Securing a Hybrid Work Environment: The Worst of Both Worlds

Written by

With pandemic-fueled unpredictability likely to loom into the coming months, companies that just finished adapting to remote work are currently working on navigating the hybrid model. The first wave of rapid digital transformation took a toll on many organizations that prioritized keeping the lights on over maintaining security standards, and it’s imperative now that these companies don’t make the same mistakes a second time. As with all things unprecedented, establishing new protocols is paramount, meaning that historically fundamental security philosophies, beliefs and strategies have become antiquated. To embrace the new normal, security teams need to be prepared to tackle the most difficult challenges of remote work and in-office work - as well as risks created due to the amalgamation — all at once.

False Sense of Safety

One of the primary factors we can anticipate impacting hybrid security posture is that having even a small presence in the office creates a false sense of safety for many organizations. With some team members now tied back to the office network, employees might take a laxer approach to security behaviors. When everyone is remote and facing the same enemies, there’s a shared sense of heightened vigilance. With some folks back at home base, this feeling of mutual responsibility can disappear. As hybrid work proliferates, security teams need to shift focus from implementing temporary security controls to enable access to maturing the temporary controls — operationalizing them for long-term use with the organization. The initial shift to remote work should have indicated the dissolution of the perimeter. At this point, the focus should remain on securing data and users wherever they are.

Work and Personal Devices

Another element of hybrid work that will be critical in terms of security is the second significant coalescence of work and personal devices. With people accustomed to using these devices for work purposes for the better part of two years, they will inevitably make their way into the office. There are several risk factors here, aside from the obvious device sharing between family members at home. A recent survey from Palo Alto Networks discovered that organizations that allow for increased BYOD usage have employees over eight times more likely to ignore, circumvent or disable security than those who restrict BYOD. Companies need to prepare their security solutions and practices to account for the additional risks this will invite. Organizations may want to emphasize identifying unknown devices joining the network, determining ownership and ensuring proper security posture before allowing those devices.


First and foremost, as hybrid work becomes routine and the dust settles, companies need to ensure their security solutions are still addressing the right challenges. This point may sound elementary, but security was an afterthought for many organizations in the significant shift to remote work at the start of the pandemic. Too many did not realize that risk profiles become inherently different outside office networks. Security solutions were not modified to accommodate new dangers, priming the landscape for the onslaught of cyberattacks we saw this past year. As remote work turns into long-term hybrid work, risk profiles will be realigned again, and this continuous change can come at an unexpected cost — burnt-out security and IT teams. 

Thanks to nearly two years of constantly turning on a dime to make quick fixes to an ever-expanding remote attack surface while at the same time playing catch-up from hasty digital transformations, security professionals are exhausted. The major thing companies can do to prevent this is to determine what their updated risk profile looks like and invest in the right technology to address individual needs and new vulnerabilities. Once the proper automation technology has been implemented to limit alert fatigue, security teams will regain the time and energy to spend on mission-critical activities that will maintain their organization’s security posture should work environments evolve yet again.

What’s hot on Infosecurity Magazine?