FLEXIBLE BUT NOT VULNERABLE: SUPPORTING REMOTE WORKFORCES

INTRODUCTION

Businesses are beginning to accept that our current operating environment, defined by distance, is not a fleeting affair. The seemingly immutable practices that defined the way businesses interacted with each other and their employees have been upheaved on a global scale, creating new behavioral and structural precedents such as recruitment beyond proximity that bear ongoing commercial significance.

The reflexive, near-instinctive steps that businesses took to enable remote workplaces following the onset of the COVID-19 pandemic are falling under heavy scrutiny as the longevity of these practices and the value they yield becomes apparent.

Enterprises reflecting on the lasting business case for remote work are confronting the redundancy of legacy perimeter defence methods as the parameters for effective cyber-security recentre around identity. Security threats are compounded by behavioural and processes challenges that stand in the way of employees reaching their full potential under a mandatory remote work regime.

In response to these challenges, OKTA recently arranged for leading digital professionals from all sectors of the national economy to virtually interface on the current state of work. Their conversation illuminated shared challenges around securing remote workplaces and revealed strategies for empowering a truly flexible workforce. This is what they had to say.


SECURITY CHALLENGES: IDENTITY AND ZERO TRUST

The context for work has evolved as companies become physically dislocated from their employees. The firm’s digital footprint has ventured outside familiar perimeters to lay tracks in new territory, and security vulnerabilities are the corollary for this mobility.

The parameters for secure work are fundamentally shifting: attack vectors are being remapped to directly target home environments; employees risk becoming apathetic towards, or at the least unsure of, expectations around data handling and remote information exchange; and the danger of disenfranchised individuals becoming antagonists of security breaches is amplified by reduced visibility across remote work locations.

The sheer scale and speed at which businesses adopted blanket remote work policies, while necessary, has amplified these threats considerably. To operate with confidence in this new commercial landscape, businesses must ensure that information is being viewed by relevant parties in unquantifiable locations and across unseen devices. This is an imposing but surmountable challenge, provided businesses can recognise the vital role identity plays in ensuring that workforces do not introduce vulnerability to the workplace.

Identity empowers businesses to abandon perimeter defense methods in favour of zero trust principles. By bringing the strongest representation of security to the user, wherever they may be, businesses can allow the right people with the right access to the right resources in the right context. The effectiveness of identity as the foundation for an enforceable security policy hinges on the fact that cyber-security antagonists only succeed when they compromise identities – every attack is levelled through some form of compromised identity.

Businesses will only succeed as defenders and build their security posture in meaningful ways when they drive past passwords to secure identities. Identity is the child of context – by continually assessing location and actively managing devices, businesses can generate a unique profile of characteristic behavior. These profiles can then be leveraged to make immediate and informed decisions around when and how certain applications are being accessed.


BUSINESS CHALLENGES: A BROADER PERSPECTIVE ON FLEXIBILITY

Flexibility has been subject to many varying corporate interpretations. In too many business cases, flexibility has become synonymous with remote work policies that enable employees to engage with the company on personalised terms. While this definition carried some weight prepandemic, it is of little differential utility now that entire industries have been forced to abandon their offices and routines. Instead, it may be helpful for businesses to think of flexibility as the practice of empowering people to realise the full value of their skills.

It is important to recognise that remote work on the scale we are currently witnessing poses several behavioural and processes challenges that can inhibit employees from realising their full potential in line with this broader painting of flexibility. Businesses that apply a service design lens to their actions to counter these challenges will be in a stronger position to compete when our operating environment corrects, and employee choice once again becomes a factor in remote work practices.

Beyond software requirements and hardware limitations, one of the most immediate challenges tied to remote work has also proved to be the most obstinate: being remote first makes it incredibly difficult to be present. Physical separation always threatens to fester into isolation, not only from colleagues and friends but from the company’s mission that serves to connect, inspire, and motivate action.

When combined with any number of external market pressures threatening job security, it becomes very difficult for employees to sustain performance let alone generate momentum for new initiatives under the spectre of disconnection. This mindset affecting relatability is not sustainable from an individual or business perspective, and stems from the fact that the rituals of a physical workspace do not naturally translate to virtual environments.

Constant, two-way dialogue an interactive experiences have emerged as favourable remedies for stagnation from separation, with many businesses reporting a spike in virtual team events that serve to channel information up and down the corporate hierarchy. When well executed, digital engagements are an effective vehicle for both incentivising action back to core values as well as aligning employees behind a shared mission. Constant dialogue is not without its own dangers, including the erosion of the line between professional and private life.

For some businesses, the fact that the boundary between work life and private life is collapsing is being celebrated an opportunity for greater authenticity, connection, and representation, particularly as employee generated video content gathers momentum as an effective vehicle for both communication and development. It is thereforecritical that leaders reassess the communication strategies and business processes that surround remote work to better support, connect, and enable employees.


CONCLUSION

The swift transition to remote work practices has had a sweeping impact on the security posture of Australian businesses. The inefficacy of legacy perimeter defense methods is being cast into stark relief as businesses move to enable a set of technologies built on identity that aspire to a flexible workforce. But the challenges of supporting a remote workforce extend beyond security.

To empower a truly flexible workforce, businesses have had to reengineer processes and adopt new modes of communication to connect and inspire otherwise disparate employees. It is fair to say that our current businesses climate is defined by a crisis of identity, in terms of both security and wellbeing. The ability of businesses to defend the identity of their employees in this wholistic sense will prove consequential for success in the uncertain times that lie ahead.

Email molita.coelho@okta.com to schedule a meeting and learn more about Okta.

PRACTICAL APPROACHES TO HOSPITAL CYBER SECURITY

INTRODUCTION

Technological decisions within the Healthcare sector have long been guided by risk aversion principles. Digital transformation was perceived as an unnecessary risk to established methods of care provision. But now, as legacy systems slow down organisations and pose increasing risks to cyber security, hospitals can no longer be complacent. In the pursuit of improved patient outcomes and mitigation of an increased volume and sophistication of cyber-attacks, leaders are confronting the technological debt and are moving away from the infrastructure dependencies weighing down the sector.

Hospitals are now making bold strides towards interoperability, turning to cloud technology to create hybrid-environments that enhance business performance as well as the patient journey. But as the operating and technological environment shifts, so too does the attack surface. Given both the value and sensitivity of the patient information that hospitals hold, as well as the essential nature of the services they render daily, security risks must be met proactively.

To help address this issue, Akamai hosted healthcare executives from across the public private divide for a candid, virtual conversation on the practical steps hospitals can take to advance their security posture. Their conversation unearthed several shared challenges, as well as aligned opportunities. This is what they had to say.

 

THE OPPORTUNITY

Cloud technology is providing hospitals with greater flexibility, scalability, and efficiency than existing on-premise infrastructure. Legacy IT systems were implemented at a time when hospitals were only required to support patients whilst they were physically within the hospital. These days, patient data is no longer stored in a file on the premises but held across multiple practitioners’ systems, across multiple organisations and even by the patient themselves with the rise of wearable devices such as smart watches that collect a patient’s health data.

Patients also expect far greater service both prior to an admission and for after-care, so the patient journey is no longer confined to within the walls of the hospital itself. To meet this challenge, hybrid environments are emerging as the preferred model that deliver both a superior experience and better controls to secure patient data.

 

THE CHALLENGE

The move from legacy infrastructure to hybrid-cloud environments exposes hospitals to an array of cyber-security risks.  As hospital environments evolve and establish new connections, the attack surface available to attackers shifts.  To enable interoperability, devices and systems that sit outside of the existing network perimeter defenses must be able to talk securely with the cloud. Each device, every link, represents a potential vulnerability that must be protected from an array of threats, from DDoS attacks and credential abuse to emerging, more sophisticated, attack vectors formulated by state actors.

 

BUSINESS IMPLICATIONS

The volume, sophistication, and successs of attacks directed at healthcare organisations is climbing steadily. The value of patient data, combined with the relative unpreparedness of the sector to protect data assets, largely accounts for this increased severity of attacks. The rapid rise of electronic medical systems and interoperability requirements has rendered previous methods of storing data behind firewalls and allowing minimal traffic from the internet to get into the network ineffective.

As a result, hospitals must now address two opposing challenges; improving their security in the face of more frequent, and sophisticated attacks, whilst simultaneously creating portals for patients and healthcare providers outside the network to securely access that same data. To overcome cultural resistance and build change momentum, security leaders must effectively articulate the specific ways that digital transformation will not only improve the delivery of patient outcomes and secure data but shift budgets from CAPEX to OPEX.

 

RECENT DEVELOPMENTS

One path for extending the patient journey is telehealth, which has the potential to fundamentally transform the healthcare landscape. Naturally, the unique characteristics of the nation’s geography hinders the provision of care in remote communities. The technological capability to bypass these limiting environmental characteristics is a crucial step towards revolutionising the way patients interact with the sector. But the potential of telemedicine services to improve patient outcomes extends beyond applications in rural locations.

Patients in all locations and at all stages on the continuum of care will benefit from the sector raising its telepresence. Historically, the unwillingness of both private health insurers and Medicare to extend coverage for telehealth has limited the market and by extension the efficacy of telemedicine services.  However, the ongoing pandemic has served as a catalyst for accelerating investment in telehealth, prompting healthcare providers and insurers alike to begin disassembling physical barriers to care delivery. It would be surprising if the sector constricted rather than accelerated its telepresence as our operating environment begins to correct.

 

CONCLUSION

A significant amount of technical debt has accrued in hospitals due to the healthcare industry’s historical reticence to embrace digital transformation. Hospitals are now accelerating projects to regain control over their networks and data. By curating hybrid environments with cloud delivered security controls, hospitals are improving patient outcomes while providing greater protections over health information.

By keeping bad actors at the edge, they can never reach and overburden the hospital’s data centre. Healthcare leaders must remain proactive and diligent as digitisation extends the patient journey beyond the physical hospital site. The security landscape will continue to evolve – new threats will emerge, and old threats will resurface – but with the help of trusted security partners and technologies, hospitals have the potential to radically improve their cyber security postures and the patient experience.