Securing the modern workplace

How could so much change in such a change in such a short period of time? While COVID continues to disrupt business, it’s become even more critical to secure the modern workplace. Noel Allnutt, Co-founder and Managing Director at Solista, looks back on the past 18 months and shares his advice on how to create a rock-solid modern workplace practice.


One of the pandemic-induced inhibitors to the modern workplace was the legacy technologies that still existed within business. What are you seeing in terms of legacy tech that’s maybe not enabling the modern workplace as easily as you would like?

We’ve spent the last eight years helping organisations break the shackles of legacy technology. The way that we secure the modern workplace has historically been with legacy applications and legacy tools. The challenge now with this instant-on environment – whereby people can spin up a Slack instance or a 365 instance within 30 seconds with a credit card or PayPal account – is how does security keep up with that? How does identity keep up with that?

Organisations have built structures and processes around traditional technologies and legacy technologies that have enabled customers to use the tools that we use today. That’s really one of the big fundamental challenges: some of the legacy tech just hasn’t kept up to speed, therefore it has slowed down the adoption of the more modern tools inside the modern workplace. We’re seeing small organisations shift everything to SaaS to ensure they’re always up to speed, always-on in terms of their compliance and their security for those types of tools.

One of the tough areas of traditional workplaces and traditional ways of serving that data is that there’s no orchestration or automation. So that’s a big hold-up. As you look to onboard and offboard customers quickly, if you don’t have that built into your environment – and a lot of the legacy technologies don’t – then it really slows down the speed that you can innovate and onboard people.

And of course, with such a skills shortage in Australia, specifically the demand for talent, the difference between getting somebody over the line or not could be the speed of the experience they have when they’re doing a demo environment as part of an interview, for example. So it’s a real challenge.

But I also feel for the end-user customers, the CISOs, the IT managers and the CEOs out there. If not for the past 18 months to two years, we might not be having this conversation around legacy technology holding back the modern workplace. But the landscape has changed so quickly, so you need to have empathy for the people who made those decisions. They were the right decisions at the time. 

Do you think being forced to act – even though there was some short-term pain over the past 12 to 18 months – means we’ve ended up with better security postures for our organisations overall?

I would say we absolutely have. Generally, organisations have improved their security. There’s still a long way to go, and I think that’s being driven by a few factors.

One would be the awareness in the marketplace that security has to be at the top of the agenda, especially if you have a look at any of the literature that’s coming out. We’re even seeing that bonus structures for executives are being aligned to reducing the residual risk of their business. I think that’s really important.

So, yes, because of that extra awareness where organisations are aiming to be more secure, things have improved. There’s also just been general awareness of all the hacks that have occurred. So at Solista, we’ve got a piece of consulting work we do for most of our clients as we’re kicking off large projects, and that’s around readiness assessments. So organisations are asking themselves, “What happens if I do get hit?” So we go through the process of simulation, of assuming that a hack will happen and then testing and making decisions faster to remediate.

It used to be a case of getting a report and you’d say, “Hey, this needs fixing” and you’d eventually get to it – but it wouldn’t be prioritised. Now, we see a problem and say, “I need to fix it. Let’s go and make that happen.”

All in all, I think we’re more secure than we were 18 months ago.

One of the things we’re seeing is an ‘offset’: the better the security gets, the worse the user experience gets. One of the concerns is that if the UX around security is cumbersome, some team members might look for shortcuts. Are you seeing much of that still within the marketplace, especially as we’re now dealing with a distributed workforce?

It’s still a huge problem. Shadow IT has been a significant problem for a long time. It’s simply that new tools that provide visibility on shadow IT have really emphasised how big a problem it is. If we look at a lot of the breaches out there, they’re not always coming in from the traditional means. They’re coming from applications that haven’t been turned off or test environments where, at the time, it wasn’t seen as critical or classified data. So there’s definitely a pocket of shadow IT which is still a risk.

The digital user experience conversation has really escalated from external to internal as we’ve gone down the modern workplace path. Most of the money used to be spent on the applications that were generating cash for the business from the outside – whether it’s your tier-one applications where customers make orders, such as food-delivery companies. They spent a lot of money on securing their apps because it’s what paid the bills. If the app went down, there were day-to-day or even hour-by-hour losses of significant money. So they made sure the right TCO was in place to spend the money just to ensure that their app remained up and functioning.

What we’ve seen since the pandemic is that so much more money is being spent on the visibility and user experience of the internal applications. This is because people are living inside these applications day in, day out. They have to be able to have the right amount of uptime and they have to be able to access these applications quickly. Otherwise it becomes a barrier to their productivity.

At Solista, we are really pushing this message that cyber needs to be an enabler to the modern workplace – not something that holds you back. So, looking at different ways you can potentially use biometrics to log in more effectively, or looking at different identity strategies to help people onboard or offboard. With such a skills shortage for the amount of roles that we have in digital and engineering and security, the difference between somebody getting frustrated and looking to leave their job versus remaining where they are – that could come down to the way they access their applications.

If a high-performance person is scratching their head because they can’t log into Salesforce because of the legacy way they’re using multifactor, or you’ve got an engineering team that’s taking five to 10 minutes to get inside their JIRA applications – that’s just not going to cut it. Not only because it’s costing the business a significant amount of money in downtime and lost productivity, but for the fact it’s frustrating. And if the next organisation offers $5,000 more and they have a seamless internal user experience, then people are going to move for that.

The digital user experience of internal applications is absolutely vital, and security has a big role to play.


Want more insight into the world of security, identity access management, biometrics and more? Get your fix with the IDentity Today podcast, hosted by Daltrey MD Blair Crawford. You can start on Episode 1 here or listen via Apple Podcasts, Spotify or your favourite podcast app.