How long-term hybrid work is changing security strategies
CISOs across industries are revisiting the stopgap security tools and the temporary policies they enacted to quickly enable remote work to replace them with stronger permanent solutions. But the old rules no longer apply. Pam Nigro wants to know if workers at her company are working odd hours. She wants to know exactly where they are, too, because such surveillance is one of the strategies Nigro has to keep her company safe.
Nigro says her security tools must understand and analyze when and where employees work so they can identify unusual access attempts that could indicate an attack.
And her security program must become increasingly attuned to each employee’s work habits in the years ahead, as widescale hybrid work arrangements remain the norm.
“We need to consider our investments and a changing work environment to make sure we’re leaving as small of an attack vector as possible,” says Nigro, the top IT and security officer at Home Access Health Corp.
Home Access shifted a large number of employees to virtual work when the Covid pandemic hit in early 2020, implementing technologies and policies that gave them secure remote access from their homes. At the same time the company continued to support those employees who needed to be in the office, such as its lab workers.
Home Access Health CorporationPam Nigro, VP Information Technology and Security Officer, Home Access Health Corporation
For Nigro, the experience presented new challenges, including educating workers how to safeguard home internet connections. It also gave her opportunities to accelerate new security initiatives, such as adding analytics capabilities to understand employee patterns and geofencing-based tools to block access originating outside the United States.
“These are the kinds of things we’re still enabling and enhancing to make security stronger as we continue with hybrid work,” says Nigro, who is also board vice chair with the professional governance association ISACA.