A significant 74% of security decision makers across US and Europe say procedures and controls have become more complex – and 73% are struggling to manage the increase in threats.

“It was like changing an engine on a plane while it was in flight.” That’s how one security decision maker described the shift to remote work the pandemic forced last year. And, as revealed by The State of Security in a Hybrid World, a survey of 1 250 security decision makers across medium to large organisations in the US, the UK, France, Germany and the Netherlands conducted by Citrix Systems, things haven’t become any easier.

With end users working from anywhere – in some cases using personal devices to access cloud apps and corporate resources – the attack surface is larger than it has ever been. And many IT organisations are struggling to defend it.

As the Citrix study found:

* 74% of security decision makers say procedures and controls have become more complex as their organisations transition to remote and hybrid work; and

* 73% are fighting to keep up with the increased volume of security threats that the models create.

Employees today want the flexibility to work when, where and how they want using the applications and devices of their choice. In addition to security decision makers, Citrix also polled 3 603 knowledge workers, and 66% said it is “extremely” or “very important” to be able to work remotely or from home, on any device.

Savvy organisations recognise this:

* 86% of respondents to the Citrix survey say it is “extremely” or “very important” to create a seamless employee experience; and

* Around nine in 10 measure information security’s impact on employee experience and productivity.

“IT organisations are realising that as they embrace hybrid work, their security posture needs to evolve,” says Kurt Roemer, chief security strategist at Citrix. “Rather than traditional command and control-style strategies, they need to take a more intelligent, people-focused approach to security that protects employees without negatively affecting their experience.”

Most participants in the Citrix survey are taking actions to do this. In fact, 79% of decision makers polled say the pandemic has created an opportunity to completely rethink their long-term information security strategy with these objectives in mind.

Yet challenges remain. Among the top three cited by workers who participated in the Citrix research:

* Poor connectivity (43%);

* Navigating technical problems virtually (34%); and

* Inability to get IT support quickly/easily (32%).

The news isn’t all bad, however. While only 46% of security decision makers felt “somewhat prepared” for remote work when the pandemic hit, 84% now feel “very” or “somewhat” prepared to secure a hybrid, remote or at-home workforce.

* 58% say investments in security have increased over the last 12 months by an average of 40%; and

* 71% say their company’s IT environment is now more secure than it was before the pandemic struck.

And that’s critical, because as The State of Security in a Hybrid World also makes clear, 52% of security decision makers believe most of their workforce will be permanently remote or hybrid.

“Hybrid work is the future of work, and IT will play a critical role in delivering it,” Roemer says. “With the right technology, they can provide consistent, secure and reliable access to the resources employees need to get work done, wherever it needs to get done, and empower them to be and do their best.”