Sundaram Lakshmanan, CTO of SASE Products, Lookout, Inc.
getty In a cloud-centric world, the line between work and life has blurred. In one moment, you could be reviewing corporate documents, and in the next, managing personal finances, all from the same device. While this has made work more flexible, it has also created challenges for data security and IT teams. Traditionally, data protection solutions centered around everyone using corporate-issued laptops and working inside offices, where perimeter-based tools can monitor all activities. But with the shift to hybrid work and cloud services, users can work from anywhere. Whether it's executives of the company or its employees, people are increasingly using personal mobile devices and open, insecure Wi-Fi networks as part of their hybrid work out of convenience. To truly empower hybrid work, while also protecting data, organizations need to understand this new way of working and adapt their security approach. Rather than provide allow-deny access, focus on data and the surrounding events, including user behavior, the health of the device being used, what app is needed and the sensitivity of the data they're looking to access. Not only does this shift increase the efficacy of protecting data in a hybrid work environment, but it will give security the agility to become a business enabler.
Historically, IT and security teams have been dubbed the 'office of no.' Whether it was the location, the type of device or the apps they can use, employees were asked to work a certain way. Now that hybrid work has become permanent, it is no longer feasible to ask employees to adhere to these rigid policies. Workers have become accustomed to working from anywhere and using their personal devices, rather than corporate-issue endpoints. This flexibility has become expected and standard in the modern workplace. In the past, data security was maintained by having separate devices. Many people had a work computer or phone and a personal device. Now, it's all happening on the same device, which means IT departments have to change how they protect corporate data. To increase the efficacy of your security operations while also enabling the business to function seamlessly, focus on data. To get there, you need a solution that extends into the different places where your business-critical data resides, whether it's SaaS apps, private apps, cloud storage or people's personal devices. Instead of being the 'office of no,' IT security needs to become a business enabler. IT departments can no longer lock down data or control how employees access the data they need. This shift can appear like a lack of control at first, but it's simply finding a different way to provide security, which can also enable business and productivity. This is where a converged approach to security comes in. Organizations should have access to a unified policy engine alongside data protection capabilities within the same security platform. This should include data loss prevention to identify and enforce data policies, user behavior analytics and digital rights control to encrypt data so that only authorized and authenticated users have access.
Digital information now moves without boundaries or limits. Data is the new currency of life, and a corporate data breach can affect a company in one moment and an individual in the next. Productivity now depends on the ability to get work done whenever, wherever and on whatever device. IT security has to keep up with that, moving seamlessly across boundaries as employees and executives do. No matter location, device or type of data, security should be there.
While the lines between work and life, as well as home and office, have disappeared, security doesn't have to vanish. From interns to executives, workers are using the device and network that's the most convenient for them. IT security must embrace this flexibility. With a focus on data protection, organizations can build a data protection strategy that is highly effective and without sacrificing productivity.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?