What Are the Hybrid Work Security Needs for Different Industries?

October 24, 2022
Ian Main

Ian is a Distinguished Technologist at HP Teradici. Ian has over 15 years of experience at HP Teradici, involved in protocol performance, architectural and security aspects of PCoIP design, and customer requirements analysis, with particular focus on remote graphics intensive workflows. Follow Ian on Twitter! https://twitter.com/PCoIP_Ian

The world is embracing a new way of working—hybrid work. The transition to digital workspaces has seen improved productivity and lower company costs. But improper implementation of digital workspaces opens businesses to increased risks of cyberattacks.

HP Teradici surveyed over 8,000 people from a wide range of industries for our first annual Security Report. The breakdown of respondents according to industry was Education (16%), Finance (24%), Healthcare (15%), Military & Government (19%), Media & Entertainment (14%) and Technology & IT (11%).

One of the major findings was that 99% of respondents believed their companies would be maintaining a hybrid model in a post-pandemic world. Concerns about security in such an environment were understandably high but the responses varied according to the industry.

The Education sector stood as an outlier in the report, as was further discussed in our webinar, Securing the Hybrid Workplace in 2022 and Beyond.

We examine the various changes in hybrid work requirements and the security risks associated with them, as well as the specific needs of different industries.

Distinct shift towards BYOD 

There has been a rise in BYOD – bring your own device – due to the pandemic. 90% of respondents said their companies are using a mix of employee’s personal devices and corporate-owned devices, with only 10% using primarily corporate-owned devices.

The industries with the highest corporate-owned device usage were Media & Entertainment (12%) and Technology & IT (16%). The Education sector, on the other hand, had the highest BYOD use (69%) with only 6% of employees using corporate-owned devices.

And the use of BYOD is expected to increase, according to 74% of respondents. In the Military & Government and Healthcare sectors, 82% believed they would see an increase in BYOD. This response was quite the opposite of the Education sector, where 45% of respondents said corporate-owned devices would increase, as opposite to 54% who expected increases in BYOD.

While BYOD can improve productivity and reduce office expenses, companies have little control over the data stored on those devices. Both the personal device and the company could be vulnerable to security threats.

Commuting and security risks

When asked about how employees will be using devices, either BYOD or corporate-owned, 47% of respondents expect devices to only be used on office premises, while 53% said employees would be commuting with devices. Interestingly, while there was an even split for all other industries, 65% of respondents from the Education sector expected a higher number of commuters than in-office users.

Unsurprisingly, the rise of BYOD correlates to increased concerns about endpoint security, which was high among all industries, but particularly in the Education sector (81%). As we mentioned earlier, the Education sector already has a higher usage of BYOD, as well as more employees commuting with devices.

In the latter case, concern around employees commuting with endpoint devices was highest in the Technology & IT sector, as well as for respondents in the Education sector.

These concerns increase exponentially when employees’ devices aren’t managed, particularly in the Education industry who were ‘much more concerned’ (60%) than respondents in the Military & Government and Healthcare sectors. This is likely due to more reliance on virtual desktop infrastructure (VDI), lower instances of BYOD use and fewer employees commuting with devices in the latter two sectors.

Zero Trust adoption in the works

The shift to BYOD and the consequent higher needs for endpoint security has seen a rapid rise in Zero Trust interest. In a Zero Trust environment, both user and endpoint devices are separately authenticated before allowing any access to data.

78% of respondents acknowledged that Zero Trust adoption was underway at their companies, and 98% of all respondents said that Zero Trust was a priority. Among the adopters, the highest was in the Finance and Education sectors, followed by the Media & Entertainment and Healthcare industries.

This interest in Zero Trust is related to the declining quality of user-experiences with VPN. In the Education sector, where 55% of respondents use VPN (other industries reported higher usage of Desktop-as-a-Service or DaaS), the dissatisfaction levels with VPNs was high (80%), particularly with relation to slow performance or frequent disconnections. Only the Government & Military sector had a higher dissatisfaction rate (83%).

From the high dissatisfaction levels reported, VPNs are on the way out, with only 3% across all sectors saying they would continue to use traditional VPNs. Cloud and on-premises identity services were the top choices for 80% of respondents instead, along with VDI connection managers (17%).

Hybrid Work Needs Zero Trust

Continuous authentication is crucial for hybrid or remote work models, explained Jaymes Davis, Director of Product Strategy and Sales Engineering at Tehama while discussing the security report results in our webinar.

Which is why we’re seeing a concerted effort towards creating Zero Trust Architecture with multi-factor authentication across a range of industries, instead of VPNs that only create a perimeter of defense.

As the security report suggests, BYOD is increasing, as are the instances of employees commuting with devices, either their own or corporate-owned endpoints.

There are options for companies to mitigate security risks in digital workspaces. HP Anyware for digital workspaces gives users access to their data from virtually anywhere and on any type of OS or client endpoint. Anyware is based on our secure PCoIP remote display protocol where data never leaves the data center. Display information is only transmitted as fully encrypted pixels, so your business information remains secure.

Learn more about the future of hybrid work and how businesses can keep their data secure by downloading the Security Report.

Ian Main

Ian is a Distinguished Technologist at HP Teradici. Ian has over 15 years of experience at HP Teradici, involved in protocol performance, architectural and security aspects of PCoIP design, and customer requirements analysis, with particular focus on remote graphics intensive workflows. Follow Ian on Twitter! https://twitter.com/PCoIP_Ian