Security and the world of work are set to be tied together for the foreseeable future. Along the sidelines of GISEC 2022, Telecom Review spoke with Mohammed Arif, director, modern workplace and security, Microsoft UAE on the best practices and investments behind securing a digital environment.
How is Microsoft UAE addressing security in modern workplaces as organizations aim to pursue their digital transformation journey in a secure digital environment?
When you think about the past period, there's been tremendous pressure on organizations of all sizes to digitally transform to adapt to a new way of work — the whole hybrid work revolution. In parallel, there is also a rapid acceleration of threat vectors and evolution of the threat landscape. There are more complex and destructive attacks. Just this year, the total cost to economies of cyberattacks is $6 trillion and is expected to grow to $10 trillion by 2025.
When you take all of these big megatrends, customers are faced with a whole new set of security challenges. So our focus has been to help customers to adapt and update their security strategies, to tackle these threats , to eliminate blind spots by being proactive about their threat hunting, and also to make the concept of zero trust real. Zero trust is the global gold standard for enterprises, and we make that real with the least access privilege.
How can employees make their work environment secure? What are the best practices?
There are a lot of things that employees can do. First and foremost is to be more security aware of the key challenges, have an understanding of things to be able to see between an email that looks suspicious versus a real one. But I must say that the onus of the problem still lies within the organization and its security apparatus.
As an example, how do we move towards a password-less future? If users are not dealing with passwords, facing the risk of losing passwords and getting them misused go low. There is really a lot for the security teams and organizations to do to make secure access a reality for everyday use.
What kind of investments can organizations make to upgrade their communication security systems?
There are lots of different ways in which you can look at the security challenges today. However, two words are crucial for this phase: zero trust. Every organization needs to know what zero trust means for them and what a zero trust architecture looks like.
In simpler terms, with zero trust, you only give access to users on a need basis. By default, you trust nobody, not even your own employees. You only provide access based on their profile, privilege that they have, and so on. That has to be the number one thing that every customer needs to ensure that they implement for their own organization.
Please tell us about the modern workplace and security's growth plans for the next three to five years.
The past period has taught us a lot of lessons, particularly that security is not bound by the perimeter of your organization’s building. Employees and work will evolve to enable work-from-anywhere. Thus, customers will have to constantly think about how they can enable productivity in users while ensuring that security continues to be key.
One way in which they need to address that is by adapting to user behavior. Without a doubt, security and the world of work are tied together for the foreseeable future. We will continue to see innovation in how work happens, more sophisticated threat vectors and criminals out there, and more cloud-based innovation on security technologies and solutions.
