In a recent report by 1Password, Chief Information Security Officers (CISOs) have identified remote and hybrid employees as the primary security risk for their organizations. The report highlights that 49% of CISOs point to these workers as a significant security vulnerability, followed by partners, suppliers, and affiliates (47%), and machine identities (38%).
This heightened risk is attributed to the increasing shift toward remote and hybrid work, which has surged from 70% to 80% since 2020. “The profound tectonic shifts in how companies have worked over the last two years have grown the Access-Trust Gap from a small fissure into a vast chasm,” said Jason Meller, VP of Product at 1Password.
The Access-Trust Gap, as defined by 1Password, represents the disparity between users, applications, and devices a business explicitly trusts versus those that can access its sensitive data. The report warns that this gap leads to “overly permissive sign-ins” from unauthorized devices, posing risks of data leaks and compromised access.
The challenges of remote work security
According to Jay Bretzmann, Research Vice President at IDC, traditional security tools struggle to address the complexities introduced by hybrid work environments and AI-driven threats. “As organizations embrace hybrid work, addressing the Access-Trust Gap is more urgent than ever,” he stated.
To mitigate these risks, the IDC recommends a multi-faceted approach that includes:
- Extending access policies across all devices
- Securing all apps, including IT-managed and shadow applications
- Protecting credentials across platforms
- Authenticating workforce identities throughout their lifecycle
- Enabling secure sign-ins via SSO, passwords, and passkeys
- Monitoring device health to block compromised devices
“A future-focused access management solution should combine identity and device management for both managed and unmanaged devices, ensuring all access attempts are secure and trusted,” Bretzmann added.