Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Hybrid work security gaps: what IAM teams should tighten first


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Hybrid work expands access from home networks, shared spaces, and mobile channels, increasing phishing exposure, encrypted traffic demands, and data-handling complexity, according to GlobalSign. The security problem is less about location and more about weakening trust, identity verification, and communication controls across distributed work environments.

NHIMG editorial — based on content published by GlobalSign: hybrid work security risks in a post-pandemic workplace

By the numbers:

Questions worth separating out

Q: How should security teams handle trust when employees work from home and the office?

A: Security teams should stop using workplace location as a primary trust signal and instead rely on multifactor authentication, device posture, and session-level verification.

Q: Why do hybrid work models increase phishing risk?

A: Hybrid work pushes more communication into email, chat, and messaging tools, where impersonation is easy and verification is often weak.

Q: What breaks when security policies still assume a fixed office perimeter?

A: Policies built around a fixed perimeter fail when users connect from home routers, shared networks, and mobile devices.

Practitioner guidance

  • Strengthen remote identity verification Require multifactor authentication, device posture checks, and stronger user verification for access from unmanaged or home networks before sensitive systems are reachable.
  • Harden phishing-resistant communications Use digitally signed email, enforce secure messaging policies, and train staff to validate high-risk requests through a second channel before acting.
  • Review trust assumptions in hybrid access policies Reassess whether office location is still being treated as a security signal and replace it with assurance-based access decisions that follow the user and the session.

What's in the full article

GlobalSign's full article covers the practical detail this post intentionally leaves for the source:

  • How the vendor frames multi-factor authentication, mobile authentication, and digital signatures for hybrid and remote workers.
  • The specific security and communication controls it recommends for reducing phishing exposure in distributed teams.
  • The article's workplace and employee-support angle, including how hybrid working changes office expectations and team structure.
  • The vendor's own discussion of public key infrastructure as part of a remote-work security stack.

👉 Read GlobalSign's analysis of hybrid work security risks and remote access controls →

Hybrid work security gaps: what IAM teams should tighten first?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Hybrid work has become an identity assurance problem, not just a network-security problem. The article correctly frames the risk as more than remote access. Once users, devices, and approvals move across multiple locations, trust must be re-established continuously instead of being inherited from a corporate perimeter. For IAM programmes, this means stronger authentication, device confidence, and session governance become core controls rather than add-ons.

A question worth separating out:

Q: Who is accountable when remote access authentication fails?

A: Accountability sits with the identity, access, and system owners jointly, because the failure spans authentication design, access path governance, and detection coverage. In regulated environments, leaders should be able to show who approved exceptions, who reviewed risk, and who owns the control outcome.

👉 Read our full editorial: Hybrid work security gaps are outpacing workplace flexibility



   
ReplyQuote
Share: