Identity and security: does the return to the office help or hinder?
According to the Office for National Statistics, eight out of ten employees in the UK worked remotely during the pandemic. Since then, the number of those heading back into the office has grown. The percentage that class themselves as hybrid workers went from 13% in early February 2022 to 24% in May 2022. That figure has continued to grow over time. Gallup found that around 70 million people in the US were capable of working fully remote - of those, around 50% were working hybrid, 20% were back in the office full time, and only 30% were fully remote.
Companies are keen to get their employees back in the office. Microsoft found that 82% of business decision makers view getting employees back into the office is a concern in the coming year. According to research by ResumeBuilder, 73% of companies will definitely change their work policies in the next six months. The majority - 88% - of companies are offering incentives to get employees to return, including covering commuting costs and higher pay, while some - 21% - said they will fire workers who do not return to the office. While some have mandated that people come back full-time, most companies are opting for more flexible working.
For IT, this move to permanent hybrid working represents a challenge. After the stop-gap measures needed at the beginning of lockdown, followed by expanding measures to keep those employees secure, IT teams today have different problems to deal with around hybrid working.
More devices, more problems?
This move to fully hybrid working will mean some changes. For example, many employees will be heading back to the office for the first time after many months of home working. Office Wi-Fi networks will have to be updated, and users will have to reconnect to them. Using identified and fully authenticated wireless networks that meet the 802.1X standard is necessary, particularly for any organisation that has to comply with the Cyber Essentials standard.
Reconnecting to company assets like networks and those bĂȘtes noires for IT administrators, printers, will add to the work that IT has to support. The reawakening of offices means you have to turn on all of those conference computers that have been off for two years.
You'll have to make sure that they're still enrolled in your monitoring and management systems when your focus has been on devices outside the company network. All of these devices will have to be checked and updated, as many systems will have been idle. As they don't belong to particular users, they may have been overlooked for applying updates, both in their operating systems and their local applications.
The biggest challenge will be around user security. Keeping your co-workers secure gets harder when everyone can have access to services across multiple locations, devices and applications that can change at any given minute. Those devices have to be managed and patched, those applications have to be signed off and monitored for changes in job roles, and any updates have to be rolled out at scale.
How do you track what your co-workers can use, and where, and how can you then enforce the right rules on those devices and applications? The answer is identity management. With identity management, you can track and link your co-workers to their devices, applications and services regardless of what they use and where they use it from. Without this in place, it becomes much harder to keep hybrid workers secure.
Looking at user identities, you can then use the context for when, where and how a user is working on adding any further challenges that you need to apply. For example, you can add an authentication step for user access when they are working remotely from a location where you don't expect someone to be, triggered when those specific conditions are met. This should improve security for any edge cases while not inconveniencing users.
Coping with the return to the office
Alongside getting your identity management approach in place, there are some other process issues to consider. It would be fair to say that many workers are not looking forward to coming back into the office. Microsoft's research earlier found that 73% of employees said they need a better reason to go into the office than just company expectations. IT professionals are in the same position.
For some staff, just coming into the office will be a pain. For others, they will be coming in after having myriad problems with the equipment that they have been given to work with, and they will want help. If they are in the office, and so are you, then expect more walk-up requests for assistance. Whatever you do, don't succumb - instead, enforce your ticketing system so you can track the work that you are asked for. These processes provide you with the data that you need to spot any potential problems and patterns in behaviour.
The move to hybrid working makes things more challenging, and you have to think about your security posture differently. Previously, you may have had one approach for the office and one for home working, but this does not fit as well when your co-workers can be working anywhere at any time. Instead, your security posture should adapt based on user identity, what they are doing and applying the right rules in context.
Tom Bridge is principal product manager at JumpCloud.