Employees are our most important asset, so protecting them and their work interests should be our most important mission. You can easily recognize organizations that truly “get it.” They’re the ones shifting security efforts from a primary focus on protecting underlying technologies to the more business-relevant position of protecting the value delivered by employees.

Security Focused on Business Value – as Delivered by Employees

Designing protective measures that are personalized for the employee requires deep knowledge of the employee environment and intended outcomes, including the products of their work efforts, unique work situations, the threat landscape, the organizational culture — and the desired work experience. Because experience is a dynamic balance of security, productivity, and cost that’s unique to each situation, it’s essential to continuously monitor and adjust to achieve the best employee experience. Analytics and contextual workflows embedded in the workspace provide the basis for organizing, guiding, and automating the desired (and ever-evolving expectations of) employee experience.

Workspace Security Technology as a Competitive Advantage

Technologies that empower and deliver the workspace must be agile, relevant, and resilient to achieve the optimal balance of security, productivity, and cost. From the most basic organization to highly-regulated industries, it’s essential to get security, privacy, governance, and compliance right.

At the foundation of the workspace are insights, technologies and controls that provide basic security hygiene (patching, anti-malware, strong authentication, and much, much more). This foundation is built through carefully integrated and orchestrated security measures that support the unique needs of the employee and directly equate to business value. The workspace continuously evaluates supporting technology and security measures to ensure this foundation can support employee-specific business functions.

As risk and privilege increase, so do security measures, dynamically scaling up and down to align with both technology and business risk. This focus changes how employees experience security, which has traditionally involved significant worker frustration and led to creative (but risky) ways of getting around security technologies and policies.

Any Device, Any Network, Any Cloud?

The workspace must also help to address hard problems like gauging trust. (Is that email authentic? Is that link safe to click? Does this endpoint meet or exceed the security requirements for this action?) The final determination for trust has often been left to the employee, without integrated tools to fully evaluate the chain of trust. The disastrous results of business email compromise, phishing, ransomware, and spyware are proof that evaluating and verifying trust must evolve.

Building trust measures into the fabric of the workspace is multifaceted, with integrated endpoint analysis, application-specific VPNs, threat feeds, content inspection, behavioral analysis, attestations, and reputational assessments. Trust must be measured and attested — and never assumed. Encoding trust in the workspace enables employees to use any device, any network, and any cloud — but only in the desired security context.

Enabling Line-of-Business Leadership to Protect Their Employees

With IT departments focused on the technical foundation for protecting business interests, line-of-business leaders must align desired employee experiences with the required business outcomes. Owning the P&L gives them direct responsibility for balancing security, productivity, and cost models, which can be built into workspace insights, actions, applications, desktops, and content management. Metrics, measures, and KPIs help gauge the effectiveness of policies and the effect of change on individual employees, teams, projects, and tracked business outcomes.

Integrated business intelligence also help third parties that might not be as familiar with your policies, including interns, contract workers, and your supply chain.

Your goal should be to use the workspace to aggregate technical- and business-protective measures for the workforce, while organizing, guiding, and automating the desired experience on a deeply personal level.

Protection That’s Situationally Aware and Contextually Risk-Appropriate

Let’s look at a three-step plan for integrating meaningful workspace security:

  1. Determine Desired Employee Experiences: Describe the common situations that employees will routinely encounter in producing business outcomes, as well as any unique situations and anticipated exceptions. Situations could include roles, work locations, travel, and other aspects with unique protection requirements. Use policies to define standard situations, workflows to evaluate exceptional situations, and analytics to both gauge compliance and look for outlying behaviors. Engage workspace intelligence to help employees better understand their roles, impact, and needs in protecting business outcomes.
  2. Architect Security as a Business Enabler: Involve both IT and line-of-business leaders in understanding the context of work, using the 5Ws of context (who, what, when, where and why) to describe and document. Map the context of work against risks specific to those contexts to ensure the delivered experience is commensurate with risk. The workspace fabric should balance technology interests (where risk = danger) with business outcomes (where risk = opportunity).
  3. Organize, Guide, and Automate Protective Measures: Use the workspace to provide employees with insights to protect their work interests  and highlight where the workspace enables automatic protection. Prioritize work based on risks, highlighting probabilities and the impact on work efforts. Provide active coaching to guide employees through complex security and privacy requirements, policy actions, and shared responsibilities. With an eye to the future, augment protection with your digital twin and engage the workspace to help reinforce your security culture.

Protecting your employees in an ever-changing threat landscape is essential to the success of your organization. A modern digital workspace solution like Citrix Workspace enables you to integrate business and technical security in a personalized and meaningful way and helps you to deliver a great employee experience.