, ,

The Keys to A Secure Hybrid Workplace: Embracing the New Work Model

By Kevin McCaney

The post-pandemic workplace won’t be anything like what government agencies have been used to. It won’t be bound to agency offices and in-house data centers, obviously, as most agencies had started digital transitions to one degree or another before COVID-19 hit. But it won’t be like the past year and a half, either, with so many employees working from home via whatever collaboration tools agencies could put in play quickly.

The hybrid environment most agencies will return to will be a different breed, requiring agencies to support employees working from anywhere and collaborating in hybrid groups involving the office, the home and any number of locations on the road. In June, the White House announced that the federal government would continue to offer flexible, hybrid working conditions post-pandemic. Many state and local government agencies will likely follow suit.

The first challenge an agency might face is whether to abandon some of its old practices and fully commit to operating a hybrid environment. It’s a decision with an organization-wide impact and should come from the top.

“It’s really going to be a policy question,” said Elton Fontaine, Director of Systems Engineering for Palo Alto. “If you’re going to embrace hybrid work, you need to now view it as a permanent, and not just a temporary, solution.”

Once that decision is made, agencies will add an IT strategy, which will have to address other challenges. That includes:

The employee experience. “The biggest challenge in a hybrid workforce is you have to deliver a consistent employee experience,” Fontaine said. Application performance, for instance, should feel the same whether employees are in the office, at home or connecting from a coffee shop. And they should feel the same whether the applications are hosted in an on-prem datacenter, a public cloud, or in an application repository. Consistency is essential to enabling collaboration regardless of employee location.

Security. Likewise, security has to be a consistent—and seamless—experience. If security steps are slowing down work, Fontaine, noted, even employees who aren’t tech-savvy suddenly become adept at disabling a virtual private network connection or skirting security procedures. An agency needs to ensure a consistent approach no matter where the user is located or where the applications and data are hosted, rather than shifting policies for different scenarios. “If you get to the point where you’re trying to make differentiated policies depending on these various locations, you’re already losing the battle,” Fontaine said.

The talent gap. A hybrid work environment will depend heavily on integrating cloud and on-premises operations. Most agencies lack the in-house expertise to cover every aspect, nor do they have the automated tools that can take some of the burden away from IT staff.

Solution: A Foundation of Zero Trust

Agencies looking to effectively manage a hybrid work environment should consider making several key elements part of their policies.

Consistent Security through Zero Trust. In a hybrid environment, a consistent experience depends on consistent security. A zero trust model, which recognizes that trust is a vulnerability and focuses on authenticating users and devices continually, can provide consistent application of security controls regardless of a user’s location—and do it without hurting the user experience. Zero trust not only increases security substantially, but it increases productivity as well. Its features include:

  • A zero trust architecture
  • Next-generation firewalls
  • Identity and device management
  • Enhanced security

Many agencies already have identity management programs in place and have often talked about moving toward zero trust. They may already have many of the tools they need in place, and just need some guidance to get there. “I think people are not as far away as they think,” Fontaine said.

Automate. Managing a hybrid workforce across an environment that involves multiple clouds and on-premises data centers will rely heavily on automation tools. Integrating an automated solution can make zero trust as dynamic as the enterprise, while handling tasks that could be too big for IT staffs to handle on their own. It’s also critical to managing the expanding use of the Internet of Things. “You’re offloading the administrative burden, and you’re making it tenable to sustain an agency-wide security strategy,” Fontaine said.

Training and Collaboration. Learning and development programs will become more important in a hybrid work environment as an essential tool for supporting employees and their career trajectories. And collaboration involving multiple settings (home, office and hotel rooms) will be the lifeblood of an organization. Agencies need to have the policies and tools in place to support employees under any circumstances.

This article is an excerpt from GovLoop’s report, “The Keys to a Secure Hybrid Workplace.” Download the full report here.

Leave a Comment

Leave a comment

Leave a Reply