Secure Digital Workplace: chronicle of a foretold (and necessary) evolution

Juan Carlos Vigo López    19 October, 2022

The changes that have taken place in the Digital Workplace lately have put some technological areas under stress, as we have had to adapt to the evolutions during and after the COVID, modifying the temporal incorporation of the observed trends.

When workers had to go home, technology measures had to be fast-tracked to achieve digital and operational resilience in our work environments. For this reason, CIOs and CTOs have had to evolve their approaches from technology stacks with solutions for short-term problems (pandemic) to the search for stacks that develop medium-term digital resilience and trends towards a hybrid working model.

According to the Gartner Digital Workplace Survey, 68% of respondents agreed that “more C-level executives expressed interest in the digital workplace since COVID-19,” said Matt Cain, vice president analyst at Gartner.

Source: Gartner.

This shifted the positioning of meeting solutions, collaborative work, chats, from interesting to mandatory. And I include Cyber-Security and resilience in these areas.

So, if we were to describe the trends in this area and complement them with our vision, we would have the following:

1. New digital work Core

A collection of communication, collaboration and personal productivity tools in SaaS, combined in a cloud office suite.

Typically includes email, instant messaging, file storage and sharing, conferencing, document management and editing, search and discovery, task prioritisation and collaboration.

This Digital Work Core is the cornerstone of Digital Workplace infrastructures.

2. Aligning the Core with the cloud

Increased use of Cloud office solutions, as well as reduced costs, increased simplicity and more functionality for employees.

It led to the upgrade of cloud services with new mobility, content discovery and Artificial Intelligence (AI) functionalities, which are shaping the future.

3. Evolution from BYOD to BYOT

More personal Internet of Things (IoT) or wearable devices are starting to be used in the workplace, in a trend known as BYOT (Bring Your Own Technology).

This involves a wide range of connected objects such as smartwatches, fitness wristbands, smart lamps, air purifiers, voice assistants, smart headsets, and virtual reality (VR) headsets being brought closer to the workplace. And in the future, it could be sophisticated devices such as robots and drones, surely.

As home technology becomes more intelligent and IoT-enabled, an increasing range of tools will be brought into the Digital Workplace and used in remote or hybrid work.

4. Economics of distance

Virtual or hybrid meetings have proliferated across COVID-19. The pandemic influenced the emergence of the “distance economy”, or business activities that do not rely on face-to-face activity. Organisations with operating models that rely on physical and face-to-face events have mutated to virtual or hybrid alternatives.

Simultaneously, as internal meetings, customer interactions, new employee interviews and a variety of other business activities have become virtualised, the distance economy has given rise to a new generation of meeting solutions that mimic a face-to-face meeting. Empowering telecommunications as a lifeline at all times.

5. New digital workspace

A smart digital workspace incorporates the digitisation of physical objects to offer new ways of working and improve work productivity. The technologies incorporated are: IoT, digital signage, integrated workplace management systems, virtual workspaces, motion sensors and facial recognition.

Any place where people collaborate is a smart digital workspace, such as office buildings, desks, meeting rooms, conference rooms, public places and even people’s homes.

The development of hybrid work models, with the incorporation of remote working, implies a review of design strategies to better understand how people participate in physical spaces and their social relationship.

6. Desktop as a Services

Desktop as-a-Service (DaaS) provides users with a virtualised, on-demand desktop experience from a remote location. It includes provisioning, patching and maintaining the management plane and resources to host workloads.

Organisations have been interested in adopting a virtual desktop infrastructure in the past, but complexity and capital investment have made implementations difficult. The pandemic has accelerated the DaaS adoption model.

7. Democratisation of services associated with the Digital Workplace

There is a trend towards user participation in the technological services of the future:

  • Employees will participate more actively in the models for resolving incidents, problems, and knowledge of digital workplaces, through their own empowerment and in their own interactions. Different gradients of intensity are available, including small code development (no-code application development tools, etc.).
  • Collaborative integration tools, where expert users with IT skills handle relatively simple application, data, and process integration tasks on their own through intuitive, codeless development environments.
  • User data science, allowing analytical insights to be extracted from data without the need for extensive data science expertise.

8. Resiliencia y Ciberseguridad en Digital Workplaces

There is one aspect to take care of, that of the resilience of these Digital Workplaces, making this characteristic in the face of increasingly sophisticated and industrialised situations and attacks a necessity for an almost indestructible Digital Workplace.

Developing a Digital Operational Resilience model that can be defined, and that if we go deeper, we can bifurcate it into several separate paths such as:

Plans, programmes and controls.

That it can take its cue from what is being done in the financial field and that we take the broad lines:

  • Incident response and employee response plan and how it affects the Digital Workplace.
  • Assessment of the risks posed by cyber-attacks and an action plan to mitigate them.
  • Appropriate security controls in the digital infrastructure, which could include encryption at rest and in transit, authentication, access controls, audit trails, monitoring systems, event management systems and incident response plans.
  • Incident notifications when incidents occur so that regulators can assess vulnerabilities and make recommendations for improving the security posture.
  • Service continuity plan during outages that may occur.

Training and simulations

Human involvement in digital ecosystems has been identified as the weakest link, as elements to be trained and coached in the face of attacks and incidents. And here we must not forget the entire ecosystem of collaborators and third parties involved in the day-to-day operations of companies.

Digital Workplace security architecture

Developing a security architecture before and during the life of the Digital Workplace can be based on the following strategies:

  • Security as an element to be included in the design of the Digital Workplace, through the participation of security teams in all phases of design, implementation, operation, innovation, etc.
  • Include security in the management of Digital Workplace assets.
  • Within integration, consider micro-segmentation architectures.
  • Develop different security layers.
  • Development of Zero-Trust strategies.

Security technologies and areas to consider

  • Access management.
    • Specific management of privileged users. PIM and PAM
  • Two-factor authentication
  • Biometric elements
  • Encryption of information at rest and in transit.
  • Data redundancy.
  • EDR (Endpoint Detection and Response)
  • NDR (Network Detection and Response)
  • XDR (Extended Detection and Response) / NGIPS (Next-generation intrusion prevention system)
  • CASB (Cloud Access Security Broker), DLP (Data Loss Prevention) and IRM (Information Rights Management).
  • Deception.
  • Security operations to consider
  • Vulnerability management and patching strategies. Virtual patching.
  • Management of traditional attack vectors, mail, browsing, file exchange, etc.
  • Hardening of endpoints.
  • Password management.
  • Data leakage control.
  • Threat hunting through EDR telemetry.
  • Include Intelligence.

Security supply chain monitoring

It is necessary not only to know our company’s security score through a third-party scorer, but also those of my suppliers and partners who make up the security value chain.

Resulting in a Digital Workplace management as an element of my business value chain.

Conclusion

It is understood that the incorporation of visions from different points of view such as Workplace, Cloud, IT Operations, Cybersecurity, etc. will mark a holistic approach to this, and where it is necessary to have technological partners who propose such approaches to their customers, either because they have experienced the union of Cloud, Cybersecurity and IoT as is the case of Telefónica Tech.

Leave a Reply

Your email address will not be published.