This interview was originally posted on VMblog.
A new survey titled "Securing the Hybrid Workplace in 2022 and Beyond" finds companies are turning away from VPN in favor of Zero Trust Architecture as hybrid workplaces become the new norm. To learn more about their findings, VMblog spoke with our distinguished technologist, Ian Main.
VMblog: Can you provide an overview of the methodology of the report?
Ian Main: Teradici conducted an online survey of 8,392 respondents from more than 30 countries and across a range of industries between July and August 2021.
VMblog: Why did you choose the industries that you did to survey and what findings surprised you the most?
Main: Industries surveyed included Education (16%), Finance (24%), Healthcare (15%), Military & Government (19%), Media & Entertainment (14%) and Technology & IT (11%). They were chosen as they represent a wide variety of use cases and hybrid work experiences. Most notably, industries with higher remote desktop adoption reported less concern with the security of corporate data.
VMblog: Why are companies turning away from traditional VPN in favor of remote desktops and Zero Trust architectures?
Main: Throughout the shift to remote work, 81% of respondents said that relying on VPNs was a challenge. Looking to the future, only 3% of respondents said they would be relying on VPN as the primary user authentication method for corporate services and remote desktops in 2 to 3 years.
Zero Trust is a strategy (and bundle of technologies) that replaces traditional perimeter-based security with a model focused on users, devices, applications, and assets. Extending trust principles beyond mere network access goes a long way to improving enterprise security. The survey indicated the shift to Zero Trust Architecture models is well underway, with 78% of respondents currently implementing or planning to in next two years. A further 19% are planning to implement but are unsure when.
VMblog: What trends and challenges emerged from the survey? Please expand on each.
Main: As companies adapt to hybrid work for the long term, IT teams across virtually all industries are prioritizing security in order to protect corporate assets and enable a productive, secure and reliable experience for workers. The survey revealed:
- Hybrid work is here to stay. It's important to plan a security architecture for remote access needs as well as considering in-office changes as well.
- Use of BYOD will continue to rise significantly, which can increase the risk of data breaches. More focus on employee training must function in tandem with the security infrastructure.
- VPN will be replaced by remote access and Zero Trust-it's not if, it's when, and it's happening already. The increased use of remote desktop technology and widespread implementation of Zero Trust Architecture models reported in the survey indicates the shift to a more secure hybrid work platform is already underway. Zero Trust incorporated into secure remote access is a clear next step.
- Besides the need for both user and device authentication, continuous authorization of devices will be critical to an end-to-end Zero Trust posture.
VMblog: Why do you think that 94% of respondents are concerned about the security of corporate data exposed via home-based devices?
Main: Cyberattacks are a major threat to an organization's operations and reputation. With millions of people affected by breaches every year, endpoint security is a top concern for IT leaders.
The importance of endpoint security, which protects corporate data stored on endpoints and prevents endpoints from exploiting vulnerabilities or introducing malicious code while attached to corporate networks, has only increased during the pandemic. Security infrastructure and employee training need to function in tandem.
VMblog: As the BYOD trend continues to grow, with respondents stating that only 10% of their workforce are predominantly using corporate owned devices, what should CSOs and IT teams prioritize in order to protect corporate assets and enable a productive and secure experience for workers?
Main: BYOD options are popular with employees, and can help with productivity and reduce operating costs, among other benefits-but companies have little control over any corporate data stored on employee devices or accessed via employee devices, nor with non-corporate applications or other applications stored on employee devices. CSOs and IT teams should prioritize employee training in tandem with security architectures that allow for user and device authentication, as well as continuous authorization of devices.
Interested in learning more? Download the report now
