Flexible Working: Employee’s Dream, But How to Ensure it’s not the IT Department’s Nightmare

To many flexible working is the ultimate ‘dream’ way of working – a job that fits around the hours they want to keep with the ability to fit work in-between other commitments. But for the IT department it can be a nightmare. Without adequate security controls, any activity undertaken outside of the corporate network can involve an element of risk. There simply becomes too many variables outside of the IT department’s control such as the device employees use and the security of the network they are on. Minimising these variables is key – it is possible for a coffee shop to be as secure as working in the office – provided the right steps are taken.

It is perhaps not commonly appreciated that an unsecured wireless access point is a very real risk. It is often human nature to seek the least amount of ‘hassle’. So, when in a coffee shop or other remote location, that hotspot marked as ‘free’ or that can be accessed without registration or a password can appear the easiest option to get online quicker. But it is actually very easy for hackers to position themselves in-between the user and the hotspot and intercept everything that is exchanged with it – emails, business data, credit card information – and because WiFi security standards are effectively broken and outdated, this also includes encrypted information.

Virtual private networks (VPNs) can go a long way to make working remotely more secure. However, there are two flaws with them. Firstly, they depend on the user to use the VPN application each and every time they work remotely. Secondly, VPNs by their very nature only provide a ‘tunnel’ to the corporate network. Given many services an employee might use are outside that such as cloud apps such as Salesforce it can mean it makes them slow to use since requests go to the corporate network first, then out again.

The ultimate goal of a web security strategy is to connect that user in an unobtrusive way wherever that user might be located, on any device. The user should not care or be concerned with how they are protected, and instead just act and be as productive as they are within the corporate network, without having to change their working practises dependant on their location.

‘Cloud connectors’ help bring about this scenario solve both by connecting users direct to the cloud so that Internet access is always secure and compliant. They provide the ability to apply user-based policies and generate user-based reports regardless of whether the user is in or out of the organisation’s network perimeter, wherever they may be geographically and regardless of what device they are using.

Cloud connectors work quietly in the background with no intervention needed by employees and can be deployed across an organisation in seconds providing them with instant visibility into off network Internet access.

According to the CIPD flexible working in the UK has actually plateaued in recent years. There are of course many reasons for this, but technology or concerns about security should not be one of them – it is as safe to work from a coffee shop as it is from the office, provided the right solutions and processes are in place.

Join up to 300 delegates at Europe’s elite cyber security event