The security leader’s guide to the connected workscape

71% of security leaders say remote work has been their biggest challenge

At the start of the pandemic, most people thought they’d be back in the office after a few weeks of remote work. Now it’s clear these predictions were pretty far off.

Nearly half (45%) of the companies that moved to remote work in 2020 adopted new technology to help them transition. With business continuity at stake, many organizations rushed to implement new tools but skipped typical security screenings. As a result, organizations have wound up with disjointed technologies that are expensive to maintain and inefficient to use. Worse still, the lack of integration between new and existing tools has exposed these businesses to costly security risks.

Security leaders must confront these challenges to strengthen their company’s security posture in the short and long-term. They need to create processes to screen new technology for safety and compatibility. And they must ensure their tools are integrated and operated according to security standards. This guide is designed to prepare security leaders to govern critical company technology in a secure and scalable way.

[1] Lovejoy, K. (2020). COVID-19: How future investment in cybersecurity will be impacted. EY. Retrieved from: https://www.ey.com/en_us/consulting/how-the-covid-19-pandemic-is-impacting-future-investment-in-security-and-privacy

1. What is a “connected workscape”?

A connected workscape is an integrated network of systems and tools that enable secure and productive work. For employees, a connected workscape improves remote and in-office collaboration and promotes efficiency. For security teams, it cuts complexities that make their organizations’ security vulnerable. Integrations are particularly important to companies that have a hybrid work model. At these organizations, employees have the flexibility to work in or out of the office. Technology is critical to keeping their teams connected and their work moving forward.

The value of an integrated workscape

Hybrid work requires security standards to evolve. Reducing application and system complexities is one way to tighten your company’s security. Here are some operational and security benefits of integrating your workscape technology:

  1. Cost-efficiency
    There are upfront costs to building an integrated workscape. A few examples include purchasing, installing, and maintaining your systems and tools. While these costs can run high, they don’t compare to the price of a security breach, which can include:
    – Loss of business
    – Replacement of damaged equipment
    – Investigation management
    – Reputational damage
    – Downtime
  2. Tools “talk” to each other
    When your systems and tools connect, your business can operate with more agility, focus, and speed. Consider, for example, visitor management and access control systems. These tools can work together to alert people when an office has reached its capacity. This can trigger a notification to your workplace and security teams and turn off people’s ability to enter the office.
  3. Mobile connectivity
    In an integrated workscape, the employee experience isn’t bound to a physical location. By synching the right tools, people can do their work from anywhere—even their phones. They can communicate, retrieve documents, access the office, book meeting rooms, and more. For employees, this means the flexibility to work from anywhere. For your security team, integrations add a layer of protection that’s crucial in a mobile-first world.
  4. Ease of use for admins and employees
    Integrating workplace tools streamlines workflows and helps employees operate more efficiently. Fewer barriers result in less time switching between tools to do manual tasks and retrieve data. With the ability to find and analyze data with ease, admins and employees can make decisions faster. This can have a significant impact on your organization’s costs.
  5. A better understanding of your work landscape
    When your company’s technology works together, it’s easier to predict, diagnose, and tackle issues. You can also get a “big picture” view of your work landscape and draw insights to make decisions that improve your security programs. For example, you can spot trends in your organization’s visitor data so you know when to scale up your security.

By synching the right tools, people can do their work from anywhere—even their phones.

Workplace tools that support hybrid work

There’s no “one size fits all” technology stack for hybrid work. You should consider what you’ll need for remote and in-person collaboration and communication. These tools should integrate to improve your company’s efficiency, agility, collaboration, and security. Here’s a quick look at some of the workplace integrations companies love:

Workplace security

For hybrid organizations, controlling workplace access helps mitigate health risks and security breaches. These integrations will:

  1. Allow employees to schedule office visits ahead of time
  2. Grant the right access to guests and employees
  3. Collect visitor records
  4. Send security alerts
  5. Deny entry to unwanted visitors
  6. Provide insights on who’s on-site during an emergency or evacuation
Logos for Building Security Integrations including Brivo, Lenel, Honeywell, Everbridge, Kisi, and Openpath

Notifications

As companies scale, the ability to communicate effectively becomes more important. This is especially true for organizations with a hybrid work model. They might have thousands of employees worldwide with flexible work schedules. Integrating technology with your communication tools help streamline communication between employees. As a result, they don’t have to jump from platform to platform to work effectively. Integrations also assure security teams that business discussions happen on secure platforms.  

Logos of notification apps including Slack, Microsoft Teams, Office 365, Zoom, Skype, and Google Chat

Wi-Fi

Granting visitors access to your company’s Wi-Fi can help them access the online information they need for a productive visit. From a security standpoint, however, this could leave your organization susceptible to risk. To grant safe access, workplace platforms should provision a unique Wi-Fi network to visitors upon check-in.

List of logos for wifi integrations including Aruba Clearpass, Cisco ISE, Cisco Meraki, Mist, Ruckus, and Unifi

Directory services

Most enterprises use a directory service to manage employee details. Integrations allow organizations to sync employee details across different systems. This prevents having to store this information in different tools. For example, a company might integrate its directory with its employee registration and access control systems. By connecting these tools, the company doesn’t need to re-upload employee information to various places. It also makes it easy for security teams to see who should and shouldn’t have access to the workplace at any given time.

Logos of popular Directory Service integrations including Okta, Microsoft Active Directory, One Login, SAML, Google, and Microsoft Azure

File storage

File storage integrations help automatically save important documents to a select storage destination. These can include legal documents, sensitive company information, and health and safety waivers. Automating the file storage process prevents critical documents from getting into unwanted hands. It also allows you to manage your most important documents from anywhere.

Logos of popular file storage integrations including Box, Docusign, Dropbox, Google Drive, and OneDrive

HR and recruiting

HR and recruiting teams rely on hiring, payroll, insurance, benefits, and retirement tools. Integrating these tools helps employees engage with job candidates, new hires, and employees. This is also an important part of building a positive brand impression to attract top talent.

Sales and marketing

A connected workscape enables teams across the organization to share relevant information. For example, say an organization’s sales team hosts an event and garners a list of attendees. With the right tools, anyone who signed into the event can be automatically added to an email list so the marketing team can engage them after the event.

Many other tools can help facilitate a connected workscape. Prioritize the tools that are critical to your company. Remember: technology should reinforce your security, not compromise it.

"We’re looking at evolving and automating security controls to reduce friction for employees. They should be able to enter [the workplace] where they need to enter, and it should be very clear where they shouldn’t be going."

STACY SUMMERS
AVP, Business Continuity Management, Emergency / Crisis Management and Physical Security Molina Healthcare
Envoy webinar: Executive leaders discuss hybrid work security

2. Ensuring your technology meets hybrid security demands

Your company should assemble its technology stack strategically to meet evolving security requirements. It’s important to involve your security team in this process, especially in the age of flexible work. Teams are distributed between office spaces and remote locations. As a result, they use a range of devices and tools that can pose significant security risks if not secure.

This puts security leaders in a tough spot. On the one hand, your team must secure the cyber and physical workspace. On the other, your team faces pressure to do this without interfering with employee productivity. Rather than always saying “no” to tools and processes that may pose a risk, you must find ways to help your business move forward. Reducing application and system complexity is one way to say “yes” to some of these tools while ensuring employees use them securely.

Reducing application and system complexity ensures employees can move work forward securely.

How to evaluate your current stack

Assessing your technology ecosystem is the first step to securing it. To do this, you need to understand where your organization is in its integration maturity. This will help your team define the steps it should take to prepare your technology for hybrid work. Here are some key stages:

Early stage

Your organization hasn’t created a process to regulate its technology and still does some critical work manually

Your company could be in the “early” stage if it has limited processes for regulating its technology. For example, your workplace team uses several tools across locations and doesn’t have a standardized process for using them. They might even use a pen and paper sign-in sheet to check in visitors. After evaluating these tools, your team concludes they don’t meet your security requirements.

In the early phase, your team should define its workplace security requirements. To do this, develop a test plan that helps you score different tools that are critical to your business. You’ll use these requirements to score your company’s current tools up against other options in the market. The goal is to find the technology that best suits your company and meets your security standards. Also, consider what your organization is doing manually, such as pen and paper sign-in. The ideal tool may offer a solution that automates—and secures—these manual processes.

An example decision matrix your team could use to score solutions might look like the chart below. Some criteria to consider include:

  1. Cost
  2. Service-level agreement
  3. Contract length
  4. Ease of termination

Your team should work with the administrators of these tools to agree upon possible replacement tools to compare.

Illustrated spreadsheet showing an example of a decision matrix in action

Growth stage

Your organization has made significant technology investments but its ecosystem lacks oversight

Your organization may be in the “growth” stage if overseeing your technology stack feels cumbersome and hard to manage. For example, after some investigation, you learn that your company is paying for multiple tools that provide the same service. Or maybe you’re paying for tools that aren’t used. Auditing your technology stack will help uncover inefficiencies that cost you time and money.

Start by categorizing your vendors. Include the systems and tools that would ideally make up each category. For example, you might have a “Communication” category that includes Slack, Zoom, Google Chat, and other tools. Once you have a comprehensive list, conduct internal interviews with administrators. Ask questions to understand how (or if) they use each tool. Find out:

  1. How often they use a tool
  2. Whether it integrates with others in your stack
  3. What kind of impact losing it would have on their work
  4. If there are alternative solutions

The answers to these questions will help your team get rid of unused or surplus vendors. They’ll also ensure your company’s technology meets your security requirements. Planning for the long-run will help prevent having to switch vendors as your technology stack evolves.

Mature stage

Your organization’s technology ecosystem is well-managed and regularly optimized

Your technology ecosystem may be in the “mature” stage if you’ve already performed and taken action against a full audit. As a result, you have a good understanding of the tools your business needs to operate. You also have security and integration criteria to evaluate future tools. Your team feels your technology stack is well-managed and can focus on upkeep rather than major improvements.

In this stage, you should focus on making sure your technology meets future security requirements. For example, your company may adopt a long-term hybrid work model. If so, it could require new technology down the line. Work with stakeholders who will use these tools to identify options. Be sure to focus on ones that will integrate with your current ecosystem. You can use the matrix template above to evaluate different technologies.

3. Getting your organization on board with adopting new processes

Once you’ve evaluated your integration maturity, your next steps should be clear. Depending on your assessment, you may need to add, change, or remove tools. Prepare for push back; these decisions may change people’s day-to-day work. Don’t worry. There are several ways to approach getting buy-in from employees.

Communicate openly and find champions

The work your team is doing is necessary to your organization’s long-term growth and security. But be sure to stress that it also benefits employees by enabling them to work more efficiently across different tools and devices. Being clear about this will help your team find champions who will advocate for the changes you need to make.

Be transparent with employees, especially the ones who’ll be most affected and who might experience friction. They should know why you’re making the changes, how it will benefit them, and have the opportunity to ask questions.

Be transparent with employees, especially the ones that will be most affected.

Educate and create helpful resources

Don’t just announce changes. Provide resources to help employees learn more about your strategy and goals. Partner closely with workplace teams to decide what to communicate. You can share this information as knowledge base articles, wiki pages, shared drives, and video tutorials. Be sure to distribute these resources across your company’s main communication channels.

Dedicated training sessions are a great way to introduce employees to new technology and help them feel excited about the possibilities. Set up times to meet with individual teams, walk them through the technology, and answer their questions. If you don’t have the resources to host smaller groups, consider an all-company workshop.

Ask for feedback and iterate

Workplace technology and the integrations that support it don’t affect everyone every day. But they do impact everyone at some point. Make sure you ask for feedback and listen openly to the responses you receive. This can come in the form of online surveys or in-person feedback. Cast a wide net to ensure you have a balanced list of responses. Don’t make decisions off the thoughts of a few people who feel strongly and try to incorporate a large group of users.

Training sessions are a great way for employees to get excited about new technology.

4. Expect more change as the workscape becomes more deeply connected

Security teams face an uphill battle of evolving their programs for hybrid work. Fortunately, app fragmentation is an avoidable security risk. Managing your organization’s application landscape supports business continuity and enforces your physical and cyber security. This can include legal risks, reputational damage, and threats to employee safety.

MailChimp’s multi-layered security approach:
MailChimp is a company that takes its security seriously. Its multi-layered security approach includes requiring employees to pre-register their guests. Before this, employees would email the office management team and say, “I’m expecting these guests.” This made it impossible to track and prepare for visitors. Now, Mailchimp’s visitor management and internal messaging systems are integrated. When a guest is pre-registered, they automatically receive an email with helpful arrival information. Connecting these tools ensures MailChimp’s security measures don’t compromise its visitor experience.

Effective security requires a multi-layered approach. These layers perform best when they work well with each other. As you add to your stack, prioritize tools that integrate with the ones you have to reduce complexity. Here’s a shortlist of technology to keep on your radar as workplaces continue to evolve:

Wayfinding

Wayfinding technology helps virtually guide people through your office. It’s used to find meeting rooms, employee desks, restrooms, kitchens, exits, and more. This will become more important in the hybrid workscape, as employees have the flexibility to work from new and remote offices.

Smart screens

Screens create dynamic, digital environments perfect for sharing critical information. They may display the latest sales numbers, new hires, and upcoming events. Screens can also present company roadmaps, mission statements, and core values. And if there is a crisis, they can automatically present emergency information.

Occupancy sensors

Sensors are becoming a workplace security standard. They tell you how many people are in your office or meeting rooms at any given time, providing actionable data for workplace and security teams.

Simulated community

Virtual avatars in simulated meeting rooms and workspaces allow employees to engage with each other. These tools also extend company culture outside of the physical workplace. This is especially valuable to hybrid organizations.

Synchronous collaboration tools

Digital whiteboards make it possible to brainstorm, plan, map, and discuss important work. Remote employees need spontaneous interactions and opportunities to collaborate in the same “room.”