For instance, if an organisation had rigid multi-factor authentication methods – then it was likely that a user would face one or more of these situations:

  • could not easily access applications
  • would start work late
  • could not access the application on a different device
  • might miss meetings or deadlines, and so on.

But this notion isn’t true anymore. You don’t have to balance security with employee experience or productivity. Hybrid ways of working can be achieved along with strong cyber security measures. Both are possible without having to always trade off anything between them. 

Modern security solutions for today’s digital workforce

Zero Trust Security

Identity-based cyber security solutions like Zero Trust work effectively in today’s ever-changing multi-cloud borderless networks. Zero Trust solutions allow access to business applications based on the user, device, application and context. No user is given access by default unless verified. These solutions don’t kill the user experience either. Businesses are already aware of this fact and acting on it fast. A report from Okta stated that about 45% of organisations in the EMEA region have a Zero Trust Strategy in place.

Security Service Edge (SSE)

Organisations that need more than least privileged access can contemplate SSE – which not only consists of Zero Trust, but also other elements like better policy control over user access to the cloud and web-based applications.

With SSE solutions, organisations can detect and mitigate threats effectively, keep applications secure, protect sensitive data and manage policies easily. Of course, all this without compromising on the experience and scalability.

Endpoint Detection and Response (EDR)

Modern-day EDR solutions extend protection to endpoint devices, cloud applications and emails. There are instances of users opening a malicious email leading to a data breach or a ransomware attack. In such cases, an EDR solution detects cyber attacks like phishing and eliminates the threat. With more devices and endpoints, the risk of phishing or socially engineered cyber attacks increases. Hence with an EDR solution, a company can afford to have many devices and endpoints, all while ensuring cyber security.

Building further resilience in the business

Infographic 1

As businesses adopt digital initiatives to have more speed, they also have a responsibility to look out for resilience. A report published by McKinsey, ‘The State of Organizations 2023’, highlights that resilient companies generated a Total Shareholder Return (TSR) of 50%7 more than companies who were less resilient. Naturally, resilient businesses withstand and handle disruptions better. Businesses are banking on robust cyber defence solutions to build resilience. However, having security solutions is one part, the other part is to also develop a cyber security culture in the agile working environments. After all, humans are the weakest link in cyber security.

A 2022 report8 on employee behaviour by Gartner claimed that about 82% of data breaches can be attributed to unsecure employee behaviour. Therefore, businesses need to also emphasise on training and educating the teams (phishing simulations, training modules, etc.). However, awareness isn’t enough. The same report stated that despite understanding the cyber risks, employees engage in risky behaviour, such as using the same password for multiple platforms, opening an email attachment from an unknown source, sharing sensitive information, and more. 

This signifies that it’s not only agile working ways or digital transformation that increase the cyber risk. Employee behaviour could also be a risk factor. Such security challenges can be minimised eventually with the right tools and training. It’s also important to mitigate any existing vulnerability or risk(s) while evaluating new security solutions to support digital transformation. Security assessments help businesses find gaps and potential risks.

Conclusion: It doesn’t need to be a balancing act

In summary, security need not be traded with agility, productivity, or even speed. Cyber security should be seen as an enabler of adopting agile and transformative technologies and platforms. As discussed earlier in the blog, the new ways of working will evolve, and modern solutions like Zero Trust or SSE can be leveraged. The existing security posture can be improved by assessing the IT architecture. Employees can be periodically trained to avoid data breaches. Only with such an outlook can a company become more resilient and win customer trust. Not all businesses have the time and security teams to identify which solutions they need to enable flexible hybrid working, how mature their current IT architecture is, if they need more vendors, whether they can consolidate solutions or vendors and so on.

About the author
Dheeraj Rawal

Dheeraj Rawal

Content Marketer, T-Systems International GmbH

Show profile and articles

You might also be interested in

Hybrid Work Report 2023, Okta
LinkedIn Insights, 2022
The State of Organizations 2023, McKinsey & Company
4  Global Hybrid Study 2022, Cisco 
7 Top Trends in Cybersecurity for 2022, Gartner
Americas Board Priorities, 2023, EY
The State of Organizations 2023, McKinsey & Company
4 Ways to Achieve Secure Employee Behaviors, 2023 Gartner

Do you visit t-systems.com outside of Singapore? Visit the local website for more information and offers for your country.