Balancing Employee Privacy and Security for Remote WorkersHeidi Shey of Forrester on Adopting a Two-Pronged Approach
The increasingly connected home is a vulnerable part of the extended enterprise, especially as the line further blurs between personal life and work, says Forrester principal analyst Heidi Shey. She encourages organizations to adopt a two-pronged approach to protecting the "work from home" workforce - a combination of controlling what they can via Zero Trust and empowering employees to look after their own personal security and privacy.
Shey says organizations need to harden corporate device security as well as the applications employees use for work. They should consider application virtualization or app containers, she says, because they provide protection and also make a device less appealing to criminals.
She also recommends monitoring access control to corporate data resources. "How are you applying least privilege? How are you reviewing entitlements and looking at data access activity," she asks.
See Also: Case Study: The Road to Zero Trust
With regards to empowering employees to protect themselves, Shey says: "It's about really knowing your workforce, their attitudes towards security and privacy, and how far they may be willing to do things themselves."
In a video interview with Information Security Media Group, Shey discusses:
- The vulnerabilities and privacy concerns that have surfaced after nearly two years of remote working;
- How organizations can address "work from home" security and privacy concerns by controlling what they can via Zero Trust and empowering employees to protect themselves;
- How the market for consumer security and privacy technologies is evolving.
Shey is a principal analyst at Forrester serving security and risk professionals. Her research primarily focuses on data security and privacy strategy, skills development, policies and related technology controls. She guides clients in applying a Zero Trust, data-centric approach to securing data, advising them in areas such as sensitive data discovery and classification, data loss prevention and secure communications. Her research coverage includes breach costs, e-discovery, cyber insurance and customer-facing breach notification and response. She also covers consumer security and SMB security market trends.