- Network security is key as we adapt to the “new normal” in flexible work.
- Cloud-based strategies are a solid solution – but beware shortcuts.
- Network segregation measures can also help at the device level.
Accessible data is now the foundation on which businesses are built – and that’s a problem for today’s workspaces where independence and flexibility are major selling points. But there’s one area where you can’t just go with the flow – and that’s your network security.
What is network security?
Network security is a multi-faceted concept where you must essentially protect the data flying around your network and the network itself, including your wifi, wired and internet connections.
Network security is also regularly overlooked by some spaces. Adrianne Schoen, creative director at Realnets, said: “Network security is an incredibly undervalued aspect of shared working spaces. It is a huge challenge to control the flow of people in the office, so determining who should and shouldn’t be there becomes a bigger security issue than it would be in a dedicated office.”
The complex nature of network security is a stumbling block for many workspaces. William Edmundson, board president of the Global Workspace Association and COO of Office Evolution, said:
“The security of a network can be very technical, expensive, and make things much more difficult. Setting up a standard, simple, built in is best for ease of management and basic protection for members. You need to consider each “area” separately.”
Don’t panic. There are plenty of steps that flexible workspaces can take to increase the security of their networks and protect their members. Let’s look at your options.
Enter adaptive security
Adaptive security is one proactive approach to your network security. Here, threats are continuously monitored and analysed across your network, helping you keep pace with the changing cybersecurity risks, as they evolve over time. In essence, your network adapts to threats before they happen.
“Adaptability is a continuing theme when it comes to cybersecurity in shared spaces. Modern cloud-based networking solutions, like Microsoft’s Azure Active Directory, make it possible to run a business securely in this type of environment. They operate by using user accounts to determine a person’s access settings.”
“This type of system creates greater manoeuvrability for the users, which has been a huge help in transitioning people into a work-from-home environment. It gives employees seamless access from their devices to everything they have in the office,” Schoen added.
A cloud-based network is a perfect match for adaptive security initiatives. James Shannon, chief product officer at essensys, said:
“A private network and secure cloud infrastructure protect against vulnerabilities and security breaches. An investment in a sound cloud strategy is the most soundproof approach for enterprise-level network security and service reliability.”
But beware quick wins, which could do more damage than good for your network security. Shannon added: “DIY networks and IT consultants fall short of providing the enterprise-grade security standards, and network monitoring and visibility needed for a flexible workspace environment.”
“The most strategic approach is to partner with a third party that has invested in network and cloud infrastructure with layers of resiliency that not only protect from threats but also enable operators to easily meet security requirements of a wider range of occupiers.”
Robust network security measures can help flexible workspaces attract corporate members. Shannon explained: “The majority of businesses today already work off of cloud-based applications, making their work available from any location. Ideally, they need safe internet connectivity to access these applications securely.”
“Enterprise occupiers will have varying requirements for network access, but most will have specific requirements around wifi networks – open networks with shared password certainly won’t cut it. For this reason, flexible office operators should equip their proposition with the ability to deliver specific services like Public IP addresses, VLANs and firewalls that can segregate traffic and protect users from malicious users,” Shannon explained.
But this is a complex balancing act, where firewalls can hamper access to the internet for members. Phelton Lim, IT director of Pacific WorkPlaces, explained that most centres are “wondering about wifi security” while also providing members access to the internet resources they need. “If we had firewalls and rules in place, this would always be a question if the rules put in place are running correctly. Was there a mistake in the rules? Are the rules out of order? etc. Every query, you have to verify and it takes time. Usually, you have to take down the rules you think are in question – or simply remove all the rules, test, and see if the troubles continue. You need a lot of time and effort and that’s not always possible.”
With an increase in corporate professionals using coworking spaces, additional measures may also need to be put into place. Bernhard Mehl, CEO of Kisi, said: “Corporate companies might require to deploy their own private IT for single private offices within a coworking facility.”
Mehl added: “Most modern companies leverage cloud security mechanisms such as 2FA or Identity Providers already to protect their information on devices that are connected to a public internet source, e.g. airport wifi or hotel wifi. Extending this functionality will increase with, for example, managed device services to control the device rather than the network.”
Adaptive security also gives flexible workspaces a high level of control, where an IT administrator can cancel a user’s access across your entire network. This can help mitigate the risk of unauthorised devices accessing the network.
To achieve this, network segregation models must be put in place. Tom Zampini, chief product officer at Convene, explained: “Proper network segmentation and a ‘zero trust’ security model for all user devices are key components in securing both coworking and flexible space IT networks, both of which we implement at Convene.”
“From the customer that just needs ‘really fast wifi’ all the way to the enterprise customer whose internal compliance demands segregated infrastructure, coworking providers must be prepared to serve these customers and all that fall in between. This will require infrastructure designed for customer network segmentation (both physical and virtual) along with secure network access control that challenges all devices for unique network credentials that will automatically place devices on the proper network.”
There is a range of specific measures available to segregate your network from both unwanted users and between your individual members. Victor Vasev, senior director of coworking at Yardi, explained: “Two of the most important steps are VLAN segregation in which each of the members and guests is segregated on the network.”
“In addition, by creating dedicated SSiDs for each member, you are able to segregate each of the members at the SSiD level. This prevents unwanted users from performing malicious tasks such as sniffing a member’s traffic,” Vasev added.
The physical security of the space itself is also a commonly overlooked issue, according to Schoen, who added: “A lot of breaches come from hackers accessing information on-site. Cloud-based door lock solutions, such as Kisi, can make granting and denying access to defined areas much easier than it has been in the past. These newer solutions are fantastic for these more fluid shared spaces.”
To summarise, workspace operators may want to consider the following:
- A cloud-based infrastructure to enable easy-to-manage adaptive security measures.
- Separate VLANS and networks for your wired network for different users (including staff, members and guests) and your shared resources, such as your printers.
- Authenticating members and separating them from guest users on your wifi network.
- Physical security measures to prevent hackers from entering your space.
- Device-level security to keep member equipment separate from other member networks, letting them manage their own firewall and equipment.