The persistence of hybrid work offers lots of benefits for employers and employees, but also continues to present many IT challenges. From a cybersecurity perspective, the distributed application architecture of hybrid work makes it even more critical to protect all traffic flows. This perimeter-less environment is the new normal when considering home users, cloud, and SaaS applications. IT leaders are increasingly considering security frameworks that converge network and security to focus on the performance, reliability, and security of the perimeter-less environment.

We recently sat down with Sean Aviv from the Comcast Business solution architect team to learn more about the needs and challenges they are hearing from customers as they continue to adjust their cybersecurity posture to support the hybrid model. Overall, as a result of the shift, they are seeing an increased need to focus on all threat vectors including securing the corporate infrastructure, cloud environments, and home networks while ensuring a great user experience and application performance.

The shift to distributed workforces and cloud has brought on a lot of change from a cybersecurity perspective. What are some of the more foundational shifts that businesses need to make to better secure their networks?

A more distributed workforce and increased adoption of cloud, infrastructure-as-a-service, SaaS applications, and IoT require a holistic approach to securing the enterprise. With hybrid work alongside a distributed application architecture, it is critical to protect all traffic flows as users, corporate data, and business-critical assets can reside anywhere. As organizations look to optimize their security posture, they are shifting towards software-defined wide area networking (SD-WAN), micro-segmentation, and threat response automation technologies. These solutions can streamline network threat monitoring and management, help businesses secure their corporate data, and manage the attack surface through network segmentation.

What are you hearing from Comcast Business customers about evolving their cybersecurity postures?

We are absolutely seeing an increased awareness of cyberthreats such as ransomware, DDoS, and software vulnerability concerns. Customers understand that with a distributed workforce and applications migrating to the cloud, they have more exposure to security risks and data breaches. At Comcast Business, we help customers better protect their networks and data via secure architectures leveraging solutions such as SD-WAN, DDoS mitigation, and other services in our extensive managed security portfolio. From a speed-to-market perspective, we are seeing certain industry verticals adopting advanced security technologies and threat response automation at a faster pace. Manufacturing, healthcare, financial services, retail, education, and government are leading the charge.

What are some of the key cybersecurity challenges that remain for IT leaders?

Cyberthreats are continually evolving, becoming more sophisticated, and more difficult to detect. A strong cybersecurity strategy is always on, continuous, and requires people, process, and technology. A key challenge is delivering a complete security strategy that is aligned with each organization’s specific business risks. The strategy must consist of the right security technologies, policies and procedures, ongoing security assessments, threat intelligence, and a threat detection and response strategy. The key is to take a proactive approach to cybersecurity and mitigate threats ahead of time and not wait for the attack to take place.

Are there any challenges specific to supporting a more hybrid workforce?

A hybrid workforce requires organizations to look beyond the corporate network and identify additional cyber risks that exist in the home such as WiFi connections, personal devices (BYOD), and the increase in phishing attempts. These potential exploits can lead to a breach impact across the organization, which is why a comprehensive approach to security must be taken. This includes endpoint protection, MFA, access control, as well as secure connectivity to the Internet, corporate assets, and cloud applications. These can be addressed with the combination of a strong VPN solution, secure SD-WAN platform, firewall-as-a-service, or other technologies that align to the SASE framework to deliver a resilient and secure end-to-end solution.

As IT teams continue to make adjustments in their cybersecurity policies, how can they set themselves up for success?

Planning ahead, IT decision makers need to re-think their approach to traditional networking and security practices, and consider a shift toward SD-WAN technologies, zero trust architectures, artificial intelligence, and automation. The first step is to know the environment and understand risk. Organizations should have a clear view into all assets, corporate data, personally identifiable information applications, and systems whether on the network, in the cloud, or a home user device. This requires having the right tools, analytics, and skillset to achieve. We have all seen in the news multiple organizations that were impacted due to cyberattacks that resulted in data breaches due to unpatched servers and ransomware payouts where social engineering vulnerabilities were exploited. This comes down to taking a holistic and proactive approach to mitigating the continuously evolving threat landscape.

As businesses continue on their digital transformation journey, what are some key security policies that they need to consider?

We are in a new era of technology where the modern workforce is increasingly more distributed, applications are continuing to migrate to the cloud, and more SaaS platforms are being utilized. All of this drives a demand for increased bandwidth at the business edge and the home. Organizations are looking for a more efficient, optimal, and secure way to manage their traffic flows. Secure SD-WAN and EDR technologies are reshaping the enterprise and are driving the next evolution in networking and security by delivering application level path selection, automation over a secure architecture, and automated threat response. This requires an end-to-end security model that focuses on cybersecurity with a high-performance Internet breakout design that includes branch edge, cloud, and endpoint security that tie back to intelligent automated platforms and analysis for threat detection, response, and containment.

How have cloud-based services and direct to cloud impacted cybersecurity posture management?

Protecting corporate data is a critical component of a strong cybersecurity strategy. This comes down to understanding where corporate data resides, who accesses the data, and how the data is accessed. Both the network design and security posture come into play. Designing the cloud environment with the right network architecture depends on who needs to access the environment and how they are accessing the information. For example, we would design the network and security policies differently on a public cloud infrastructure than we would on a private cloud infrastructure. Focusing on delivering a robust, multi-cloud security model that encompasses a holistic view across all users, systems, applications, and traffic flows in a perimeter-less networking environment.

When considering SaaS platforms such as file storage or customer relationship management solutions, it is worthwhile assessing Cloud Access Security Broker (CASB) solutions that enforce security policies to help prevent data exfiltration or unauthorized access to corporate data, protect against malware, and gain visibility into the SaaS/Cloud environment. Other technologies include SD-WAN, micro-segmentation, and EDR solutions for cybersecurity intelligence and automation across the enterprise.

To learn more about managed services from Comcast Business, please visit: https://business.comcast.com/enterprise/products-services/managed-services