How to Mitigate the Security Risks of File Synch and Sharing in Hybrid Working Environments
As more organisations embrace hybrid working, the security challenges of a decentralised workplace are becoming increasingly clear. Implementing a robust IT security strategy and using the right products and measurable KPIs will boost security capabilities and minimise risks, bringing huge value to your organisation. Secure by design is the way forward.
The best practices for secure file synch and sharing in hybrid working environments include:
- Evaluating risks in a hybrid working environment
- Enabling secure file synch and share from anywhere (zero trust)
- Unifying your security through a simple, integrated platform (single pane of glass)
- Educating your workforce to embrace secure work practices
Evaluate Risks in a Hybrid Working Environment
This is key to making sure the data and information sitting in the files that employees are synchronising and sharing are secured and safe. To evaluate the risks, organisations need to look at four main aspects:
- Physical: Employees use PCs and probably personal devices such as mobile phones and tablets that may have access to the organisation’s systems. Organisations need to evaluate how these devices are secured in case of theft. For example, when employees are working outside the organisation, unauthorised people shouldn’t be able to access the organisation’s system, sensitive files and information.
- Technical: Digital files can be stored on the organisation’s servers, in the cloud and on employee devices. Organisations need to deploy solutions that ensure secure access, synchronisation and transmission of files and data. Organisations need to take a holistic view when analysing their whole IT infrastructure and environment to make sure it has no security gaps. Organisations report that around 4 in 10 internet break-ins occur despite a firewall being in place. So, relying solely on encryption and firewalls is not enough if all elements — such as access control and authorisation — are not secured. While some companies enable employees to use personal devices to access internal resources, these devices create significant security risks because there’s no formal process to verify that they are updated and maintained. The solution is continuous, 24 x 7 monitoring of these devices to identify malicious behaviour and respond instantly to mitigate the damage.
- IT support: Cybercrime has boomed since the pandemic. Organisations need to evaluate the breadth and quality of their IT support and their IT personnel capability and availability to react to security threats, especially for employees working outside the organisation firewall. Hybrid-working employees are more vulnerable to security risks, and time is usually critical with these security threats.
- Business procedures and access to files/data: The main purpose here is to identify vulnerabilities and gaps in the workflow where potential risks are higher. To do this, the focus needs to be on how work gets done and by whom rather than on where work gets done. This must go hand in hand with finding ways to ensure data, applications and resources security without affecting the workforce’s efficiency and productivity. This also means it’s critical to assess what type of data/files employees have access to, what devices and applications they use, and what vulnerabilities exist in their environment so that organisations can implement the right controls to react in time. For instance, if employees are accessing protected data stored in the cloud for collaboration purposes, then using multifactor authentication to authenticate user access, VPNs to encrypt traffic and downloading security patches are highly recommended to tighten security.
Enable Secure File Synch and Share from Anywhere (Zero Trust)
An increasing number of organisations are digitising their workflow processes and using the cloud to facilitate and support hybrid working so that employees can work from the office, home or remotely. File and data access, synchronisation, sharing, storing and transmitting are key functionalities that hybrid workers need for their job, which means the number and size of such files and data in electronic format are rapidly increasing. To ensure the highest security measures in such environments, organisations need to implement zero-trust policies — the best way to address the challenges associated with digitisation, the cloud and hybrid working.
Also, implementing the principle of least privilege and ensuring that employees only have access to the data they need to complete their day-to-day jobs is critical to ensure that data doesn’t fall into the wrong hands.
Zero trust assumes that everyone is not trustworthy at the beginning of any action. This means the system performs proactive and automatic authentication to check authorisation before granting access to any application, process or database. In addition, the authorisation status is continuously validated while applications and data are in use. So, the main aim of zero trust is to implement strong identity verification and device compliance validation. It also helps organisations to comply with both internal and external regulations, simplifies the auditing process and enables much easier compliance.
Organisations need to accept that cyberattacks can be successful, and prepare schemes and solutions for effective recovery. Siloed data and processes are the major obstacle to zero trust, so organisations need to make sure everything is under the umbrella of one solution.
Unify Your Security Through a Simple, Integrated Platform (Single Pane of Glass)
It has never been more important to unify the security of organisations’ network environment, IT devices and workers:
- Cybercrime is on the rise. Since the pandemic, organisations have made greater use of the internet and this has led to a significant increase in cyberattacks, which are now more sophisticated and pose a bigger threat year on year.
- Organisations are increasingly using information technology and the Internet of Things.
- Organisations are increasingly challenged by an over-abundance of IT products.
- Security is becoming embedded everywhere.
- Managing IT security in hybrid-working operating environments is becoming much more complex and challenging.
- There is a growing lack of visibility in organisations’ end points.
- IT and security need to work together to ensure employee productivity and efficiency.
Unification should aim to have end-to-end visibility of the whole IT environment. With a unified cybersecurity platform, organisations can protect data and resources across public, private, hybrid and multicloud environments with end-to-end visibility.
One of the major benefits of unification is that it provides everything that security personnel need in a single interface to help them effectively and efficiently protect employees, systems and assets. Another key benefit is related to cost efficiency because a unified security platform is less expensive to acquire and maintain than individually integrated and proprietary solutions. Organisations with unified security solutions can do more with the current IT staff, which is essential with many organisations facing a shortage of skilled IT workers.
With a unified security environment, organisations will benefit from a more secure environment (across public, private, hybrid and multicloud environments with end-to-end visibility) where all security needs are integrated and aligned by design into all aspects of the organisation’s IT infrastructure, business processes and security strategy.
Educate Your Workforce to Embrace Secure Work Practices
One of the biggest challenges that comes with remote working is ensuring that employees are security conscious when working outside the office — for example, whether they’re downloading all security patches, maintaining devices with antivirus/antimalware solutions and selecting strong passwords.
Security tools alone can’t fully protect the organisation if human behaviour is not also addressed. This means that if employees are not adequately trained on and implementing basic security practices at home, then there will inevitably be a much higher security risk.
Employee security awareness and education is probably the most overlooked and underestimated aspect, despite it being so critical. Reports show that about 8 in 10 cases of file/data loss are caused by employees inside the organisation.
It’s essential that organisations:
- Educate and train the workforce to embrace secure work practices and make sure employees are aware of the threats of file and data loss
- Deploy and enforce security policies and make employees accountable for any non-responsible behaviour and actions
Further reading:
Secure by Design: File Sync and Share for Hybrid Workplaces
Future of Work: Strategies for the Flexible Work Experience
How Dropbox Makes Asynchronous Work
Why a “Back to the Office” Strategy Will Fail (And Work Will Shift to a “Digital HQ”)
IDC FutureScape Webcast: Worldwide Future of Work 2023 Predictions
Work Automation and Digital Skills — A European Future of Work Perspective
Key Tech Areas Organizations in DACH Are Investing In
German Chancellor, Olaf Scholz said in January that the government had successfully fended off the economic crisis, while the country’s minister of economy also addressed the extreme adaptability of German firms making it possible to avoid the worst scenarios. These statements strike a much more positive tone than those in October when negative growth was forecast for the German economy for 2023.
The panic over energy supplies has eased – at least for now – and the general outlook has significantly improved in the Germany, Austria, and Switzerland region (DACH) over the past 4 months. However, it remains clouded by some serious risks as the storms of disruption continues to rage above Europe. Organizations must remain cautious and stay focused on data to evaluate evolving risks and opportunities.
Business Risks are Hiding Behind Short-Term Improvements
The Russia-Ukraine War marks a critical economic and geopolitical turning point for Europe and the rest of the world – and the functioning of ICT markets has not escaped the impacts of the conflict.
Relying heavily on Russian gas, the DACH region has become particularly vulnerable to the increasing energy prices. Although the governments of Austria, Germany, and Switzerland reacted quickly to ensure energy supply for the winter months, the complete independence from Russian energy products is yet to come. Governments will have to consider that rapid escape from reliance on Russian gas may contravene with climate ambitions on the short term, therefore reducing energy demand and increasing energy efficiency will need to be in focus.
Although forecasts have been revised upwards during the past months, the latest data still indicate a major economic slowdown for the DACH region in 2023. Germany is expected to grow just 0.2%, while the economies of Austria and Switzerland are projected to see 0.5% growth. These numbers can easily go negative if geopolitical conflicts escalate or there is another major outbreak of COVID-19 in China, for example. Indeed, our Future Enterprise Resilience Survey found that more than 90% of German organizations expect recession this year.
DACH experienced the highest inflation in decades in 2022, and price increases are expected to weigh on households and businesses in 2023 and beyond. Switzerland is the only country in DACH, and one of only two countries in Europe, expected to keep inflation under 2% this year.
Labour shortage will be another major factor impacting IT budgets, while the lack of digital skills within the organization may hinder the completion of digital initiatives. Easing supply chain bottlenecks and declining transportation costs reduced pressures on some of the previously constrained sectors, such as automotive manufacturing, but the possibility of further supply chain disruptions cannot be ruled out.
How is the ICT market impacted by these headwinds and how should businesses approach weathering Europe’s storms of disruption?
Shifting Focus on Tech Investments
Despite volatile market conditions, ICT spending in the DACH region is expected to rise 4.9% this year and 6.4% over the 2021–2026 period, exceeding the European average. However, IT plans have been impacted. Organizations are reshuffling their investments, focusing on technologies that can sustain the growth in uncertain times, reduce costs, improve performance, optimize processes, enhance customer experience, and nurture talent.
Our identified the following key areas to drive ICT spending in the DACH region:
- Artificial Intelligence: AI’s tremendous potential to improve customer experience, enable new employee experiences, mitigate skills shortages, and transform the workplace is driving rapid adoption. Augmented human resources, image processing, fleet and freight management will be among the top 10 use cases related to AI. According to IDC’s Worldwide ICT Spending Guide: Enterprise and SMB by Industry, spending on AI platforms will grow an outstanding 46.6% in the DACH region during 2021–2026.
- Security: The rising frequency and sophistication of cyberattacks are keeping security a top investment priority. Annual spending on security in DACH is growing faster than the European average and is expected to exceed $18.5 billion in 2026.
- Cloud: Investments are expected to more than double between 2022 and 2026 as organizations continue migrating workloads and data to the cloud to boost cost efficiency, flexibility, and customer satisfaction.
- Internet of Things: IoT is a critical element of cost reduction, process optimization, and improved performance. Steady, double-digit growth in IoT spending is expected into 2026, with investments related to electric vehicle charging, advanced payments and shopping growing fastest.
Apart from these, enterprise infrastructure, managed services and project/professional services are additional areas where DACH organizations indicated they would continue their investment pace.
IDC’s Recommendations
Planning the IT budgets and identifying technologies to support growth in these uncertain times is extremely difficult, especially without having the right skills and partners to complete digital initiatives. In response to the current era of uncertainty, industries are embracing transformative new trends and technologies. Adapting to these transformations, being use case-centric, and placing the right bets for growth will be essential to keep afloat and continue delivering value.
IDC can help technology vendors stay resilient, competitive, and generate revenue during turbulent times. We offer the following assets to support organizations’ needs for precision planning:
- IDC Trackers enable organizations to assess their competition and their position by analyzing technology markets, vendor shares, and forecasts.
- IDC Black Books provide extensive market overviews to help organizations position their products and services for the appropriate audiences.
- IDC Spending Guides enable organizations to find strategic opportunities according to industry, company size, use case, and geography.
Contact us for more information about how IDC data products can help business leaders target, plan, and execute their most important strategic initiatives. We provide analysis of 100+ countries, 120+ technology markets, 20 industries, and 400+ use cases.
Why Strategy Is Important to Thrive in an Economic Downturn
The IMF has warned that half of the European Union and a third of the world face recession in 2023. This means that economic headwinds such as energy costs and currency fluctuations are forcing organisations to reassess budget decisions.
In our recent Future Enterprise Resilience and Spending Survey (December 2022), IT leaders said they expect inflation to impact spending decisions. IT cost price increases stemming from inflation and currency changes is expected to have the greatest impact on IT spending plans in 2023.
C-suite concerns are related to IT and technology challenges. In our Worldwide C-Suite Tech Survey (August 2022), 60% of European C-suite concerns about the impact on their IT and digital spending was related to challenges coming into sharper focus as macroeconomic conditions worsen. This includes IT price increases stemming from inflation.
So how can tech vendors navigate these issues and thrive?
Planning Is the Foundation for Success
According to research by the Harvard Business Review, companies that not only survived recessions but thrived afterwards were those that were prepared and agile — those that didn’t just slash costs but invested strategically.
Strategy is essential to know where to plan resources, to determine which projects you are going to prioritise and which you are not, and to know how you are going to identify and target the opportunities that will give you the best return.
Download eBook: Essential Building Blocks for an Effective Growth Strategy
A good strategy should help you align with business conditions, so that you can be agile enough to deliver short-term savings without impacting long-term growth.
Informed Decisions
Data becomes more important in volatile and uncertain economic situations. Economic conditions can impact regions and industries differently. Knowing the factors that might impact the market(s) you are selling into is crucial.
Those who are buying tech is changing, with European tech spending moving from the IT department to the C-suite. In Europe, 47% of IT spending is now C-suite funded (source: IDC Worldwide IT Spending Guide: Line-of-Business Forecast, January 2023, European forecast).
Download eBook: Speaking the Language of the C-Suite: Selling Beyond the IT Department
This is an example of how data can give you insight into your customers and how they are buying. Knowing who is buying, where they are spending and what is impacting spending decisions will help you build an effective strategy.
Data-supported decisions are key to effective resource management both internally and externally.
This means you need to know who is buying in your market. Which markets or industries are more resilient? What are their drivers and challenges?
Adapt and Invest
Times of economic uncertainty can also be a time of possibility. Microsoft, Instagram and Airbnb, for example, were all formed during or just after a recession.
Technology is an area where businesses tend to continue or increase spend. 66% of European C-suites believe that IT budgets will increase, even during an economic downturn (source: IDC Worldwide C-Suite Tech Survey, August 2022).
According to our Digital Executive Sentiment Survey (October 2022), European organisations now expect more than 50% of their revenues to come from digital business models on average in the next three years.
Technology is often seen as a critical business differentiator to better deliver business outcomes, increase resilience and accelerate revenue growth. So while caution may continue while the economic outlook is uncertain, investments in projects that improve efficiencies are continuing. According to the Harvard Business Review, prioritising digital transformation and digital technology can help cut costs and improve efficiencies.
In an economic downturn it can be harder to achieve growth, as you have to do more with less. It can also be harder to get customers to spend, so you must ensure that you are targeting the opportunities with the best chance of success.
But there are opportunities. So what you do and where you allocate resources becomes increasingly important.
You need results. To be proactive rather reactive, but still agile enough to pivot to changing market conditions. An effective strategy is essential to that.
Visit our website for more information on how we can help you build for growth.
Why Digital HQs Are Essential for Workplace Flexibility and Employee Loyalty
Not Going Back to the Office Full Time
If you bring together a group of senior managers and ask them what the most pressing concern is in their workplace strategy, the most likely answer will be, “How can we get our workforce back into the office?” Nostalgia about the “good old days” reassures them that work is better done in the office. A buzzing office at full capacity is often taken as a sign of high performance.
Our data shows that 68% of European employers are determined to have employees back full time in the office (IDC FoW Survey, 2022). Meanwhile, workers are demanding greater flexibility and a choice of where and how to work.
Some employees want to be in the office, while many want to “balance their lives” and family obligations. Our data shows that compared with hybrid staff, employees working onsite five days a week are 10% less likely to recommend their employer, meaning they are less loyal and more likely to switch jobs.
About 73% of office workers in Future Forum’s future-of-work study say they are open to new jobs if they are dissatisfied with the level of flexibility they are offered.
In the wake of a recession in Europe, however, many businesses are reluctant to invest in the technologies needed to transform their organisation into a digital-first workplace for the long term.
Our survey data from December 2022 shows that concerns around geopolitical tensions and labour shortages remain high in Europe, with inflation having the biggest impact on spending plans for 2023. 70% of organisations are planning to significantly reduce their IT spend in 2023 (IDC FERS Survey, Wave 11, 2022).
Many managers need to seriously consider whether a return to a traditional work policy will enable their business to survive in today’s world. A typical organisation has two generations of digital natives in their workforce (Millennials and Gen Z). Employees are key stakeholders in the evolution of their workplace, and their interests and preferences must be considered. Organisational culture needs to evolve and keep pace with social changes. The alternative, in form of a non-negotiable “everyone return to the office” strategy, would cause more harm than good in terms of business outcomes such as talent attrition, quiet quitters and lower productivity.
The Digital HQ and Why It’s a Must-Have
So, what is the way forward? A digital HQ that is accessible to all — those in the office and those working away from the office — can be the foundation for a more flexible work environment that drives performance, loyalty and other positive business outcomes.
Platform vendor Slack defines the digital HQ as “a single, virtual space to connect people, tools, customers and partners for faster and more flexible work”. Contrary to most assumptions, a digital HQ does not imply that people never meet in person.
Yes, the workplace is digital by default, but people will still get together in their office. However, they do so for team building and collaboration, social connection and networking, or training.
The understanding is that going to the office to replicate an at-home work pattern that focuses on productivity would be a waste of time. As a result, the office — or “physical headquarters” — is being reimagined less as a place of routine and obligation and more of a centre for driving company culture and values.
These new offices emphasise free-form flexibility, offering hot desks, huddle rooms and smart meeting rooms. However, too few companies have given thought to the workings and architecture of digital headquarters. And given that so many workflows and team collaboration efforts now happen in the digital space, that seems like a serious lack of imagination and an invitation to failure.
To ride the wave in a challenging labour market, companies must prioritise attracting talent and keeping existing employees motivated. By enabling employees to connect and collaborate from anywhere, a digital HQ helps companies to provide the flexibility that today’s workforce demands.
All workers can feel included and productive in a digital HQ, no matter where they live or what their daily schedules might look like. Flexible work practices are also essential to building inclusive workplaces, which is top of mind for many employers as diversity, equity and inclusion have become a priority in recent years.
A digital HQ can break down silos, unite teams in an asynchronous work model and boost security. Employee and customer experience will benefit from that increased agility and create a stronger culture as a result. The fact that 56% of European companies feel they are not ready to meet current and future work transformation requirements should be a wake-up call for those trying to survive the coming storms of disruption.