New Study Finds COVID-19 Exacerbates the CISO’s Dilemma: Enhance Corporate Security or Enable Worker Productivity in Shifting to Remote-First Workflows

Hysolate, the isolated workspace innovator bridging the gap between user productivity and enterprise endpoint security, today announced the release of a new research study, undertaken in partnership with Team8, exploring the impact of the COVID-19 pandemic on large enterprises’ remote work and business continuity strategies. The study, The CISO’s Dilemma: How Chief Information Security Officers Are Balancing Enterprise Endpoint Security and Worker Productivity in Response to COVID-19, reveals that chief information security officers (CISOs) are conflicted about how their companies can best reposition themselves to address the sudden and rapid shift to remote work caused by the pandemic.

HR Technology News: JPMorgan Chase Launches Everyday 401(K) Solution For Small Businesses

The story emerging from the data in the study is clear:

• COVID-19 has accelerated the arrival of the Remote-First era.
• Legacy remote access solutions such as virtual desktop infrastructure (VDI), desktop-as-a-service (DaaS), and virtual private networks (VPN), among others, leave much to be desired in the eyes of CISOs and are not well suited to handle many of the new demands of the Remote-First era.
• Half of CISOs believe that security measures are impacting productivity when scaling Remote-First policies.
• Bring-your-own-PC (BYOPC) policies further complicate organizations’ approaches to secure remote access.

Beyond the overwhelming consensus that work-from-home is here to stay (87 percent of respondents believe remote work has become a permanent workflow in their companies’ operations), the study reveals that there is no singular best practice or market-leading approach to enabling workers in the Remote-First era.

HR Technology News: NAVEX Global Launches Back-To-Work Solution To Manage Risk & Compliance Challenges 

There is no prevailing solution in place to provide secure remote access to corporate assets:

• 24 percent of survey respondents utilize VPN, and more than half of these also employ split tunneling, a practice that allows users to access dissimilar security domains at the same time, to reduce the organization’s VPN loads and traffic backhauling. However, of those that use split tunneling, two-thirds of CISOs express concerns about the security of the split tunneling approach.
• 36 percent deploy VDI or DaaS. However, of those CISOs that utilize VDI or DaaS, only 18 percent — less than one in five — say their employees are happy with their company’s VDI or DaaS solution. Further, dissatisfaction with these legacy remote access solutions isn’t limited to user experience; more than three-quarters of CISOs feel that their return on investment in VDI or DaaS has been medium to low.

CISOs are also grappling with what their remote security policies should be in the new Remote-First era:

• 26 percent of CISOs surveyed have introduced more stringent endpoint security and corporate access measures since the arrival of the pandemic.
• 35 percent have relaxed their security policies in order to foster greater productivity among remote workers.
• 39 percent have left their security policies the same.

The majority of companies (more than 60 percent) felt that they weren’t ready for the changes that the proliferation of the pandemic forced. What is uncertain is whether the other 39 percent who have made no changes are standing pat because they are comfortable with their company’s security posture or because they don’t know what changes to make.

“Worker productivity and enterprise endpoint security have historically been pitted as competing priorities,” said Hysolate CEO Marc Gaffan. “But when we surveyed CISOs who were scrambling to scale their remote workforce IT operations in light of the pandemic, it became clear how important worker productivity has now become and that legacy solutions like VPN, VDI and DaaS just can’t handle the demands of the new Remote-First reality.”

Web browsing restrictions and BYOPC policies further muddy the Remote-First waters. Sixty-two percent of CISOs said their companies restrict access to certain websites on corporate devices, while 22 percent say their companies do not allow access to corporate networks or applications from a non-corporate device.

The confusion indicated by the mixed results of The CISO’s Dilemma survey report is enough to cause many CISOs a sleepless night. In fact, the varied response trend carried over to the one unconventional question asked in the study regarding pandemic indulgences: 20 percent of CISOs report drinking more wine during the COVID crisis; 32 percent drink more coffee; 8 percent choose whiskey; and, perhaps in what should come as a surprise to no one, 40 percent chose “All of the Above.”

HR Technology News: BigSpring Names Hugo Bague And Frits Van Paasschen To Its Advisory Board

Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.