The Future of Work is coming. And it’s borderless, lightning-fast, highly creative.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The Future of Work is coming. And it’s borderless, lightning-fast, highly creative.
The Future of Work is coming. And it’s borderless, lightning-fast, highly creative.
I'll first introduce myself and then I'll intro. Let Josh introduce himself as well. My name is Richard Richard Archie, and I'm an advisory CSO at Cisco and I cover the Amer region. I'm part of the strategy group, and we are looking at how security will develop and evolve in the future so that we can start to make sure that we understand what the weaknesses are going to be and what we can do to secure your organization.
Josh, would you like to introduce yourself? Sure. Good morning, everyone. My name's Josh green based in London. My main area of interest is in identity in the future of, of digital identity. And I'm the technical lead in the mirror. Thank you very much, Josh. If we just start to think about this whole idea of, of change, Josh and we, that we've been through, people call it the accelerated normal, and I think it would be true to say that we're going from a change. And I think we've seen this in many organizations from survive to thrive.
In other words, from changing how we manage to work in, in extreme circumstances to how we're going to be doing this on an every day to day basis. So I think that's the sort of change we're seeing, isn't it? Yeah. It's been a big shift from, I have to work from home to, I really want to work from home. I don't wanna go into the office at least not all the time. Right. I'm trying to find where that proper balance point is. Right? So it's a question of being able to cope with all of those different scenarios in such a way that we can enable people to work more easily.
And as I think the previous speaker mentioned, people shouldn't be our weakest link. They should be our first line of defense. So how do we bring about that change? I think is going to be one of the security issues that we we battle with. If we could just go onto the next slide and look at some of the research that's been coming out. And I think there's some interesting points here that you've picked up Josh.
Yeah, absolutely. And I think, you know, it's, we, we, we expected going into the pandemic, this loss of productivity due to people just not working at home, not being focused, but it, we didn't really expect that the demand for resources when working from home would actually cause a productivity loss because we didn't have the capacity to handle all of those people working from home. Right. So we see there was a huge productivity loss due to lack of remote work capabilities, people who wanted to get in and do work. And couldn't, I think there's an interesting study.
That's just came out in the UK, which looked at how people were working and it found that it disrupted lifestyle to begin with that people were working unusual hours, that's outside the normal working hours. And so it was eating into their personal time that there are a lot more personal distractions that they spent a lot of time doing other activities. And I think we've now seen an acceptance that this remote working is going to become the future way forward.
I read often about a topic called the great resignation where people are changing roles, changing jobs, and keeping our people happy is going to be extremely important to go back to the issue of resilience. I always see resilience of an organization being in three areas, the resilience of our capital, our operational capability and our human capital. And it's often the human capital that is the hardest to replace.
So I think it's about making sure that we can enable people to work securely remotely in a comfortable way within the same idea that they are part of an organization and part of an office team working together, making them security aware at all times. Yeah. And some of these statistics really surprised me in the sense that you've got gen Z and millennial workers who are theoretically the most technologically enabled in terms of the percentage of their life experience. They've been using these tools.
And yet we see that they're actually the most concerned about returning to work and they're struggling the most to work from home at the same time. And so I think there are sort of structural and organizational things that need to be done to address not just the technical issues there, but also probably the psychological ones associated with that as well. Yeah. The cultural issue, if we just look at some of the top challenges, if we go onto the next slide and talk about what we see as some of the challenges.
And I think we split this into two areas, one is the remote workforce and one is the trusted workforce, the trusted workplace, rather. So that's, if you're working inside your office, you're going into the office or if you're working remotely. And I think from, if we start off Josh with the workforce, I think what we've found is that we obviously have to mitigate that risk.
And, and I think one of the most important things is to manage the security posture properly. I think knowing whether somebody is who they are and where their devices go, those sort of factors have become pretty important going forward. Yeah. Especially the device, right. Because even, and, and this is a lesson we've been getting taught for for many years now. It's actually very much pre COVID that even if the user is exactly who you think they are, if you can't trust the device, that's making that assertion on their behalf, you shouldn't let them in.
Not because they aren't necessarily who they say they are, but because the device itself could be the problem, right. Especially when they, for example, having to use their own device, that brings up another high level of risk as well. And also making sure that we simplify how we keep those organizations secure and those devices secure and those people authenticated because very easy to see, well, we'll put more security on, but how do you manage that?
And how do you make that seamless and how do you make sure that the user doesn't mind and how do you make sure that you can have that wrapped up in such a way that the user doesn't mind that they're very happy to do it so they don't go and make any shortcuts cuz that's really what we want to try and avoid. Yeah. And there are limits to what the user will expect. And I think one of the most interesting things to me is that, you know, when we, when we've been doing research with end users, the things that drive adoption on personal devices aren't necessarily intuitive. Right?
You might think that users want a big blue fix it button that takes care of all the problems for you. But in fact, that's not what we found. So if we look at the, the workplace as well, I think that we're going to be looking at changes, which will make workplaces a lot more effectively run. They'll be monitoring for example, of, of how many people are in a room, because that's now going to become a, a factor, whether a room's being cleaned properly. So we're gonna have to put sensors in around that and make sure that we can have people coming into meetings remotely, as well as in the office.
So we're gonna have to change how we are looking at the, the office environment. And I think also Joshua happens to those empty offices, how we protect them as well.
Yeah, absolutely. I think there was a recent example wasn't there where an empty office became a floor or a weakness to an organization because nobody was there. I think that we were talking about that just the other day, Josh. Yeah. And everything of course is still connected, you know, as if everyone simply pressed pause on that environment and we're waiting for someone to come back and press play again. Yeah.
And if you have, if you have specific resources or, or part of your data center in an office, you need to be able to access that remotely as well and not rely on having physical access. Absolutely. I think we can all think of a recent event in which those systems were designed without the assumption that there would ever be a situation where no one was there to step in and take action physically. And so the system that went down was also the system that prevented them from getting into the building to solve the problem.
And so we ended up with a catch 22 because no one ever envisioned a world in which no one would be there. We now look at if go onto the next slide and look at what we think the future of work will be. So what have we got to try and do? What are the solutions we gotta look at? We've gotta look at flexibility, secure remote collaboration. We have to look at making sure that we have secure access and control over our, our workplace. And I think Josh around the workforce, which is where we're probably focus on for the moment.
I think that we've come up with those factors around user device policies and applications being key going forward and how we manage them. Yep. And you know, we were seeing some of these trends before COVID so I think to some extent it's more of an accelerator than a revolution, but what we really want to have is a change in how we look at our security policies from one that sort of said, we expect that there are some physical controls you've gone through getting into the building before you've accessed anything digital.
And as a result, there can be sort of this, this, this pool of trust within the network whereby you know, we can allow you to move freely around. Obviously if you're working from home, those physical checks have, have gone out the window, right? And so we need to have much more granular control over what you're doing. A one size fits all policy doesn't make sense anymore because it's undoubtedly too strict for certain low risk things. And it's undoubtedly too lenient for the most secure things.
And so what we wanna do is we wanna take that visibility down to the level of every single application because each one, right. Should not only be protected, but also from the point of view with the end user, they shouldn't have to think about where it is because some of those applications may be, as you say, residing in that empty office. And some of them may be in the cloud. Why should an end user have to care about that? Right? Why should that be part of their calculus at all? So how are we thinking about this? Now we could go into the, the, the next slide.
And I think just thinking about those other points, there's gonna be a lot of issues about privacy and so forth on this. What we've tried to do is look at it from the objective of the zero trust model, how that will work, and also the sassy model as which is how we are gonna work in a new cloud environment or an environment where the internet becomes our network. And so what I'm trying to do now, what we're trying to do now is to try and take all of those issues.
We've been discussing about remote working and see how they come together with these new trends that we are hearing about and are these new trends relevant. So if we just think about, I think you started to talk about securing the remote worker, but if we then talk about the sassy idea, which then gives us that connectivity. So we've broken this down into, to sassy our area, the zero trust, and then there's the breach defense and how you react the resilience that I think we've already heard mention today. So those, those, those are sort of a number of different factors.
If we could go onto the next slide, this is the whole idea around SASI, which is the latest buzz word, shall we say? And I think there's three elements to this that we look at Josh. The first is the connectivity. And this becomes really important because if you're working remotely, or if you have collaboration between sites, you're going to need that connectivity really beefed up so that it is seamless to any individual that they can connect at the best op with the best option. So you'll have to have load balancing and so forth in place to make sure that they're getting that optimum efficiency.
We all know there's nothing worse than seeing the video freeze or the person's face go fuzzy. We do have to have that great connectivity. And I think Josh, you led in earlier to that idea around controlling who and what was accessing through the zero trust concept.
Yeah, absolutely. And, and by the way, as a, as a funny anecdote for the screen freezing there, there's actually an advert that plays here in the UK. Many of you who are abroad won't have seen it, but it, it sort of speaks to the new culture of work whereby this woman is on a call with colleagues who want, who decide they wanna see the rest of her, her kitchen that she's sitting in and she's embarrassed by it. And so she pretends that the screen has in fact frozen, except unfortunately for her, the cat walks across her keyboard, which leads to much consternation.
And it just sort of, it, it just sort of shows you how much life has shifted, because in fact, before COVID, for most of the population that advert would've made, absolutely no sense, but in any case, you know, in that new world, we wanna make sure that we really accomplished two things here, more than anything else, which is that these users, you know, we see this diagram on the screen of, of all of connectivity between sites and to the cloud and the places where we need to deploy security.
But the user shouldn't have to see this diagram in their head to connect, right, for them, it should be seamless. And so what we need to do is the first step, make sure that for them, connectivity is completely seamless. They don't have to think about it. And most of us who have been working with remote access for a long time are used to the idea of connecting to a VPN. We know that we need to know where the application is, and if it's on a corporate network, we connect to VPN. If it isn't, we go straight to the application, the reality is in the zero trust world that can go away, right?
You can actually do in the background things to make it so that when users are trying to access on premise resources, they access them through reverse proxies. When they're trying to access cloud resources, we can do things like CASB to make sure that they're doing things that only things that they should be allowed to do, but they won't really have to think about it.
But of course, we also wanna make sure that if the circumstances of their login change, right, if it's Jane DOE logging in from the same laptop to the same trusted application from the same location, we maybe don't need to present many challenges to her before she can get to what she wants to do. But if all of a sudden it appears that she's taken a trip halfway around the world and she's accessing an application she's never accessed before. Now we need to present more challenges and do more verifications before letting her into the very same application.
So we need to bring all that together because it needs to work both on-prem and in the cloud. So that's, that's a good segue into what our next step will be. So if we go forward and say, what, so what are the next steps? And I think that one of the things we wanted to define was just a series of principles of how you establish this. And I think that, that we've had these five basic principles that you can start to use when you're looking at defining what the solution will be.
And I think they're probably self explanatory, which is how we are looking at the zero trust idea of, for the workforce, which is first of all, make sure that everything you assume is untrusted. You treat every application, the same wherever it's held. You make every user able to work successfully from when, from any untrusted network. So it's seamless for them. And of course, some of the core cyber hygiene issues of authentication, authorization and encryption.
So I think that those, those are sort of some fundamental principles that we should bear in mind when designing this new way of working remotely. Very simple and I think fairly straightforward, but Josh, we could go onto the next slide because one of the interesting factors which I'm always asked about is this whole idea of passwords list, always recount, how I was spoken to by the CEO of a big mining company. And he said to me, Richard, I don't understand technology. I don't really care about it, but when are you gonna get rid of all these passwords? I'm sick of them.
And it seems to me that passwords and how we manage them are a great weakness and a great hindrance to users when they're working. I know it's very topical, but what do we think is happening around passwords and, and the future of passwords, cuz it seems to me, it all comes together in this whole idea of working more seamlessly. Absolutely. And you know, look, users, users are tired of them. We know that right? Instagram in that breach, most commonly breach password 1, 2, 3, 4, 5 right now, is that because users think that password's secure.
No it's because they're not willing to sacrifice usability for the sake of the extra pass, the extra security of having a much more complicated password. And when we translate that to the corporate environment, of course we would love to say to ourselves that users are definitely not reusing their corporate password on any other system that may not be as secure as our systems. The reality is that's just plain old, not true. We see password stuffing attacks happen all the time.
One of the more notable recent ones was against the government of Canada a little over a year ago, where there was, they didn't do anything wrong other than the fact that users had reused their government of Canada password on a site that got breached. And of course now our security is only as good as the security of the weakest site that got breached, where the password was reused.
So, you know, the, it, it's a huge problem and we have some opportunities now based on changes in, in technology that make doing password, those a lot easier than it ever would've been in the past, right? For example, biometrics are not new in any sense of the word, but you know, if you go back a decade, you wanted to do fingerprint reading, you needed to buy proprietary fingerprint readers. They probably used their own standard and protocol. You had to attach them to the device you wanted to use them on. And so the whole idea of rolling that out was very, very difficult.
Then along came smartphones with built in biometrics and suddenly everyone has a fingerprint reader or a face recognition scanner in their pocket. More importantly though, they also started to use standards, open standards like Fido, which allow us to basically not only take advantage of the devices everyone has, but it allows the level of interoperability between different systems and different devices that we never had before.
And so that allows us to maintain this balance between security and usability, because if we actually sacrifice usability for the sake of security, we'll get the same result we got with the password, a whole bunch of people circumventing it and pressing 1, 2, 3, 4, 5 for some equivalent thereof just to make their lives a little bit easier. We really need to hit both. And there's a, you know, the, the, the advent of these standards and, and technologies has made that a lot easier than it ever was in the past. So we should now be looking at passwordless as a way forward.
Yeah, absolutely. And it's, and it's, from my perspective, you know, it it's a first step, right? Because there's, there's even more that we can do. And there are other standards being developed that will allow us to go even further than that. But I think this is sort of that necessary first step to get us on the road to a better way of authenticating. Okay. Right. I think that was the topics we wanted to cover. Josh. It's about how the change is coming around, how we still have to focus on the sassy and zero trust ideas and how we should also keep bear in mind.
The whole idea of passwordless because that's going to be important to us going forward and its time seems to have arrived or is arriving. Absolutely. Yeah. And I think, you know, one of the things that's gonna be exciting about it is you'll especially in the realm of federated applications, you know, if you're looking at passwordless, you'll discover it's a lot easier to roll out than you might have thought Always good to hear. Great. And I think that brings us, I think we're pretty much at time on that. So yes. And I was just waiting to see if there's a question or not.
We should open it up for some questions.