The rapid evolution of the workplace has transformed how organizations operate, leading to a significant shift in how work is conducted and secured. With the rise of remote and hybrid work models, the traditional boundaries of the corporate network have dissolved, leading to new security challenges. The use of unmanaged devices—whether employee-owned under Bring Your Own Device (BYOD) policies or those belonging to contractors—has become a common practice.
While this flexibility offers numerous benefits, such as improved productivity and employee satisfaction, it also introduces substantial risks. These devices, which often lack the rigorous security controls found in managed corporate devices, are now gateways to sensitive business-critical applications and data. This situation demands a reevaluation of security strategies to ensure that organizations can maintain robust security postures without compromising the flexibility that modern work demands.
In this context, securing access to corporate resources across all devices, both managed and unmanaged, has become more critical than ever. Traditional security approaches, such as firewalls and Virtual Private Networks (VPNs), are no longer sufficient to address the complex challenges posed by a dispersed workforce. Instead, organizations must adopt modern security frameworks that provide consistent protection across all devices and access points. This shift is crucial not only for protecting sensitive data but also for maintaining business continuity and ensuring compliance with regulatory requirements.
The Modern Workplace: The Rise of Remote and Hybrid Work
The concept of the workplace has undergone a dramatic transformation over the past decade, accelerated by advancements in technology and the global impact of events like the COVID-19 pandemic. What was once predominantly office-based work has evolved into a more flexible model where employees can work from anywhere, leading to the rise of remote and hybrid work arrangements.
Remote work allows employees to perform their duties from locations outside the traditional office, often from home or co-working spaces. Hybrid work, on the other hand, combines remote work with some degree of in-office presence, allowing employees to split their time between the office and other locations. This flexibility has become a cornerstone of the modern workplace, offering numerous benefits such as increased employee satisfaction, reduced commuting times, and access to a broader talent pool.
However, this shift has also led to a significant increase in the use of unmanaged devices. Employees often use personal laptops, tablets, or smartphones to access corporate resources, especially in remote and hybrid work scenarios. While these devices provide convenience, they are often not subject to the same security controls as managed corporate devices, creating new vulnerabilities that organizations must address.
Security Challenges in the Modern Workplace
The proliferation of unmanaged devices in the modern workplace has introduced several security challenges that organizations must navigate. Unlike managed devices, which are typically provisioned and controlled by the organization’s IT department, unmanaged devices are owned and maintained by the employees or contractors themselves. This lack of direct control over these devices makes it difficult for organizations to enforce security policies and monitor potential threats effectively.
One of the primary challenges is the lack of visibility into the security posture of unmanaged devices. IT departments often have limited insight into the security configurations of these devices, such as whether they have up-to-date antivirus software, firewalls, or encryption. This lack of visibility can lead to significant security gaps, as it becomes difficult to detect and respond to potential threats in real-time.
Another challenge is the diversity of unmanaged devices. Employees may use a wide range of devices with different operating systems, software versions, and security configurations. This diversity makes it challenging to implement a one-size-fits-all security solution, as each device may require different security measures to address its unique vulnerabilities.
Additionally, the use of unmanaged devices increases the risk of data leakage and unauthorized access. Employees may inadvertently store sensitive corporate data on personal devices, which may not have adequate security measures in place to protect it. Moreover, these devices are more susceptible to loss or theft, further increasing the risk of data breaches.
Challenges of Securing Unmanaged Devices
Increased Attack Surface
The shift to remote and hybrid work has expanded the attack surface for organizations, making it more challenging to secure corporate resources. In a traditional office environment, the attack surface was relatively limited, with most employees accessing corporate resources from within the secure confines of the corporate network. However, the widespread use of unmanaged devices has significantly increased this attack surface, creating new opportunities for cybercriminals to exploit.
Unmanaged devices, particularly those owned by contractors or employees under BYOD policies, are often used to access corporate applications and data from various locations, including public Wi-Fi networks, homes, and other insecure environments. These devices are typically not subject to the same level of scrutiny and control as managed corporate devices, making them more vulnerable to attacks.
For example, an employee using a personal laptop to access corporate email may unknowingly connect to a compromised Wi-Fi network at a coffee shop. This connection could allow cybercriminals to intercept sensitive data or inject malware into the device. Once compromised, the unmanaged device could serve as a conduit for attacks on the corporate network, allowing attackers to gain access to critical systems and data.
Furthermore, unmanaged devices often lack the necessary security controls to prevent or detect such attacks. Unlike managed devices, which are typically configured with endpoint protection, encryption, and other security measures, unmanaged devices may not have these protections in place. This lack of security controls makes it easier for attackers to exploit vulnerabilities and gain unauthorized access to corporate resources.
Common Vulnerabilities in Unmanaged Devices
Unmanaged devices are inherently more vulnerable than managed corporate devices due to several factors. These vulnerabilities stem from the lack of standardized security measures, inconsistent software updates, and the general absence of oversight from the organization’s IT department. Understanding these vulnerabilities is crucial for organizations looking to secure their remote and hybrid workforce.
One of the most common vulnerabilities in unmanaged devices is outdated software. Personal devices may not receive regular software updates, leaving them susceptible to known security flaws. Operating systems, browsers, and applications that are not kept up to date can serve as entry points for cyberattacks. For example, an outdated web browser may have unpatched security holes that allow attackers to execute malicious code or steal sensitive information.
Another significant vulnerability is the lack of security controls, such as antivirus software, firewalls, and encryption. While managed corporate devices are typically equipped with these controls, unmanaged devices may not have them installed or may use less effective consumer-grade versions. This lack of protection makes it easier for malware, ransomware, and other malicious software to infect the device and potentially spread to the corporate network.
Unmanaged devices are also more susceptible to phishing attacks, which are among the most common methods used by cybercriminals to gain access to sensitive information. Employees using personal devices may not have access to the same level of phishing protection as they would on a managed corporate device. Additionally, they may be more likely to fall for phishing scams when using personal email accounts or browsing the internet outside of the corporate environment.
The physical security of unmanaged devices is another area of concern. Unlike corporate devices, which are often tracked and managed by the organization, personal devices are more likely to be lost or stolen. A lost or stolen device that contains sensitive corporate data or has access to corporate applications can lead to a significant data breach if it falls into the wrong hands. Furthermore, personal devices may not be encrypted, making it easier for unauthorized individuals to access the data stored on them.
Impact on Corporate SaaS and Critical Applications
The vulnerabilities associated with unmanaged devices pose a direct threat to corporate Software as a Service (SaaS) applications and other critical business systems. SaaS applications, which are widely used for everything from email to customer relationship management (CRM), are particularly vulnerable when accessed from unmanaged devices.
One of the primary risks is unauthorized access. Unmanaged devices, which often lack robust authentication mechanisms, are more susceptible to account compromise. If an attacker gains access to a user’s credentials through a phishing attack or malware, they can potentially access the SaaS applications that the user has permission to use. This access can lead to data theft, unauthorized changes to business-critical information, or even the use of the compromised account to launch further attacks within the organization.
Another significant impact is data leakage. Unmanaged devices may store sensitive information locally, such as cached data from SaaS applications or downloaded documents. If these devices are not properly secured, this data can be easily accessed by unauthorized users, either through physical access to the device or by exploiting vulnerabilities in the device’s software.
The use of unmanaged devices can also complicate compliance with regulatory requirements, such as GDPR, HIPAA, and other data protection laws. These regulations often require organizations to implement specific security measures to protect sensitive data, including encryption, access controls, and regular audits. When employees access corporate applications from unmanaged devices, it becomes more challenging to ensure that these compliance requirements are met, potentially exposing the organization to legal and financial penalties.
The rise of remote and hybrid work has introduced significant challenges in securing unmanaged devices. These devices, which are often used to access corporate SaaS applications and critical business systems, expand the attack surface and introduce numerous vulnerabilities.
To address these challenges, organizations must adopt modern security solutions that provide consistent protection across all devices, regardless of whether they are managed or unmanaged. By doing so, they can safeguard their sensitive data, ensure compliance with regulatory requirements, and protect their business from the growing threat of cyberattacks.
Traditional Security Approaches and Their Limitations
1. Managed Laptops
Managed laptops have long been a cornerstone of corporate IT security, offering a controlled environment where security policies can be enforced uniformly. These devices are provisioned and maintained by an organization’s IT department, equipped with the latest security software, configurations, and updates to protect against threats. However, as remote and hybrid work models have become more prevalent, relying solely on managed laptops to secure a dispersed workforce presents several challenges.
Shipping and Maintenance Challenges
One of the primary challenges is the logistics involved in shipping and maintaining managed laptops. Distributing laptops to a geographically dispersed workforce involves significant coordination and cost. Organizations must not only handle the initial setup and deployment but also manage ongoing maintenance and support. This includes ensuring that all devices receive timely updates, patches, and replacements when necessary.
Furthermore, the process of provisioning managed laptops often involves configuring them with specific software, security settings, and access controls. This setup can be time-consuming and labor-intensive, particularly when scaling up to accommodate a growing workforce. In addition, the physical handling of devices, including shipping, configuring, and troubleshooting, adds another layer of complexity and cost.
User Experience Issues
Another significant issue with managed laptops is the impact on user experience. Managed devices often come with strict security configurations that can affect performance and usability. For instance, rigorous endpoint protection software and security controls may slow down system performance, leading to frustration among users. Additionally, managed laptops may have restrictions on software installation or configuration changes, limiting users’ ability to customize their work environment and potentially impacting their productivity.
The process of provisioning and maintaining managed laptops also lacks flexibility. Employees who need to switch between different devices or work environments may encounter difficulties if they are constrained to using a specific managed laptop. This inflexibility can hinder the adaptability and efficiency of a modern, agile workforce.
2. Virtual Desktop Infrastructure (VDI)
Virtual Desktop Infrastructure (VDI) is another traditional approach to securing remote access by providing users with virtualized desktops hosted on a central server. While VDI solutions offer a controlled environment where security policies can be enforced consistently, they come with their own set of limitations.
Cost Considerations
One of the primary drawbacks of VDI is its cost. Implementing and maintaining a VDI solution requires significant investment in infrastructure, including servers, storage, and network resources. The costs associated with licensing, hardware, and ongoing support can be substantial, particularly for organizations with a large number of users.
In addition to the initial setup costs, organizations must also consider the ongoing operational expenses. Managing a VDI environment requires dedicated IT resources to handle server maintenance, updates, and performance optimization. These costs can add up over time, making VDI an expensive solution for many organizations.
Complexity and Scalability
VDI solutions can also be complex to deploy and manage. Configuring virtual desktops, setting up user profiles, and ensuring compatibility with various applications and devices requires significant expertise. Organizations may face challenges in integrating VDI with existing IT systems and applications, leading to potential compatibility issues and increased complexity.
Scalability is another concern with VDI solutions. As organizations grow or experience fluctuations in demand, scaling a VDI environment can be challenging. Adding new virtual desktops or expanding server capacity requires careful planning and management to ensure performance and reliability. In contrast, cloud-based solutions offer more flexibility and scalability, allowing organizations to adjust resources as needed.
User Experience Issues
User experience is another area where VDI can fall short. While VDI provides a controlled environment, the performance of virtual desktops can be impacted by factors such as network latency, bandwidth limitations, and server load. Users may experience slower response times or reduced performance compared to using a local desktop, which can affect productivity and satisfaction.
Additionally, VDI solutions may face limitations in supporting certain applications or workloads that require high-performance graphics or specialized hardware. This can be a significant drawback for users who need to run resource-intensive applications or work with large datasets.
3. VPNs and Legacy Security Solutions
Virtual Private Networks (VPNs) and other legacy security solutions have traditionally been used to secure remote access to corporate resources. While VPNs offer a layer of encryption and allow users to connect to the corporate network from remote locations, they have limitations in addressing the complexities of modern security needs.
Inefficacy for Unmanaged Devices
One of the key limitations of VPNs is their ineffectiveness in securing unmanaged devices. VPNs primarily focus on encrypting the connection between the user’s device and the corporate network, but they do not address the security posture of the device itself. If a user connects to the corporate network via a personal device that lacks adequate security controls, the VPN does not provide protection against potential threats on that device.
Moreover, VPNs can introduce additional security risks if not properly configured. For example, if a VPN connection is compromised, attackers may gain access to the entire corporate network. This risk is particularly concerning when users connect from insecure or public networks, which may be more susceptible to attacks.
Challenges with Legacy Security Tools
Legacy security tools, such as traditional firewalls and antivirus software, often struggle to address the dynamic and evolving nature of modern threats. These tools may not be equipped to handle sophisticated attacks or adapt to new vulnerabilities, leading to potential gaps in security coverage.
Additionally, legacy security solutions may lack integration with modern security frameworks, making it difficult to implement comprehensive security policies across a diverse range of devices and environments. The complexity of managing multiple security tools and ensuring they work together effectively can also be a significant challenge.
Modern Solutions for Securing the Hybrid Workforce
1. SASE (Secure Access Service Edge)
Secure Access Service Edge (SASE) is a modern security framework designed to address the challenges of securing a hybrid workforce. SASE combines networking and security functions into a unified, cloud-delivered solution that provides secure access to applications and data regardless of the user’s location or device.
Unified Security and Networking
SASE integrates various security functions, including secure web gateways, cloud access security brokers (CASBs), and zero trust network access (ZTNA), into a single platform. This integration simplifies the management of security policies and ensures consistent protection across all access points.
By delivering security and networking functions from the cloud, SASE provides a scalable and flexible solution that can adapt to the needs of a modern, distributed workforce. Users can access corporate resources securely from any device or location, without the need for traditional VPNs or complex network configurations.
Enhanced Visibility and Control
SASE solutions offer enhanced visibility into user activity and network traffic, allowing organizations to monitor and respond to potential threats in real-time. By leveraging cloud-based analytics and threat intelligence, SASE can provide actionable insights and help organizations identify and mitigate risks more effectively.
2. Enterprise Browsers
Enterprise browsers are specialized web browsers designed to provide a secure browsing experience for users accessing corporate resources. These browsers offer several key features that enhance security and ensure consistent protection across devices.
Secure Web Access
Enterprise browsers are designed to protect against various web-based threats, such as phishing, malware, and data leakage. They often include built-in security features, such as secure browsing modes, content filtering, and advanced threat detection, to safeguard users while they access corporate applications and data.
Zero Trust Access
Enterprise browsers can be integrated with Zero Trust architectures to enforce strict access controls and ensure that users are authenticated and authorized before accessing sensitive resources. By requiring continuous verification of user identity and device posture, enterprise browsers help prevent unauthorized access and reduce the risk of data breaches.
Consistent Security Policies
One of the key advantages of enterprise browsers is their ability to enforce consistent security policies across all devices. Organizations can configure and manage security settings centrally, ensuring that users adhere to corporate security standards regardless of the device they are using. This consistency helps to mitigate the risks associated with unmanaged devices and provides a unified approach to securing web access.
3. Zero Trust Architecture
Zero Trust is a security model based on the principle of “never trust, always verify.” Unlike traditional security models that rely on perimeter defenses, Zero Trust assumes that threats can exist both inside and outside the network and requires continuous verification of all access requests.
Principles of Zero Trust
The core principles of Zero Trust include:
- Least Privilege Access: Users are granted only the minimum level of access necessary to perform their job functions. This minimizes the risk of unauthorized access and limits the potential impact of security breaches.
- Continuous Verification: Zero Trust requires continuous verification of user identity, device posture, and access requests. This involves multi-factor authentication, device health checks, and real-time monitoring to ensure that only authorized users and devices can access corporate resources.
- Micro-Segmentation: The network is segmented into smaller, isolated zones to limit lateral movement and contain potential threats. Micro-segmentation helps prevent attackers from moving freely within the network and accessing sensitive data.
Integration with Modern Solutions
Zero Trust principles are integrated into modern security solutions, such as SASE and enterprise browsers, to provide comprehensive protection for hybrid workforces. By implementing Zero Trust, organizations can enhance their security posture and address the limitations of traditional security approaches.
Enforcing Access Controls
Zero Trust architectures enforce strict access controls by requiring authentication and authorization for every access request. This approach ensures that users and devices are continuously validated before gaining access to corporate resources, reducing the risk of unauthorized access and data breaches.
Enhancing Security Across Devices
By applying Zero Trust principles to both managed and unmanaged devices, organizations can ensure that security policies are enforced consistently, regardless of the device’s ownership or location. This approach helps to address the challenges associated with securing remote and hybrid work environments and provides a more effective and resilient security posture.
To recap, the traditional security approaches of managed laptops, VDI, and legacy tools have limitations that make them insufficient for addressing the complexities of modern, hybrid work environments. As organizations increasingly rely on remote and unmanaged devices, adopting modern solutions like SASE, enterprise browsers, and Zero Trust architectures is essential for securing access to corporate resources. These modern solutions provide a unified, flexible, and scalable approach to security that can adapt to the evolving needs of a dispersed workforce, ensuring robust protection against emerging threats while maintaining productivity and user satisfaction.
Implementing a Secure Workspace on Managed and Unmanaged Devices
Deployment of SASE with Enterprise Browser
Secure Access Service Edge (SASE) represents a modern approach to securing network access by integrating networking and security functions into a single, cloud-delivered platform. When combined with an enterprise browser, SASE offers a robust solution for securing access to corporate resources across both managed and unmanaged devices.
1. Unified Security and Networking
Deploying SASE involves integrating various security functions, such as secure web gateways, cloud access security brokers (CASBs), and Zero Trust network access (ZTNA), into a cohesive platform. This integration ensures that security policies are uniformly applied across all access points, regardless of whether users are on managed or unmanaged devices.
An enterprise browser enhances this security framework by providing a controlled and secure browsing environment. By routing all web traffic through the enterprise browser, organizations can enforce security policies such as content filtering, secure web access, and threat detection. This ensures that users, whether on corporate-provided laptops or personal devices, adhere to the same security standards while accessing corporate applications and data.
2. Streamlined Deployment and Management
To deploy SASE with an enterprise browser, organizations typically start by selecting a SASE provider and integrating it with their existing IT infrastructure. The SASE platform is configured to manage and monitor network traffic, enforce security policies, and provide visibility into user activity. The enterprise browser is then deployed as part of the SASE solution, ensuring that all web-based interactions are secured and monitored.
One of the key benefits of this approach is the ability to deploy security measures quickly and efficiently. SASE solutions are cloud-based, which means they can be implemented without the need for extensive on-premises infrastructure. This cloud-delivered model allows organizations to scale their security measures as needed, providing flexibility and agility in responding to evolving threats.
3. Ensuring Secure Access Across Devices
With SASE and an enterprise browser in place, organizations can ensure secure access to corporate resources regardless of the device being used. The SASE platform manages and secures network traffic, while the enterprise browser provides a secure environment for web-based interactions. This combination offers a comprehensive approach to securing both managed and unmanaged devices, ensuring that users have consistent, secure access to corporate applications and data.
Ensuring Consistent Security Policies
1. Importance of Uniform Security Policies
Applying consistent security policies across all devices is crucial for maintaining a strong security posture. Uniform policies ensure that all devices, whether managed or unmanaged, adhere to the same security standards, reducing the risk of vulnerabilities and data breaches.
2. Centralized Policy Management
Centralized management of security policies allows organizations to enforce uniform controls and settings across all devices. With modern solutions like SASE, organizations can manage security policies from a single platform, ensuring that all devices are subject to the same rules and protections. This centralized approach simplifies policy enforcement and reduces the risk of configuration errors or inconsistencies.
3. Policy Enforcement for Unmanaged Devices
Unmanaged devices, such as personal laptops or contractor devices, often lack the same level of security controls as managed devices. By applying consistent security policies through solutions like SASE and enterprise browsers, organizations can extend their security measures to these devices. This includes enforcing access controls, content filtering, and threat detection to ensure that unmanaged devices do not compromise corporate security.
4. Regular Policy Reviews and Updates
Regularly reviewing and updating security policies is essential for addressing new threats and vulnerabilities. Organizations should continuously assess their security policies and make adjustments as needed to ensure that they remain effective in protecting against evolving risks. This includes updating policies to reflect changes in the threat landscape, technological advancements, and organizational requirements.
Frictionless User Experience
1. Balancing Security and Usability
One of the primary goals of modern security solutions is to provide robust protection without hindering productivity or user experience. Traditional security measures, such as VPNs or complex authentication processes, can create friction and impact user efficiency. Modern solutions like SASE and enterprise browsers are designed to minimize this friction while maintaining strong security controls.
2. Seamless Integration
SASE solutions and enterprise browsers are designed to integrate seamlessly into users’ workflows. For example, enterprise browsers provide a secure browsing environment without requiring users to switch between different applications or tools. This integration allows users to access corporate resources securely while maintaining a smooth and efficient workflow.
3. Simplified Authentication
Modern security solutions often incorporate user-friendly authentication methods, such as single sign-on (SSO) or biometric authentication. These methods streamline the login process, reducing the need for multiple passwords or cumbersome authentication steps. By simplifying authentication, organizations can enhance the user experience while ensuring strong security.
4. Optimized Performance
Performance optimization is a key consideration for modern security solutions. SASE platforms and enterprise browsers are designed to minimize latency and ensure fast, reliable access to corporate resources. This is achieved through cloud-based infrastructure, intelligent traffic routing, and optimized content delivery. By prioritizing performance, organizations can ensure that security measures do not negatively impact user productivity.
Best Practices for Organizations
Regular Security Audits
1. Importance of Continuous Monitoring
Regular security audits are essential for maintaining a strong security posture and identifying potential vulnerabilities. Continuous monitoring allows organizations to detect and respond to security incidents in real-time, reducing the risk of data breaches and other security threats.
2. Comprehensive Audit Scope
Security audits should encompass all aspects of an organization’s IT environment, including managed and unmanaged devices, network infrastructure, and security policies. This comprehensive approach ensures that all potential vulnerabilities are identified and addressed.
3. Engaging with Third-Party Experts
Engaging with third-party security experts can provide additional insights and expertise in conducting thorough security audits. These experts can offer an objective assessment of an organization’s security measures and recommend improvements based on industry best practices and emerging threats.
4. Actionable Findings and Remediation
The results of security audits should be used to inform actionable remediation efforts. Organizations should prioritize addressing identified vulnerabilities and implementing improvements based on audit findings. Regular follow-up audits can help ensure that remediation efforts are effective and that new vulnerabilities are promptly addressed.
Employee Training and Awareness
1. Importance of Security Training
Educating employees and contractors on security best practices is critical for preventing security incidents and maintaining a secure workspace. Employees are often the first line of defense against cyber threats, and their awareness and behavior play a significant role in protecting corporate resources.
2. Ongoing Training Programs
Security training should be an ongoing process rather than a one-time event. Organizations should implement regular training programs that cover a range of topics, including phishing awareness, password management, and safe browsing practices. Ongoing training helps reinforce security awareness and keep employees informed about new threats and best practices.
3. Tailored Training for Different Roles
Training programs should be tailored to the specific needs and responsibilities of different roles within the organization. For example, IT staff may require more in-depth training on technical security measures, while general employees may need training on recognizing and responding to phishing attempts.
4. Encouraging a Security Culture
Building a culture of security within the organization is essential for ensuring that employees prioritize security in their daily activities. This includes promoting a security-conscious mindset, encouraging reporting of potential security incidents, and recognizing employees who demonstrate strong security practices.
Adapting to Emerging Threats
1. Staying Informed About New Threats
The threat landscape is constantly evolving, with new vulnerabilities and attack methods emerging regularly. Organizations must stay informed about the latest threats and trends to effectively adapt their security measures and protect against evolving risks.
2. Implementing Advanced Security Technologies
Adopting advanced security technologies, such as artificial intelligence (AI) and machine learning (ML), can help organizations stay ahead of emerging threats. These technologies can provide real-time threat detection, automated response capabilities, and predictive analytics to enhance overall security.
3. Regularly Updating Security Measures
Security measures should be regularly updated to address new vulnerabilities and adapt to changing threats. This includes applying security patches, updating software and hardware configurations, and revising security policies based on the latest threat intelligence.
4. Continuous Improvement
Organizations should adopt a mindset of continuous improvement when it comes to security. This involves regularly reviewing and refining security measures, conducting post-incident analyses, and learning from past experiences to enhance overall security posture.
Conclusion
The most effective security solutions often come from embracing flexibility rather than imposing rigid controls. In an era where remote and unmanaged devices are the norm, organizations that focus on integrating modern technologies like SASE and enterprise browsers can create a secure yet seamless work environment.
Implementing a secure workspace for both managed and unmanaged devices requires a comprehensive approach that balances security with user experience. By deploying modern solutions like SASE and enterprise browsers, organizations can provide consistent, robust protection across all devices while ensuring a frictionless user experience.
Adhering to best practices, such as conducting regular security audits, providing ongoing employee training, and staying ahead of emerging threats, is essential for maintaining a strong security posture and safeguarding corporate resources. By adopting these strategies, organizations can effectively navigate the complexities of modern security and support a productive, secure hybrid workforce.