6min

Workspace Security Platform: A response to changing cyber practices

Cybersecurity - Workspace Security Platform Setup

What is a Workspace Security Platform? 

According to Gartner, a Workspace Security Platform brings together the techniques and tools used to secure all of an organization’s digital assets related to employee use of the information system: workstations, email accounts, digital identities, data, and more. Companies and institutions must protect their employees’ daily life against cyber threats, knowing that attackers have multiple points of entry: workstations, external devices, servers, mobile phones, business applications, data, identities, networks, etc. 

A Workspace Security Platform must enable CISOs to ensure protection against different types of cyberattacks — intrusion attempts, data theft, ransomware, etc. — while maintaining an optimal user experience. 

Finally, it enhances the effectiveness of cybersecurity measures by simplifying the operational management of tools and optimizing budgets.  

Why a Workspace Security Platform  

The rise of cyber threats  

The median ransom amount was $200K in 2024, according to a study by Check Point. The financial impact of ransomware is significant, and it is one of the threats that affects the largest number of companies. Data theft has increased by 58% according to the same study, targeting both businesses and individuals.  

Protecting information systems is therefore essential in the face of ever-increasing cyber threats and attackers who are relentlessly developing ingenious new techniques and sophisticated attacks targeting all assets of an information system: endpoints, emails, data, identities, and beyond —  hence the importance of a holistic approach to protecting the entire workspace. 

For example, in our report on a Russian APT28 campaign, we explained how the threat actor used specially crafted malicious web page files as part of a nested execution chain that exploits Windows’ built-in ability to handle remote file searches via WebDAV to download and execute a remote payload. This unique method of payload delivery is invisible to the victim, who opens a seemingly harmless decoy file or folder.

Legal and regulatory obligations  

In addition to protection against cyber risks, compliance is also an issue for organizations. 

GDPR, NIS 2, DORA… Whether it’s local or global laws or regulations, or those targeting specific activities, companies must protect their IT assets, their data, and that of their customers.  

Take GDPR, which requires personal data to be secured (regardless of the storage medium used); or the NIS 2 directive that imposescompliance requirements and measures for risk management, prevention, and incident response. Organizations’ responsibilities will only further expand in the future. 

Deploying a Workspace Security Platform is one cohesive way to meet legal and regulatory requirements.  

Risks associated with third-party applications and service providers  

 IT tools are essential to an organization’s operations, from messaging to business applications. And the proliferation of these tools continues to accelerate. Although necessary, each of these solutions is a potential vector for attack if they are poorly secured. However, as the Snowflake case, the Uber attack, and the Microsoft hearing have shown, even the biggest players are not immune to vulnerabilities, and unfortunately, they are not exemplary when it comes to IT hygiene 

Attackers can target third-party providers to gain access to sensitive systems, attempt to exploit unsecured APIs, or simply rely on the negligence of users. Finally, the rise of generative AI (GenAI) also poses a challenge for data security, as sensitive information may be inadvertently exposed through its use. 

Remote working 

Hybrid and mobile work have become widespread. Company IT equipment and even personal devices can be used to access professional resources outside the workplace. While remote working offers a certain degree of flexibility and can improve productivity, it also requires increased security, as company resources are accessible from a greater number of devices and multiple locations.  

In short, in a context where the workplace is no longer confined to the physical walls of an organization, securing equipment, networks, business applications, and, more broadly, data must be prioritized now more than ever. 

VPNs are one solution, but keep in mind that  cybercriminals may attempt to exploit VPN vulnerabilities to gain access to a network. Even security solutions must be… secure! 

BYOD, Shadow IT… and the evolution of IT practices  

As we have seen, the workstation is no longer the only tool for accessing a company’s resources — personal devices, particularly mobile phones, are now part of the equipment used for professional purposes. But they rarely offer the same level of security as those of the information system. As a result, they can more easily be targeted by malware, or even stolen. That creates a wide-open door for attackers.  

Finally, the use of software or equipment that is not approved by the company also poses a security risk (Shadow IT). Third-party programs or external devices can cause security incidents and lead to leaks, or even violate data protection compliance rules (GDPR, NIS 2, DORA…). 

A Workspace Security Platform helps protect against all these risks while ensuring optimal productivity and flexibility for information system users, restoring a balance between effective protection, the digital employee experience (DEX), and productivity. 

In addition, a Workspace Security Platform-oriented approach streamlines tools for better risk coverage. More specifically, deploying a platform that unifies EDR, EPP, and Attack Surface Management maximizes the potential of each layer of protection through a single deployment. 

 

Expert advice for empowering information system users

  • Regularly train and educate business teams about risks and best practices. Cybersecurity is an exciting topic and can be approached in an educational, fun way, or by making connections with current events, workshops, or expert presentations.
  • Prepare for crises with simulation exercises  and well-established processes that involve users and decision-makers to put them in real-life situations and make them active participants in security.


Workspace Security Platform: Gartner’s predictions 

Gartner estimates that by 2029, 30% of medium-sized companies will have converged their workspace, data, and identity protection capabilities into a Workspace Security Platform, with a view to centralizing security policy management. 

Organizations will need to evolve to keep pace with changing IT practices and future trends, including: 

  • The diversification of endpoints to be secured, including IoT and wearables (smart watches, smart glasses, etc.)
  • The rise of Desktop-as-a-Service (DaaS), among other things, to cope with the acceleration of innovation and planned obsolescence
  • The proliferation of identities, both human and non-human
  • The proliferation of operating systems beyond Windows, macOS, and Linux, and more specifically the rise of lightweight OSes such as Microsoft Windows 365 Link, Amazon WorkSpaces Thin Client, IGEL OS, Unicon eLux, etc. 

How can you prepare for this future, today?

Prepare for migration to a Workspace Security Platform 

Gartner offers a checklist of strategies to implement in order to evolve your organization towards a Workspace Security Platform: 

  • Identify the profiles of information system users to anticipate future working methods in your organization by conducting interviews with all stakeholders: end users, HR, production managers, etc. 
  • Define your strategy for integrating cybersecurity solutions to ensure unified protection and incident response 
  • Strengthen resilience to risks by investing in technologies and processes that promote the automation of cyber threat detection and response 
  • Promote the convergence of tools and processes to optimize their effectiveness and reduce friction in workspace protection operations while streamlining your budget 

In short, a Workspace Security Platform offers a unified and simplified response in a world where tools are multiplying, uses are diversifying, and the attack surface is constantly increasing. So, are you ready to take action? 



All about HarfangLab's plans

More articles

Cybersecurity Platform

Guillaume Dubuc, CISO at Altitude Infra, a “propagator of healthy paranoia”.

Guillaume Dubuc is CISO at Altitude Infra, France’s 3rd largest fiber optic infrastructure operator. How do you convince your board,…

Read more
6min
Cyber strategy
Cybersecurity Platform Support

The role of human support between software editors and users

The relationship between a software editor and end-users plays an essential role, yet one that is sometimes underestimated. A close…

Read more
4min
Cyber strategy
Cybersecurity Platform

Cybersecurity: why choose a Best-of-Breed approach?

When it comes to protecting the workstations and servers in an IT infrastructure, an “All-in-One” cybersecurity solution may seem tempting.…

Read more
5min
Cyber strategy
Cybersecurity Crisis Management

How cybersecurity solutions manage their own vulnerabilities

Vulnerabilities have increased by 38% in just one year, according to a 2024 report by Advens CERT. While organizations are…

Read more
6min
Cyber strategy