Haider Pasha, Chief Security Officer at Palo Alto Networks for EMEA and LATAM, highlights that hybrid work, BYOD, and SaaS adoption have exposed major security blindspots. He stresses that organisations must consolidate their security tools and adopt SASE and secure browsers to protect data, devices, and AI-driven workflows in real time.
The modern workplace has undergone a seismic shift in recent years, with remote and hybrid work, unmanaged devices, and widespread SaaS adoption redefining how businesses operate.
While ‘return-to-office’ mandates have hit headlines, the world of work remains hybrid. Just recently, the government of Dubai urged employers to encourage remote and flexible work to cut traffic. The government conducted two surveys, by the Roads and Transport Authority of Dubai and the Dubai Government Human Resources Department, which found that flexible hours or remote work would significantly reduce traffic at peak hours on Dubai’s busiest roads.
With working patterns significantly changed, compared to pre-pandemic, the cyber attack surface many security postures were built to support still are not fit for purpose, and they’re currently exposing organisations to a surge in browser-based threats, phishing attacks, and ransomware.
The Problem
Today’s organisations are facing a battle on two fronts – they need to provide flexibility to their workforce while remaining water tight in their cybersecurity policies. Currently, the latter is falling short.
For example, according to a new research report called “The State of Workforce Security: Key Insights for IT and Security Leaders” from Palo Alto Networks and Omdia, the rise of hybrid workforces has led to 90% of organisations permitting some level of access from personal devices, despite 72% acknowledging the major security risks this creates.
Even with return-to-office mandates hitting headlines, this research shows that at least 42% of employees are currently expected to work remotely in some capacity, necessitating robust security measures for diverse and dynamic workforces.
That said, it isn’t a case of removing everything already in place and starting again. A cost-effective approach would be to identify areas where there may be blindspots and investigate tools and processes that will help protect against them.
The kind of blindspots that might be encountered include encrypted traffic visibility, where 64% of encrypted data remains uninspected, creating gaps for malware and data exfiltration.
At a more granular level, 98% of organizations report policy violations involving BYOD devices and 53% feel unprepared to address security issues stemming from unmanaged devices.
Alongside this, many organisations will even find that the rise of generative AI, with 65% of businesses lacking control over AI-related data sharing, is a workstream in itself. With blindspots identified, security teams can construct an integrated, adaptive and targeted approach to cybersecurity.
The Solution
To address these growing risks ushered in by the era of remote work, organisations must embrace Secure Access Service Edge (SASE) and secure enterprise browsers as core components of their security measures. SASE enforces strict access controls, while secure browsers isolate workspaces on unmanaged devices, reducing malware and data leakage risks. Together, they provide real-time visibility, phishing protection, and last-mile data loss prevention (DLP) across SaaS and web apps, while also securing encrypted traffic and AI-driven risks.
With this foundation in place, the broader shift that will offer organisations the best protection against common cyber threats is consolidation. Platformisation has become a pivotal component of any modern cybersecurity strategy with a focus on identifying ways to consolidate, integrate and simplify security functions and vendors to reduce complexity, and less opportunity for new blind spots to appear.
As cyber threats grow more sophisticated, and work remains hybrid, organisations can no longer rely on fragmented security solutions. A unified, data-driven security strategy that integrates SASE and secure browsers is essential to closing visibility gaps, protecting unmanaged devices, and securing AI-driven workflows—ensuring businesses remain both resilient and productive in an evolving digital landscape.