Securing the hybrid environment is paramount in the constantly evolving modern workplace. As UC and collaboration technologies become integral to business operations, the challenge lies in protecting sensitive data while maintaining seamless connectivity.
There are myriad strategies and best practices to fortify UC ecosystems against cyber threats, ensuring a secure yet flexible workspace for today’s dynamic workforce.
With our latest Round Table subject, “Securing The Hybrid Workplace”, we spoke with experts and executives from Intrado, Cisco and Theta Lake about the unique security challenges of the hybrid workplace, the best strategies and best practices for complying with privacy and data regulations, how organisations can strike an effective balance between security and user experience, and the emerging trends and technologies shaping the future of security in the hybrid workplace.
How do you define the “hybrid workplace” in the context of UC&C, and what unique security challenges does it present compared to traditional or fully remote work setups?
Jaz Lin, Head of Product at Intrado
Lin highlighted that because hybrid workers could be working from literally anywhere at a given point in time, the challenge is ensuring consistent access to the services they rely on and doing so in a way that does not comprise an organisation’s network or data.
“The hybrid workplace adds additional hurdles because UC&C is not a single tool or product but a collection of solutions – including disparate platforms at different locations,” Lin said.
Lin also emphasised that organisations need to ensure that their technology works together smoothly and securely. “Intrado helps organisations comply with E911 regulations, but we understand the complexity of UC&C environments and the challenge of hybrid and remote work scenarios,” she continued. “To address this complexity, we have designed our solutions to simplify E911 regulatory compliance for UC&C and hybrid/remote work challenges.”
“A unified E911 solution that works across various UC and UCaaS platforms, regardless of how complex your environment is, is one way you can streamline your environment with a single, secure, and easy-to-manage solution for all employees – regardless of platform, device, or location – while complying with all state and federal regulations.”
Garth Landers, Director of Global Product Marketing at Theta Lake
Landers outlined that UCC has driven the hybrid workplace as the new normal. “If we were having this conversation a couple of years ago, we would probably be more hung up on discussing how hybrid defines the actual physical location of where people are,” Landers expanded. “We’re past that.”
“People work from everywhere, regardless of any RTO mandates that you might see in the headlines. Whether they work in offices, at home, in a coffee shop or on a train, most of us are increasingly using UCC platforms and all of the associated channels (voice, video, chat).”
Landers explained that from a security perspective, this means organisations and industries are now decentralised, creating “a lot more freedom, both positive and negative”.
“Freedom to adopt non-sanctioned tools (shadow IT) would obviously be a security concern,” Landers said. “Similarly, many business workers are still very casual about screen sharing and what that may reveal. And, when leveraging UCC platforms, we have the ability to share content with people outside of the perimeter. That sort of lock down the perimeter mindset largely does not apply to UCC.”
Anurag Dhingra, SVP/GM, Chief Product & Technology Officer, Collaboration Business Unit at Cisco
Dhingra stated that because a new hybrid work model has emerged, people now want to come into the office for meaningful collaboration, not to work by themselves, as it’s been shown that most individual work can be done remotely.
“Dedicating time and resources to the transformation of offices into experience hubs that seamlessly support collaboration both virtually and in person is critical to supporting the hybrid workforce now and in the future,” Dhingra said. “Collaboration technology that supports this new hybrid workforce presents unique ‘benefits and bewares’.”
While emphasising the key importance of deploying technology to deliver a seamless experience, Dhingra stressed that since employees may access proprietary information in the office, at home, or anywhere in between, employers need to provide the infrastructure that mitigates risks end-to-end.
“The traditional office with a small number of campus locations has been replaced by a complex web of campus sites and hundreds or thousands of individual remote employee sites,” he continued. “Organisations will need to scale up and seamlessly integrate their security and collaboration tools that deliver extended capabilities, advanced privacy, and built-in compliance options that meet the new demands of the hybrid workplace, as well as industry and regional requirements.”
With the increasing adoption of cloud-based UC&C solutions, what best practices should organisations follow to ensure data privacy and compliance with industry regulations, especially when dealing with sensitive information?
Anurag Dhingra, SVP/GM, Chief Product & Technology Officer, Collaboration Business Unit at Cisco
Dhingra recommends that customers aim to understand where their data goes and how it is stored and handled, especially when leveraging UC solutions that incorporate generative AI.
“It’s no secret that AI is going to be part of the fabric of virtually everything we do at work and beyond, so some employees understandably may not feel prepared to navigate how the technology will impact their data privacy,” Dhingra said. “Our strategy is one of purposeful applications of AI to assist and make experiences and interactions better while adhering to our well-established responsible AI framework. Transparency is an important factor in the secure and reliable use of AI.”
Dhingra argued that it’s all about explaining when AI is in use and how it is making decisions, especially when it’s used to make any consequential decisions.
“All Cisco products go through a very comprehensive review, and we publish that in a very transparent manner on our trust portal,” he added. “Customers will be well served to choose solution vendors with comprehensive industry certifications, integrated compliance capabilities and a strong commitment to privacy practices.”
Jaz Lin, Head of Product at Intrado
Lin outlined several network fundamentals that organisations need to consider.
“For on-premises work sessions, make sure your Wi-Fi network is secured with appropriate encryption and multi-factor access control (MFA) at a minimum,” Lin suggested. “With both remote (home) as well as hybrid (roaming) work sessions, you have less control over the network.”
“You may want to require the use of a VPN for those outside your organisation. Another consideration is whether your organisation is comfortable with the security of a VPN over public Wi-Fi, which provides a reasonable level of security; however, requiring roaming users to use a mobile data SIM for roaming access would increase security even more.”
While Lin affirmed that data privacy is paramount, she also highlighted the critical need to ensure certain people have specific data under defined conditions.
“Because we help organisations comply with state and FCC regulations such as Kari’s Law and RAY BAUM’S Act, we view security through the lens of compliance and protection of workplaces and the people employed there,” Lin said.
“In those circumstances, getting precise incident data quickly and accurately to the jurisdictionally appropriate public safety answering point will expedite emergency response. Organisations also need the flexibility to determine who needs to be notified internally and how those notifications are sent.”
“Having a thorough incident management plan with policies and procedures documented, key stakeholders identified, and a communications plan and recovery process in place will result in the best possible outcomes.”
Garth Landers, Director of Global Product Marketing at Theta Lake
Landers emphasised that, as always, privacy and compliance alignment begins with policy.
“When it comes to UCC platform usage and areas like camera usage and screen sharing, make sure their usage aligns with your policy requirements,” Landers continued. “These requirements may be driven by GDPR or the California Consumer Privacy Act (CCPA) as it relates to privacy, for example. Policies about usage need to be communicated and reinforced on a periodic basis.”
From a technology perspective, Landers suggested there is a tendency in compliance to over-rotate and become too restrictive when it comes to UCC adoption and engagement.
“This is understandable given the stakes, with over 3B (USD) in fines and sanctions for financial services firms during the last 2 years for improper recordkeeping and unsanctioned communications usage,” Landers said.
“Some 68 percent of the firms we surveyed indicated that they are restricting UCC functionality to avoid compliance violations. This runs the risk of almost certainly hampering productivity and losing out on UCC as a competitive advantage. Technology policy enforcement should support UCC adoption and engagement, not deprive it.”
How can organisations strike a balance between security and user experience in their UC&C implementations to maintain productivity while safeguarding against potential threats?
Garth Landers, Director of Global Product Marketing at Theta Lake
Landers asked organisations to remember that most of their users are not malicious actors. He noted that a lot of insider risk is due to poor data hygiene, which can be remedied by training and reinforcement. In addition, when users do the wrong thing- they might be doing it for the right reason.
“For example, if you take away UCC functionality such as in-meeting chat, or company sanctioned SMS or other real-time collaboration tools, users will gravitate towards the unsanctioned ones- because they want to collaborate with customers, partners, drive revenue, win deals, etc.” Landers expanded.
“So, it’s important to think about the outcomes we want to deliver and recognise human behaviour and incentives. Don’t be overly restrictive; find the right blend of collaboration and complimentary compliance and security. This might mean looking at new tool sets- that were built with hybrid work in mind rather than your current providers.”
Jaz Lin, Head of Product at Intrado
Lin highlighted that, if user experience is not top of mind, organisations run the risk of people sidestepping security protocols.
“Without the benefit of the onsite corporate network infrastructure, offsite users pose a unique challenge,” Lin said. “However, assigning complicated extra steps is not an ideal workaround. Streamline wherever possible and look for solutions that can meet the needs of your workplace, whether they are onsite or off.”
“You need to consider some of the basics when implementing UCC or other solutions in your organisation. Do you have reasonable authentication methods and protocols in place? Are you running SSO? SSO provides for central account management, which makes it far easier for IT to provision (and deprovision) user accounts. Have you implemented multi-factor authentication (MFA)? That can greatly increase the security of an organisation’s network and applications without getting in the way of needed user access.”
Lin highlighted that, with a hybrid workforce, it is more important than ever to make sure that once users leave the organisation, their accounts are deactivated. She warned that multiple user databases (e.g. different user IDs and password pairs for different applications) can almost ensure that some accounts that should be disabled will, at some point, be left running.
“For compliance with FCC MLTS/VoIP regulations, which include coverage for remote workers and softphone users, it is important to balance the needs of end users and telecom managers with the regulatory obligations to ensure workers and your business are protected,” Lin continued.
“A single solution that considers how and where people work, as well as one that works seamlessly in your existing UCC environment, is the best way to maintain productivity while achieving a safe, secure solution to regulatory compliance.”
Anurag Dhingra, SVP/GM, Chief Product & Technology Officer, Collaboration Business Unit at Cisco
Dhingra affirmed that security and privacy should be built into every aspect of collaboration technology without compromising or disrupting user experience.
“For example, Webex takes proactive measures to provide the highest level of security that feels integrated into the platform and doesn’t disrupt productivity,” Dhingra said. “From product development to operations, use, and every place in between, privacy and security are embedded into every Webex product by design. This helps ensure that security features aren’t bolted on after development is completed but rather seamlessly integrated throughout.”
“Not only is security integral to our products, but we weave security into the very fabric of our business — securing data, processes, products, services, and employees to deliver true pervasive security and demonstrate trust every day.”
As cyber threats continue to evolve, what emerging technologies or trends do you see shaping the future of security in the hybrid workplace, and how can organisations prepare to address these challenges proactively?
Jaz Lin, Head of Product at Intrado
Lin underlined that Intrado is in the business of public safety technology and deeply embedded with all things 911.
“Across our spectrum of emergency response technologies, Intrado touches 90 percent of the (US’s) 911 calls,” Lin expanded. “Our NG911 network, also known as an Emergency Services IP network (ESInet), is as critical as infrastructure can be. ESInets are dedicated to emergency communications, and we use secure WAN MPLS with data running over it secured by TLS 1.2 or better.”
Lin stated that Intrado is seeing more states adopt NG911 infrastructure, which provides actionable data to public safety answering points (PSAPs), which in turn enhances personal, community and enterprise safety.
“Actionable data could be device-based location or supplemental data such as floor plans, access points, gate codes and more,” she added. “Knowing just the civic address of the structure where a call originated is not enough – some enterprise facilities are prohibitively large, with tens or hundreds of thousands of square feet of space and multiple floors to contend with.
Supplemental data with structure maps, z-axis (altitude/height) and other considerations can help first responders find people in need faster and help enterprises meet the “dispatchable location” criteria per FCC regulations, Lin suggested.
“We are also seeing enterprises begin to adopt more incident management solutions so that they can better plan for, respond to, and recover from emergencies,” she concluded. “Tools like Safety Suite and our Wearable Panic Button can instantly initiate a 911 response, notify key stakeholders, relay incident type, and lock down a building at the touch of a button. It also gives first responders critical data immediately, like floor plans, SOPs, ERPs, and more.”
Garth Landers, Director of Global Product Marketing at Theta Lake
Landers agreed that, given the focus on Gen AI in the last 18 months, this would be a natural emerging concern.
“There are a couple of ways of looking at this: What is your firm’s policy on LLM (platforms like OpenAI, Google Gemini) usage in the workplace? Should users be inputting proprietary and potentially sensitive data into those platforms, for example? If the answer is ‘no’, how are you enforcing and detecting that?”
Landers suggested that for internal GenAI adoption (applications like Microsoft Co-pilot, for example), while usage may be sanctioned, organisations may want to be selective in how they apply it, what data sets, users and business groups may be empowered to use it and what data sources can be indexed.
“This comes down to enforcing policy configuration discipline and avoiding policy configuration drift— which is a common threat in the hybrid workplace (and something Theta Lake can help guard against),” he said.
This post originally appeared on Service Management - Enterprise - Channel News - UC Today.