Security Considerations for a Blended Workforce

A blended workforce consisting of external organizations, traditional workers and non-traditional workers such as freelancers, remote workers, temporary workers and independent contractors (ICs) can provide an organization with the added potential for collaboration, innovation and timely responses to shifting demands.

While the integration of a blended workforce can provide exceptional benefits, there are also unique security vulnerabilities that can arise. To work effectively and securely with a blended workforce, an organization needs to understand the unique cybersecurity risks that come with it and implement the appropriate mix of policies, processes, culture and resources to mitigate the risks.

Balancing Open Innovation, Non-Traditional Workers and Data Security

The way that DevOps focuses on information flow, collaboration and shared responsibilities is what makes it a successful practice for the organizations that adopt a DevOps culture. When an organization with a DevOps culture opts to leverage the power of open innovation and non-traditional workers within a blended workforce, the challenge of balancing its culture with its data security needs can prove to be a source of difficulty and friction.

Open innovation can provide an advantageous boost to organizational flexibility, innovation and productivity; the same can be said for the use of freelancers, independent contractors (ICs), temp workers and other non-traditional workers. By tapping into the knowledge, efforts and diverse skills of a blended workforce, an organization can respond to organizational demands with greater fluidity while also collaboratively developing and implementing innovations that can lead to future success.

When an organization opts to leverage external/temporary resources, it is critical that it does so without sacrificing cybersecurity; an increase in productivity and innovation is not worth the trade-off of potentially leaking sensitive data or otherwise compromising the organization’s systems. While the concept of open innovation encourages the collaborative sharing of information, safeguards still need to be in place to protect intellectual property ownership, respect confidentiality needs and otherwise ensure the appropriate level of data security.

Key Vulnerabilities of a Blended Workforce

In addition to the standard cybersecurity considerations that apply to a traditional workforce, a blended workforce has unique properties that can make it more vulnerable if they are not accounted for.

Key vulnerabilities of a blended workforce include:

  • External and temporary workers are likely to need access to the organization’s data and systems, opening an added potential for data leaks, insider threats and intellectual property theft.
  • Workers from outside the core team may have habits and approaches to cybersecurity that are less stringent than is appropriate for the organization and its data.
  • Members of a blended workforce may have drastically different feelings regarding their level of responsibility to the organization’s security, adding the potential for gaps in adherence to data security policies and practices.
  • Remote workers operate outside the protected “internal fortress” that is used for standard cybersecurity.
  • Policies concerning cybersecurity expectations can be difficult to enforce for remote workers, particularly if they opt to use personal devices rather than the equipment provided by the organization.

Developing a Security and Compliance Ecosystem

When preparing to operate with a blended workforce, DevOps and DevSecOps-focused organizations need to first prepare themselves by developing a security and compliance ecosystem consisting of an appropriate mix of culture, policies, practices and software.

The external and temporary arms of a blended workforce are less attached to the organization, potentially working with multiple clients (including competitors), and their cybersecurity practices may not be as stringent as is required for the data and systems they will be given access to. Organizations that devote the appropriate time and thought needed to develop a security and compliance ecosystem that accounts for the nature of a blended workforce will be better prepared to operate effectively and safely.

Policies and Software for Enhanced Security

Aside from the standard cybersecurity best practices (patching, anti-malware solutions, password hygiene, etc.), organizations with a blended workforce will need to consider what measures will be implemented to enforce the security practices needed for their blended workforce and how they will ensure that all members of their workforce have an adequate understanding of their security responsibilities.

Data Security Plan

The expectations and practices for data security need to be well-thought-out and clearly communicated to anyone that will be working with the organization. By developing a detailed data security plan that outlines responsibilities, behavioral and resource use expectations and other related considerations an organization will have an appropriate framework to use when onboarding the members that make up their blended workforce.

Data Classification and Privileged Access Management

Data and systems access should not be treated as “one-size-fits-all”; neither core team members or external/temp workers will need access to all of the organization’s data at all times.

An organization’s data needs to be appropriately classified and protected based on its sensitivity, and a privileged access management (PAM) system needs to be used to ensure access to data or other resources is given on an as-needed basis.

In addition to PAM software, business-class cloud storage providers and workplace collaboration apps often allow organizations to integrate guests and manage user access to the files and channels needed for project collaboration through integrated granular permission settings.

Endpoint Security and Employee Monitoring Software

As an organization expands in size and complexity, endpoint security management can prove to be a hassle. Endpoint security and employee monitoring software will provide the organization with added business intelligence and endpoint management capabilities to help automate the process of mitigating the potential for risky behavior to occur.

Endpoint security software can prevent members in a blended workforce from engaging in the unauthorized transmission of the organization’s data to external USB devices, and employee monitoring software can alert key members to risky or suspicious behavior as it happens. The added insights provided by employee monitoring software allows the organization to focus its efforts on key business goals without sacrificing organizational and data security.

Conclusion

With these tips in mind, DevOps-focused organizations can begin to develop the proper framework for starting the shift to a blended workforce with cybersecurity at the forefront. The greatest challenge will be in implementing cybersecurity solutions that work with developers in the workforce to maintain data security without causing frustrating bottlenecks in their potential for collaboration and productivity.

Neel Lukka

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Neel Lukka

Neel Lukka is the Managing Director of CurrentWare Inc. He has 8 years of executive leadership experience at B2B software businesses including employee productivity, data loss prevention, marketing & lead generation businesses. Mr. Lukka started his career in Investment Banking at Macquarie in Toronto, Canada. He then went on to found OneLocal, a cloud-based SaaS marketing provider. OneLocal was part of YCombinator, a prestigious accelerator based in San Francisco, USA. Mr. Lukka joined CurrentWare in 2019 as Managing Director. Mr. Lukka is passionate about the products being built for CurrentWare and with his software experience he is helping fuel the global growth in the organization. Mr. Lukka has a Bachelors of Commerce from Queen’s University in Ontario, Canada and has successfully passed all three levels of the CFA exams.

neel-lukka has 1 posts and counting.See all posts by neel-lukka