Security and HR teams need to work together in a hybrid work world

Watch the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers. Watch now.


Hybrid working is the new normal. The COVID-19 pandemic accelerated distributed workforce trends that were already well underway thanks to the agility of cloud computing, a key aspect of digital transformation. Now employees of most companies expect to perform their work optimally from anywhere, using the devices of their choice.

Hybrid job expectations include:

  • Fast, secure access to corporate resources wherever employees are, including seamless transitions in and out of the office network and access to on-premises and cloud resources.
  • Being able to use any device (i.e. a personal iPhone or iPad or a work laptop) from anywhere – at home, at work, in a cafe, on an airplane – while having the confidence that security controls are in place.
  • Less (or no) time spent commuting and no friction when requesting the resources they need to do their jobs effectively.

Robust support for hybrid work isn’t just about happier, more productive employees. It is also directly related to growth. Companies traditionally crippled by talent pools tied to office locations now have access to the best talent in the world, regardless of location. And a recent one Accenture study noted that nearly two-thirds of high-growth revenue companies are now embracing fully hybrid workforce models, and that employees themselves prefer a hybrid model — rather than a prescribed “in the office, out of the office” model — 83% of the time. Now and for the foreseeable future, retaining talent has made embracing hybrid work not only a good thing, but also a matter of competition and survival.

Netskope’s chief people officer, Marilyn Miller, and I see this current environment as a huge opportunity for security and technology teams to become much more strategically aligned with human resources teams, also known as people teams. There has long been an important relationship between these corporate functions, and creating a culture of cyber awareness – where security responsibilities are known and practiced by all employees – has been a priority for Global 2000 companies for at least a decade. But in the hybrid work era, this relationship between security and HR needs to go far beyond working on cyber culture and assessing employees’ risks “on their way in” (when they join the company) and “on their way out” ( when they leave).

Event

Intelligent security stop

On December 8, learn about the critical role of AI and ML in cybersecurity and industry-specific case studies. Register for your free pass today.

register now

The evolution of this relationship should not be overlooked in the rush to create functional hybrid work environments. Forward-thinking teams are already using their shared mission—both security and HR teams are invested in protecting sensitive data—as a way to start that evolution. I asked Marilyn to work with me on a shared set of suggestions for how security and HR/people teams can work better together.

The modern security team meets the modern people team

Remember: the security and HR leaders of 10 years ago were not dealing with the current generational shift of hybrid work. Talented employees today may feel less connected and therefore less loyal to employers, due to shifts in employer ownership due to mergers and acquisitions, or being in remote-first environments with limited physical connections to employers and managers . There are many other reasons as well, most of them newer challenges that have forced employers to question their people management playbooks. This shift is also the perfect time to reexamine the role technology plays, including what security teams need to do to keep up.

Our conversations with our colleagues in technology and HR organizations suggest that the relationships between security and HR teams have a long way to go to become truly strategic. Here’s some actionable advice on how to accelerate and strengthen that collaboration:

Get your visibility back and invest in modern data protection

In a previous generation, critical business data resided within the corporate network, easily monitored. Today, data moves and can be accessed from anywhere, not least because of the explosion of cloud and SaaS applications – many of which have not been approved by corporate IT teams – used by the enterprise. This shift has left organizations using legacy security and networking technology behind and can no longer monitor what their employees are doing with data, let alone interpret the context in which they are trying to access data.

Modern technology frameworks such as Secure Access Service Edge (SASE) prioritize data protection appropriate for an era where cloud applications dominate business. Teams need to invest in this technology to regain insight into what happens to their data. The best solutions provide forensic investigation and insight into questionable employee behavior—not just the explosion of business data traffic in personal apps coming in during the last 30 days of employment, but the more subtle signs that employees have moved important company data to personal cloud applications, perhaps for much longer than a few months. Modern data protection – remember that shared mission! — is achieved when security controls follow data wherever it goes and access to data is determined by the context in which access is requested.

Using security as a cultural facilitator

The security team has been the department of ‘No, you can’t’ for so long. But forward-thinking teams are now using real-time (or just-in-time) coaching techniques—enabled by advances in data protection AI—to help employees adopt safer behaviors. For example, when an employee appears to be entering sensitive information, such as a social security number, into a website prompt, or sending screenshots through staff applications such as Slack, solutions may pop up and prompt the employee to ask questions (not automatically block). the activity.

This is both a cultural shift and a technological shift. Security teams see this as an example of what technology can do to control risky behavior. HR teams understand it as an employee experience benefit. Combining the thinking of those teams creates a powerful demonstration of culture: “We’re here to help you and narrow down your experience to make your job and the time you spend here better.” It also offers the company more protection than hoping employees remember cyber awareness training.

Insist on accountability

Sometimes there is a fine line between “Big Brother” style employee surveillance (“We’re Watching You”) and creating a balance of trust between employees who can work anywhere who are no longer careful with company assets or become absent about safety hygiene, making sure that questionable behavior is not monitored while they are at home or at the local coffee shop. When security and HR both preach that everyone can embrace hybrid work, teams feel more connected and malpractice is minimized. When trust is breached, leadership must also speak with one voice and address breaches quickly and specifically.

Cooperation between security and HR is necessary

One final note: This new and better collaboration between security teams and HR will inevitably change the way both teams hire. You will need more people – especially senior leaders – who can act independently and who can “shift into high gear” when it comes to managing a workforce that is both diverse and dispersed.

Spend more time during your hiring interviews to find out if your future employees are thinking about these challenges for a hybrid working age, or if they are just trying to graft old-school thinking into the way we live and do business today. It will save you significant time and management headaches if you identify and prioritize forward-thinkers who want to solve current and future talent retention challenges and see technology solutions as going hand-in-hand with workforce culture and employee experience.

Jason Clark is Chief Strategy Officer and Chief Security Officer at Netskope.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers

Add Comment