Hybrid Workforce Security

Securing the expanding hybrid workforce has become a critical priority for organizations as many workers return to the office while others remain remote.

This Hybrid Workforce Security Survey will reveal the current state of securing remote and on-premises work, the key challenges and unique security threats faced by organizations, technology gaps and preferences, investment priorities, and more.

Please take the 10 minute survey and receive the anonymized report as a thank you for sharing your insights.

Question Title

* 1. What percentage of your workforce was working remotely / at home BEFORE COVID (on average)? (Select one)

1% – 25%

26% – 50%

51% – 75%

76% – 100%

Question Title

* 2. What percentage of your workforce is still working remotely / at home NOW after the COVID pandemic (on average)? (Select one)

1% – 25%

26% – 50%

51% – 75%

76% – 100%

Question Title

* 3. Prior to the COVID-19 pandemic, how prepared was your organization with a business continuity / disaster recovery plan that included a rapid shift from on-premises to a remote workforce? (Select one)

Fully prepared

Moderately prepared

Ill prepared

Not at all prepared

Question Title

* 4. How concerned are you about the security risks introduced by employees working from home? (Select one)

Extremely concerned

Very concerned

Moderately concerned

Slightly concerned

Not at all concerned

Question Title

* 5. What is your organization primarily concerned with securing while employees work remotely? (Select all that apply)

SaaS apps (Zoom, Slack, Salesforce, GSuite, HR platforms, etc.)

On-premises apps

Custom apps

IaaS instances

Corporate network access

Managed devices

BYOD / personal devices

the Web

Cloud environment access

Employee Email Environments

Question Title

* 6. What are your concerns about the security risks introduced by new classes of remote users while working from home? (Select all that apply)

Loss of visibility of user activity

Password reuse across personal devices

Maintaining compliance with regulatory requirements

Remote access to business apps such as email and collaboration

Too many incident alerts for security team to handle

Data leakage to endpoints

Insider threats

Users connecting with unmanaged, personal devices

Direct access to cloud-based applications

Access from outside the perimeter, meaning less anti-malware protection

Employees increasingly vulnerable to phishing attacks

Other (please specify)

Question Title

* 7. How prepared was your organization for the shift to remote work from a security perspective? (Select one)

Fully prepared

Moderately prepared

Ill prepared

Not at all prepared

Question Title

* 8. What security controls do you currently deploy to secure remote work / home office scenarios? (Select all that apply)

Backup and recovery

Credential exposure monitoring / dark web monitoring

Anti-virus / malware

Mobile device management (MDM)

Software-defined perimeter (SDP)

Load balancing / application delivery controller (ADC)

Cloud Access Security Brokers (CASB)

Firewalls

Zero trust network access (ZTNA)

Virtual Private Network (VPN / SSL-VPN)

Cloud DLP

Autonomous response

Secure web gateway (web proxy / filtering) (SWG)

User and entity behavior monitoring (UEBA)

Multi-factor authentication (MFA)

AI threat detection and response solutions

Single sign-on

File encryption

Web application firewall (WAF)

Virtual desktop infrastructure (VDI)

Endpoint compliance

Anti-phishing

Automated threat triage and investigation

Account takeover prevention

Email / document signing and encryption

Endpoint security (EDR)

Password management

None

Question Title

* 9. What would you consider your organization’s biggest security challenge regarding supporting the remote workforce? (Select all that apply)

User awareness and training

Additional cost of security solutions

Sensitive data leaving perimeter

Increased security risks and vulnerabilities

Lack of visibility

Use of personal devices / BYOD

Home / public WiFi network security

Unsanctioned use of cloud apps

Accountability / audit gaps

Adding capacity

Availability / user experience

Solution scalability and performance

Use of weak or compromised credentials

Identification and triage of security incidents

Quick enough response to in-progress attacks

Siloed security tools with limited visibility

Too many security alerts

None

Other (please specify)

Question Title

* 10. What specific threat vectors are you most concerned about with employees working from home? (Select all that apply)

Malware

Phishing

Identity theft

Malicious websites

Insider attacks

Unauthorized User / Privileged Access

Unpatched systems / vulnerability exploits

Account takeover

Other (please specify)

Question Title

* 11. How many days did it take your organization to expand capacity to fully support the recently expanded remote workforce? (Select one)

0-7

8-14

15-30

31-60

More than 60 days

We did not expand our remote workforce

Question Title

* 12. How did you expand your capacity for providing remote employees with secure access to corporate resources? (Select all that apply)

We purchased more appliance hardware

We purchased more cloud apps

We purchased more user licenses for existing apps

We added additional vendors / solutions

We replaced existing solutions with new vendors

We have not expanded secure access capacity

Question Title

* 13. Are employees able to access managed applications from personal, unmanaged devices? (Select one)

Yes

Not sure

Question Title

* 14. Does your organization track or audit organization-owned devices by department? (Select one)

Yes

Not Sure

Question Title

* 15. Since going remote, which of the following have you received increased security support question about? (Select all that apply)

Suspicious two-factor authentication attempts

Reported phishing attempts

Concerns about terms of service of certain apps

Reporting breaches of third-party tools

Concerns over connecting personal IoT to same internet network used for work

Unable to share/backup from certain device types

Reports of malware on devices

Other (please specify)

Question Title

* 16. What work applications used by remote workers are you most concerned about from a security perspective? (Select all that apply)

Email and messaging

Videoconferencing

Social media

File sharing

Free business web applications (i.e. Evernote, Canva, Grammarly)

Subscribed, corporate managed web applications

Websites

Other (please specify)

Question Title

* 17. What percentage of your application stack is cloud vs. on-premises? (Select one)

100% on prem

Less than 25% cloud | mostly (>75%) on prem

26-50% cloud | 50-75% on prem

51-75% cloud | 25-50% on prem

76-99% cloud | <25% on prem

100% cloud

Question Title

* 18. Could remote work impact compliance mandates that apply to your organization? (Select one)

Yes

Question Title

* 19. If so, which ones? (Select all that apply)

GLBA

FISMA

HIPAA

PCI DSS

GDPR

CCPA

NIST

Security breach notification laws

Other (please specify)

Question Title

* 20. Do you agree with the following statement: Much of the burden of responsibility for securing the remote workplace is shifting from the IT security team to the individual employee. (Select one)

Yes

Somewhat

Question Title

* 21. Which of the following security protocols are individuals most resistant to adhering to or maintain? (Select all that apply)

Software-defined perimeter (SDP)

Virtual Private Network (VPN / SSL-VPN)

Endpoint security (EDR)

Single sign-on

Virtual desktop infrastructure (VDI)

Anti-virus / malware

Load balancing / application delivery controller (ADC)

Web proxy / web filtering

File encryption

User and entity behavior monitoring (UEBA)

Web application firewall (WAF)

Credential exposure monitoring / dark web monitoring

Endpoint compliance Firewalls

Password managers

Multi-factor authentication (MFA)

Cloud DLP

Backup and recovery

Account takeover prevention

Zero trust network access (ZTNA)

Cloud Access Security Brokers (CASB)

Anti-phishing

Mobile device management (MDM)

None

Other (please specify)

Question Title

* 22. Is your organization seeing higher productivity and other benefits from remote work? (Select one)

Much higher

Higher

About the same

Lower

Much lower

Question Title

* 23. Do you expect to continue to support increased work from home capabilities in the future (due to increased productivity and other business benefits)? (Select one)

Not likely

Somewhat likely

Very likely

Not sure

Question Title

* 24. Is your organization considering making some positions permanently remote (that used to be on-site) after the COVID pandemic ended? (Select one)

Yes

Not sure

Question Title

* 25. How is your budget for remote work security controls increasing in the next 12 months? (Select one)

Budget is shrinking

Flat

1-5%

6-10%

11-25%

26-50%

51-75%

76-100%

More than 100%

Don’t know

Question Title

* 26. What are the top 3 challenges affecting remote work / hybrid workplace security? (Select all that apply)

We have not experienced security scaling issues

Not enough security staff

Equipment for remote work (devices, cameras, accessories, etc.)

Logistics of installing agents on employees’ personal devices

Bandwidth restrictions impacting productivity

Not enough security budget

Monetary requirements for buying more or better security appliances

The logistical challenge of installing more or better security appliances

Not enough licenses

Increase in help desk calls

Other (please specify)

Question Title

* 27. Which roles in your company were enabled for working remotely / at home BEFORE COVID? (Select all that apply)

Support

Marketing

Administration

Devops

Development

Operations

IT Security

Finance

Executives

Sales

Other (please specify)

Question Title

* 28. Which roles in your company are you enabling NOW for working remotely / at home AFTER the COVID pandemic? (Select all that apply)

Development

IT Security

Finance

Sales

Support

Devops

Executives

Administration

Operations

Marketing

Other (please specify)

Question Title

* 29. Do you enforce the same level of security controls and data management for all roles in the company as they access remotely? (Select one)

Yes

Question Title

* 30. What is the primary risk you’re concerned with as your users connect remotely? (Select one)

Exposure to malware, phishing or other exploit

Protection of my data, especially when accessed by unmanaged endpoints

Ensure compliance of my regulated users

Audit and oversight of employees conducting work from unmanaged resources

Inability to detect novel attacks across the workforce

Security team unable to respond quickly enough to threats

Disjointed security tools

Other (please specify)

Question Title

* 31. What use cases are you using SaaS or cloud-based applications for? (Select all that apply)

Email and collaboration

File sharing

Finance, accounting or HR

Business Intelligence

Sales force or marketing automation

Product development

Customer support

Video conferencing

Other (please specify)

Question Title

* 32. Has hybrid workplace growth (post COVID) increased your company’s use of cloud resources, applications, and SaaS? (Select one)

Yes

Not sure

Question Title

* 33. Do you enforce a VPN connection for all remote workers or can they enable or disable the corporate VPN at will? (Select one)

Yes

Not sure

Question Title

* 34. What visibility do you have over user activity if VPN is disabled by a remote worker? (Select one)

None

Partial

Full

Complete user activity audit trail both on and off the network

Question Title

* 35. What makes remote work less secure? (Select all that apply)

Users are more likely to use corporate devices for personal and family activities, increasing the risk of drive-by-downloads

Users are more likely to reuse passwords across work and personal accounts

Users that are furloughed pose an increased risk of data theft

Security tools cannot adapt to fast-changing environments and user behaviors

The organization no longer has visibility since most remote workers operate outside the corporate network

Our security solutions are not designed to secure a fully remote workforce

Users are less likely to comply with new or existing corporate security policies

Employees are using personal devices where the organization has less control

We do not have security that covers the entire enterprise

Users are more likely to access corporate resources using unmanaged personal or family devices

Users are more susceptible to phishing attacks at home

Employees are using personal devices where the organization has less control

Other (please specify)

Question Title

* 36. Please rank the importance of the following cyber technologies to protect the organization from these new threat vectors? (Rank most important answers at the top)

Question Title

* 37. To what degree do you agree with this statement: Throughout the shift to remote work, leaning upon VPN has proven challenging. (Select one)

Strongly agree

Moderately agree

Slightly agree

Neither agree nor disagree

Slightly disagree

Moderately disagree

Strongly disagree

Question Title

* 38. To what degree do you agree with this statement: Going forward, your organization will shift away from on-premises appliances and tools in favor of the cloud for enabling remote work. (Select one)

Strongly agree

Moderately agree

Slightly agree

Neither agree nor disagree

Slightly disagree

Moderately disagree

Strongly disagree

Question Title

* 39. How concerned is your organization about sophisticated impersonation and/or phishing email attacks (Select one)

Very concerned

Somewhat concerned

Not concerned at all

Question Title

* 40. Has there been an increase in the amount of spam emails your employees have received while working remotely? (Select one)

Significant increase

Some increase

About the same

Some decrease

Significant decrease

Question Title

* 41. How confident are you that legacy email security tools can stop sophisticated novel email phishing attacks from reaching employee inboxes? (Select one)

Very confident

Somewhat confident

Not confident at all

Question Title

* 42. How confident are you that your existing security tools would be able to identify insider threat or a stealthy attack through the supply chain? (Select one)

Not at all confident

Not very confident

Somewhat confident

Very confident

Question Title

* 43. How important is it that security tools can adapt to changing digital environments, without requiring humans to configure them? (Select one)

Critical

Very important

Somewhat important

Not important

Question Title

* 44. To what extent do you agree that signature and rule-based tools are incapable of detecting novel (zero-day) attacks? (Select one)

Strongly Agree

Somewhat agree

Strongly agree

Somewhat disagree

Question Title

* 45. To protect a remote/hybrid workforce, is your organization considering adopting AI or autonomous security systems? (Select one)

Yes

Question Title

* 46. Is your organization planning to replace siloed security tools for a centralized platform to secure the entire IT estate (Select one)

Yes

Not sure

Question Title

* 47. How has remote work impacted your helpdesk wait times? (Select one)

Yes

Question Title

* 48. Has your organization experienced remote workers deviating from established security policies and controls? (Select one)

Yes

Question Title

* 49. Do you currently have an identity proofing/verification process before issuing users with identity credentials? (Select one)

Yes

No but we plan to