Notifications
Clear all
Topic starter
12/06/2026 10:04 pm
TL;DR: Hybrid and remote work expand the number of endpoints, access paths, and password-handling practices that security teams must govern, while also pushing organisations toward VPNs, MFA, passwordless, zero trust, and SSO, according to Axiad. The core problem is that convenience-driven access changes only help if identity controls, device hygiene, and user training are managed as one system.
NHIMG editorial — based on content published by Axiad: 10 tips for hybrid and remote work security
By the numbers:
- 53% of professionals believe that they can improve their remote work security through the right software platforms.
Questions worth separating out
Q: How should security teams secure hybrid and remote work without weakening user experience?
A: Security teams should combine MFA or passwordless authentication, SSO, endpoint hygiene, and least privilege so users have fewer secrets to manage and fewer risky exceptions to work around.
Q: Why does remote work make identity governance harder?
A: Remote work spreads authentication across more devices, more networks, and more applications, so identity teams lose visibility into where access is being used and how securely it is being handled.
Q: What do organisations get wrong about passwordless and SSO in remote work environments?
A: They sometimes treat passwordless and SSO as a complete solution rather than part of a broader control set.
Practitioner guidance
- Audit remote access paths for unmanaged device exposure Inventory where users can reach corporate resources from personal devices, unsecured networks, or non-standard browsers, then apply conditional controls to those paths.
- Consolidate third-party credentials under controlled identity policy Identify external tools that rely on separate passwords and bring them under password manager, SSO, or stronger authentication controls where possible.
- Reduce standing access before remote use expands it Apply least privilege to the applications and data remote users actually need, then remove broad entitlements that were inherited from older office-based access models.
What's in the full article
Axiad's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step guidance for deploying VPNs, password managers, and MFA across a hybrid workforce
- Practical explanation of how passwordless authentication and SSO can reduce login friction while strengthening access control
- More detail on endpoint management, user training, and the security rationale behind each of the 10 tips
👉 Read Axiad's 10 tips for hybrid and remote work security →
Hybrid work identity risk: what IAM teams still need to fix?
Explore further
13/06/2026 12:36 am
Hybrid work turns identity into the primary control plane. Once users work across unmanaged locations and devices, the perimeter stops being the meaningful boundary. Access policy, authentication strength, and endpoint trust become the real security system, and that is why remote-work guidance always collapses back into IAM decisions. The practitioner conclusion is simple: if identity controls are weak, hybrid work amplifies every other weakness.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means most programmes still lack the inventory needed to govern machine identities effectively.
A question worth separating out:
Q: Who is accountable when remote access is abused or compromised?
A: Accountability sits with the organisation's identity, security, and application owners together, because remote access risk crosses authentication, endpoint, and application policy boundaries. Frameworks like the NIST Cybersecurity Framework 2.0 support that shared responsibility model by tying access control, detection, and recovery into one governance view.
👉 Read our full editorial: Hybrid and remote work security still depends on identity control
