For many, connecting to enterprise applications remotely has become part of everyday working life. The ability to “just connect” to any app, from any device, anywhere, and at any time, is the foundation of great user experience. In partnership with leading cloud security company, Zscaler, members explored the impact of ubiquitous connectivity on security, and how security strategy must evolve to enhance the user experience.

Nathan Howe, VP Emerging Technology at Zscaler, and Karl Hoods, Chief Information and Digital Officer at the Department of Business, Energy and Industrial Strategy, set the context.

As new ways of working evolve, the goal is delivering secure application access for end users. The experience for each user should be the same, from wherever and from whatever device they’re using to connect. Significant shifts in network use have occurred over the past year. UK enterprise traffic trends neatly mirror lockdowns, with levels of remote user traffic consistently outstripping in-office traffic in 2021, as Zscaler’s Work-From-Anywhere Trends dashboard shows. 

What working models are most likely post-COVID-19? A live poll confirmed a ‘hybrid’ of office and remote. A narrow majority, 48%, selected equal parts remote and office. 45% opted for ‘hybrid plus’, where remote working is the norm. 7% opted for ‘fully remote’, with zero votes for ‘mostly office-based’. 

Looking at today’s top pain points in the user experience, 52% said ‘inconsistent experience across devices or locations’, with latency the second choice, at 31%. 

So where should IT and security teams focus to deliver this flexible working model and improve consistency?

1. Focus on simplification and the employee experience. Treat everyone as though they are effectively remote, which involves moving applications to the cloud, and where possible, rationalising the number of applications.
2. Break down barriers and silos within organisations to iron out idiosyncrasies in security implementation, and to provide a common user experience across units.
3. Define user personas and individual journeys to smooth out and standardise the user experience across different functions. 
4. Focus on inclusion. Some users require assistive technology for example, which alters the work-from-anywhere experience.
5. Increase visibility of potential network issues. Collect data to spot bottlenecks amongst a remote workforce, and support users to feed back to their own broadband providers on performance issues.
6. Collect data through workplace analytics to understand new patterns of behaviour and collaboration, which can help technology adapt to new needs.

Members split into groups: one defining user experience, one focusing on what ‘secure’ looks like, both in the context of ubiquitous connectivity. A number of themes emerged:

What defines user experience?

• Consistency - the same whether you’re on mobile app or a desktop.
• Assistance - things work for everyone, not just ‘techies’. Deliver and integrate assistance and support mechanisms as part of the UI. Interacting in apps should be a seamless experience.
• Self-service - empowering users to do more themselves, with support channels as necessary.  
• Identity - cuts across all aspects of the user experience. Can identity be simplified, so that it’s done in the same way?

Security in the context of ubiquitous connectivity

• Focusing on Identity, Data, Device, Network. Identity played an important role for everyone. 
• Security should be applied at the user level, with attention to different communities e.g. Linux users, Mac users etc.
• Which is more important: UX or security? Poor UX leads people to find workarounds that compromise security, so they have to go hand-in-hand.
• CISOs with a modern outlook should influence at board level. Moving away from a “box-hugging” mentality, and other old ways of thinking about security that block the adoption of new technologies that support business change.
• CISOs to deliver sustainable value, and be measured against this.

This event was in partnership with Zscaler, a global IT security company.