In this edition of Voices of the Industry, Will Bass, Vice President of Cybersecurity Services for Flexential, discusses how organizations can transform their cybersecurity strategy to include long-term remote workforces.
Will Bass, Vice President of Cybersecurity Services, Flexential
New workforce strategies that allow remote work have rendered traditional perimeter-based cybersecurity obsolete and created the need for organizations to transform their cybersecurity architecture in alignment with access-from-anywhere for their remote workforce. To address this change, policies, technology and education must be addressed to realign, re-architect and reorient cybersecurity programs for long-term remote workforces. Let’s take a closer look at how organizations can successfully accomplish this transformation.
Before acquiring new tools and technologies, organizations should review and revise their security and employee policies and create a comprehensive remote work policy. The goal is to have procedures in place before issues arise. New policies should be rolled out before employees and managers need the answers. Policies must also be reviewed with compliance requirements in mind. If your organization has remote workers, you need to begin with remote work policies that your security, IT, compliance, legal, HR and management teams support.
Successful policies are specific and reasonable with fair and equally enforced consequences. What types of remote work questions should these policies address? Here’s a sample list of some of the things to consider:
Once the groundwork of creating and implementing remote work policies has been accomplished, the IT security team can create and implement a new cybersecurity approach based on anywhere-access for remote work and the criticality of protecting devices wherever they are located. Every aspect of cybersecurity should be looked at, and choices need to balance usability with security need, because it won’t help defenses if usability is so poor that a remote workforce loses productivity or seeks out workarounds. Taking a programmatic approach to maintain and advance cybersecurity maturity with prioritizations for the most effective measures is recommended best practice.
One highly effective measure that organizations should implement as part of their remote work policies and re-architecture is multi-factor authentication (MFA). Let’s look at MFA as a practical example:
Policy: Review information security policies and remote work policies, and update to account for MFA. Document the specific situations that will require MFA (e.g., email, applications, VPN, admin access) and the requirements for using a personal device for authentication (e.g., Google Authenticator, Microsoft Authenticator).
Technology: Implement MFA on the applications and systems designated in policies and which support MFA (SaaS applications, email, VPN, servers, SharePoint, etc.). Solutions may have to be developed for legacy applications. Teams may need to bring in Identity Access Management (IAM), a proxy server, or other technology to protect all systems with critical data. Find a balance between usability and security (e.g., you may require MFA on email and IAM once a week from the same device, and every time for administrator access and network access).
Education: When the user login experience changes, educate the workforce on why and what to expect. Give users the opportunity to understand why they must use MFA and how they can efficiently comply with the requirement. Explain that usernames and passwords are for sale on the dark web, and social engineering attacks to steal usernames and passwords are frequent. Educate users that risk is significantly reduced if bad actors have to face MFA protocols. Also, provide easy-to-understand user resources on setting up MFA on their phones and navigating the requests they will receive when logging into services. Ensure these training, videos and documents are available when MFA is rolled out, so users have immediate access to the relevant information.
The above example for MFA is an excellent example of why education needs to be a pillar of transforming your cybersecurity program. Users are directly affected by many cybersecurity tools and technologies. However, users have at best an average understanding of the risk and reasons the IT team has implemented these new measures. Regular security trainings with explanations of the importance of new security measures reduce risk. Users who have been trained in advance on how they can most easily comply will experience less of a burden than users who don’t get the information and must figure out how to access their applications. A better user experience means higher compliance, less user dissatisfaction and reduced risk.
Don’t underestimate the importance of educating users. The success of creating and updating policies and designing and implementing tools and technologies still ultimately hinges on users as the first line of defense —especially in the new era of remote work.
The above MFA example gives you the high-level process for addressing the policies, tools and technologies you will need to evaluate, as well as the training and resources you need for users. However, MFA is just one specific technology. You’ll need to use a similar approach for all the tools and processes used to protect your users and devices: endpoint protection such as firewalls and virus protection, patch management, vulnerability management, home internet protection, employee on-boarding and off-boarding, remote access, identity and access management and more.
Start now to strengthen your defenses for 2022, and prepare for the work-from-anywhere, access-from-anywhere era.
Will Bass is Vice President of Cybersecurity Services for Flexential. Flexential empowers the IT journey of the nation’s most complex businesses by offering flexible and tailored hybrid IT solutions comprised of colocation, cloud, connectivity, data protection, managed, and professional services. See how Flexential goes beyond the four walls of the data center to empower IT through an interactive map.
During 2024 and 2025, a new trend emerged: many large data center builders and operators…
By Mike Hodge, AI Solutions Lead, Keysight Technologies It’s the heart of the AI gold…
AI workloads are pushing data centre infrastructure towards higher rack densities, new cooling strategies and…
How Centralized Infrastructure Intelligence Turns Emergency Replacements into Controlled Operations Most infrastructure professionals spend their…
The global data center HVAC market was valued at USD 13.7 billion in 2025 and…
Looking back on a career in IT, I wanted to reflect on the 20-plus years…