Security and HR teams must work together in a world of hybrid work

Check out the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by enhancing and scaling citizen developers. Watch now.

Hybrid work is the new normal. The COVID-19 pandemic accelerated distributed workforce trends already underway thanks to the flexibility of cloud computing, a key aspect of digital transformation. Employees at most companies now expect to be able to perform their jobs optimally from any location, using the devices of their choice.

Hybrid work expectations include:

  • Fast, secure access to corporate resources from wherever employees are, including seamless transitions in and out of the office network and access to on-premises and cloud resources.
  • Being able to use any device (i.e. personal iPhone or iPad or work laptop) from anywhere (home, work, coffee shop, plane) while trusting that security checks will be there.
  • Less (or no) time spent commuting and frictionless in requesting the resources they need to do their jobs effectively.

Strong support for hybrid work isn’t just a means to happier and more productive employees. It is also directly correlated with growth. Companies traditionally hampered by talent pools tied to office locations can now access the world’s best talent, regardless of location. And a recent Accenture study noted that nearly two-thirds of high-revenue-growth companies are now embracing fully hybrid workforce models, and that workers themselves prefer a hybrid model, rather than the prescribed “in the office here, out of the office over there.” ” model — 83% of the time. Today and for the foreseeable future, talent retention has made taking up hybrid work not just good business, but a matter of competition and survival.

Netskope’s director of human resources, Marilyn Miller, and I see this current environment as a great opportunity for security and technology teams to align much more strategically with human resources teams, also known as people teams. There has long been an important relationship between these corporate functions, and creating a cyber-aware culture, where all employees know and practice security responsibilities, has been a priority for Global 2000 companies for at least a decade. But in the age of hybrid work, this relationship between security and HR must go far beyond working on cyber culture and assessing the risks of employees “on the drive-thru” (when they start at the company) and “ on the way out” (when they leave).


smart security summit

Learn about the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.

Register now

The evolution of this relationship should not be overlooked in the rush to establish functional hybrid work environments. Forward-thinking teams are already using their shared mission—both security and HR teams are committed to protecting sensitive data—as a way to jump-start that evolution. I asked Marilyn to work with me on a shared set of suggestions for how security and HR/people teams can better collaborate.

Modern security team meets modern people team

Remember: HR and security leaders 10 years ago weren’t dealing with today’s generational shift of hybrid work. Today’s talented employees may feel less connected, and therefore less loyal, to employers following changes in employer ownership caused by mergers and acquisitions, or by being in remote-first settings with limited physical connections to employers and managers. There are plenty of other reasons, too, and most are newer challenges that have forced employers to question their people management playbooks. This shift is also the perfect time to re-examine the role technology plays, including what security teams need to do to keep up.

Our discussions with our peers in technology and HR organizations suggest that relationships between security teams and HR have a long way to go to become truly strategic. Here are some practical tips on how to speed up and strengthen that collaboration:

Reclaim your visibility and invest in modern data protection

In a previous generation, critical business data was within the corporate network, easily protected. Today, data moves and is accessed from everywhere, due in large part to the explosion of cloud and SaaS applications, many of them unauthorized by corporate IT teams, used by the enterprise. Because of this shift, organizations using outdated network and security technology have been left behind and can no longer monitor what their employees are doing with data, let alone interpret the context in which they seek to access data.

Modern technology frameworks, such as Secure Access Service Edge (SASE), prioritize data protection appropriate for an era where cloud applications dominate business. Teams must invest in this technology to regain visibility into what is happening with their data. The best solutions offer forensics and insights into questionable employee behavior—not just the explosion of data movement from company to personal apps that occurs in the last 30 days of employment, but also the subtlest signs that employees Employees have been transferring important company data to personal cloud applications. cases, perhaps for a period much longer than a few months. Modern data protection: remember that shared mission! — is achieved when security controls follow data wherever it moves and access to data is governed by the context with which access is requested.

Using security as a cultural facilitator

The security team has long been the “No, you can’t do that” department. But forward-thinking teams are now employing real-time (or just-in-time) training techniques, powered by advances in data protection artificial intelligence, to help guide employees toward safer behavior. For example, when an employee appears to be entering sensitive data, such as a social security number, into a website notice or sending screenshot images through workforce apps like Slack, workarounds can pop up and make the employee ask questions (do not automatically block) the activity.

This is as much a cultural change as it is a technological change. Security teams see this as an example of what technology can do to manage risky behavior. Human resources teams understand it as a benefit to the employee experience. Bridging the minds between those teams creates a powerful display of culture: “We’re here to help you and take the risk out of your experience to make your work and the time you spend here better.” It also provides more protection for the company than expecting employees to remember cyber awareness training.

Insist on accountability

Sometimes there’s a fine line between “Big Brother”-style policing of employees (“We’re watching you”) and creating a balance of trust between employees who work from anywhere and are no longer careful with company resources or are increasingly distracted safety and hygiene, confident that no questionable behavior is observed while they are at home or at the local coffee shop. When security and HR are preaching enablement for everyone to embrace hybrid work, teams feel more connected and dishonest behavior is minimized. When trust is violated, leadership must also speak with one voice and address violations quickly and specifically.

Collaboration between security and human resources is essential

One final note: This new and better collaboration between the security and HR teams will inevitably change the way both teams hire. You will need more people, especially senior leaders, who can act independently and who can step up to speed when it comes to managing a workforce that is diverse and spread out.

In your hiring conversations, spend more time finding out if your potential employees are thinking about these challenges for a hybrid work era, or just trying to graft old-school thinking into the way we live and do business now. You’ll save a lot of time and administrative headaches by identifying and prioritizing forward-thinkers who want to solve today’s and tomorrow’s talent retention challenges and considering that technology solutions go hand-in-hand with workforce culture and organization. employee experience.

Jason Clark is Netskope’s chief strategy officer and chief security officer..


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data technicians, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read more from DataDecisionMakers

Leave a Comment