The hybrid work model has fundamentally transformed how organizations approach security, shifting from traditional perimeter-based defenses to more dynamic and distributed protection strategies.
Where once IT teams could control access points and monitor every device within the corporate firewall, today’s workforce operates across multiple locations, devices, and networks—creating an expanded attack surface that requires entirely new security approaches.
This evolution has forced organizations to rethink their security frameworks, moving beyond static defenses to embrace adaptive, context-aware protection that can scale across diverse environments.
To discuss the challenges of this collaboration reality, we spoke with experts and executives from Webex, NETSCOUT, GoTo and 8×8 for our latest UC Round Table topic,Building Secure Hybrid Work Environments.
- Enabling Industry-Specific Compliance for Enterprise Comms
- Voice Fraud Prevention in the Age of AI and Hybrid Work
What are the top security threats organizations face when supporting a hybrid workforce, and how do these differ from traditional office environments?
The hybrid work revolution has fundamentally altered the security landscape, transforming predictable, controlled environments into dynamic, distributed ecosystems that present entirely new categories of threats.
Each expert emphasizes how the dissolution of traditional security perimeters has created vulnerabilities that extend far beyond technological considerations to encompass human behavior and environmental factors.
Aruna Ravichandran, SVP & CMO of Webex, SVP Product Marketing of AI & Networking
Ravichandran highlights how hybrid work has completely redefined the security conversation, moving organizations away from familiar perimeter-based approaches to more complex, distributed protection strategies.
“Hybrid work has completely changed the security conversation. In the office, security was about defending the perimeter: you knew where people were, which devices were on the network, and what was going in and out. But when people started working from anywhere and everywhere, that perimeter changed.
“Now, organizations are grappling with threats that are less predictable and more personal: employees logging in from public Wi-Fi, mixing work and personal devices, and facing a constant stream of phishing attempts designed for a world where IT can’t watch every door. The real challenge is that the attack surface has exploded, and attackers know it. The hybrid world isn’t going away, so security needs to be just as dynamic and distributed as the workforce itself.”
Darren Anstee, Chief Technology Officer for Security at NETSCOUT
Anstee focuses on the expanded attack surface and new types of coordinated attacks that specifically target hybrid work infrastructure, particularly the connectivity between home and office environments.
“The era of hybrid working has undoubtedly made it more challenging for security teams. For instance, employees accessing company data and systems from personal devices and less secure home networks help to create new entry points for attackers, thereby expanding the attack surface and exposing new vulnerabilities.
“For hybrid working to succeed, collaboration across locations, home and office is key, making consistent access to collaboration tools paramount. During COVID, when everyone was working from home, we saw attackers targeting enterprise VPN concentrators with DDoS attacks to prevent home-workers from accessing corporate resources remotely—the goal being to interrupt day-to-day business processes. Today, with hybrid working, DDoS attacks targeting the Internet connectivity of major office buildings have become more common, as attackers know that this will disrupt an organisation’s ability to collaborate across home and office locations. The enterprise threat surface to be defended from DDoS attacks has expanded.”
Mike Rennie, Senior Manager, Information Security at GoTo
Rennie emphasizes how the flexibility that makes hybrid work attractive also creates significant security challenges, particularly around the diversity of devices, locations, and connection points that IT teams must now manage.
“Hybrid models have given employees greater freedom to work when, how, and where they choose. From a security standpoint, however, adapting to these flexible working patterns has also brought challenges, the biggest of which is that systems are no longer entirely centralised.
“IT teams are faced with coordinating much more fluid and complex setups, where employees use an array of devices in multiple locations, including their homes, coffee shops, and public Wi-Fi hotspots. This variability has hugely increased the range of entry points bad actors can target and the types of attack vectors they can use, from infiltrating systems as users connect to poorly or unsecured public Wi-Fi networks, to tricking remote workers with advanced phishing emails. Moreover, connections from personal devices lacking adequate protection and the latest security updates also pose a sizeable problem as hackers look to exploit these vulnerabilities. For the IT expert, all of this means a vastly expanded field of risk and responsibilities.”
Darren Remblence, 8×8’s Chief Information Security Officer
Remblence provides a broader perspective on how hybrid work has degraded traditional security cultures while creating new vulnerabilities around social engineering and isolated workforces.
“The degradation of dominant brick and mortar security culture, increasing individual and operational silos and the geographically transient nature of the network footprint has undoubtedly reduced the benefits of traditional security measures. In turn, this lead to an expanded digital attack surface and the opportunity for manipulation of a vulnerable and isolated workforce.
“While private networks and data encryption mitigate the risk of using external independent services there is limited visibility into the users, home, coffee shop or hotel environment leading to reliance on people to do the right thing—not necessarily a winning strategy!
“The emergence of quantum computing may lead to redundant encryption algorithms in due course, however organisations are already at risk from data harvesting as cyber criminals invest for their retirement. With that said, social engineering not quantum mechanics remains the primary risk faced by the modern workforce with ransomware still leading the way as the cyber weapon of choice.”
What strategies or best practices can organizations implement to secure unified communications across remote and in-office teams?
Securing unified communications in hybrid environments requires a multi-layered approach that combines technological solutions with human-centered practices. The experts emphasize that effective UC security goes beyond traditional tools to encompass intelligent, adaptive systems that can respond to dynamic work environments while maintaining usability.
Aruna Ravichandran, SVP & CMO of Webex, SVP Product Marketing of AI & Networking
Ravichandran advocates for moving beyond rigid security rules to create orchestrated, intelligent protection systems that adapt to user context and behavior patterns.
“Securing unified communications in a hybrid landscape is about more than just locking down endpoints or adding passwords. It’s about orchestrating security across the entire collaboration experience so people can work freely, without barriers.
“At Cisco, we’re taking a fundamentally different approach. Instead of rigid rules, AgenticOps uses intelligence to adapt protections based on context—including who’s joining a meeting, where they’re joining from, and what device they’re on. End-to-end encryption becomes the default, and zero trust isn’t just a buzzword, it’s the baseline. That means every user, every device, and every connection is verified, every time.
“But it’s not just about the technology. Ongoing education and transparency are critical too, so people understand not just how to stay secure, but why it matters. When security is orchestrated in the background and adapts to the way people actually work, unified communications become both seamless and secure, wherever teams connect.”
Darren Anstee, Chief Technology Officer for Security at NETSCOUT
Anstee focuses on the critical importance of monitoring and defensive capabilities, emphasizing that organizations must ensure the performance and availability of their UC infrastructure as a fundamental security requirement.
“Given the importance of collaboration, and the unified communication tools that enable it, organisations must ensure that they have the right monitoring and defensive capabilities in place to assure the performance and availability of their connectivity to their UC tools.”
Mike Rennie, Senior Manager, Information Security at GoTo
Rennie outlines a comprehensive approach that combines basic security hygiene with advanced protective measures, emphasizing the importance of layered defenses and robust verification processes.
“Establishing defined processes for remote work is a vital first step. Instructing employees to always keep home routers and personal devices running on the latest software will afford basic protection via frequent security patch refreshes. Similarly, setting strict rules around only using approved applications will reduce the chances of accidental exposure to malware or viruses through unvetted tech, alongside leakage of confidential data and communications. Equally critical is providing regular cybersecurity training for employees, so they can recognise and respond appropriately to threats such as phishing attempts or unsafe network practices, which remain among the most common attack vectors in hybrid work.
“Minimising risk across the board, however, requires several more layers of robust defences. IT teams also need unified management tools that give them clear oversight of all assets and devices (both off and on-site) and the ability to quickly spot suspicious behaviour. On top of this, applying a blend of encryption methods will provide more consistent data security. For instance, companies can use Transport Layer Security (TLS) to encrypt data flowing across devices and networks, and Advanced Encryption Standard (AES) to translate static data into convoluted code that requires a decryption key. In practical terms, use cases for communications might entail encrypting messages or files sent using collaboration tools on the sender side and decoding them once they reach intended recipients.
“Finally, it’s also critical to implement stringent verification. A valuable starting point is multi-factor authentication (MFA), which requires users to provide at least two credentials to access systems and software. Going even further, following a zero trust approach will heavily reduce the probability of unauthorised entry by requiring all users to create a unique signature key that must be reauthenticated each time they want to perform certain sensitive actions.”
Darren Remblence, 8×8’s Chief Information Security Officer
Remblence emphasizes the foundational security practices that remain essential, while highlighting the importance of contextual awareness and behavioral monitoring in hybrid environments.
“All the usual best practices apply: lock down devices, secure system and data transmissions with effective encryption technologies, practice good security hygiene particularly as it pertains to role based access control, least privilege and timely removal of redundant accounts. Understand common user behavior, operating hours and geography and where the technology allows use that to enhance security by restricting access to normal office hours and locations.”
How can organizations balance user experience and security, especially as employees access UC tools from a range of locations and devices?
The tension between security and user experience represents one of the most critical challenges in hybrid work environments. The experts agree that the most effective security implementations are those that operate transparently, adapting to user context rather than creating friction that could lead to workarounds or reduced productivity.
Aruna Ravichandran, SVP & CMO of Webex, SVP Product Marketing of AI & Networking
Ravichandran emphasizes that the best security should be nearly invisible to users, adapting dynamically to context and risk levels without creating barriers to productivity.
“The best security is the kind you barely notice. It’s there, it’s powerful, but it never gets in your way. That’s the philosophy behind everything we do at Cisco, and it’s why AgenticOps is such a breakthrough.
“Instead of forcing users to jump through hoops, AgenticOps adapts security policies in real time to the context of each interaction. If someone is joining from a trusted device at home, their experience is smooth and fast, but if there’s unusual behavior or a risky location, security quietly steps up in the background.
“We design collaboration so people can move effortlessly from device to device and place to place, with security that travels with them rather than holding them back. Ultimately, it’s about giving people the freedom to work the way they want, while knowing they’re protected by intelligent, always-on security that respects both productivity and privacy.”
Darren Anstee, Chief Technology Officer for Security at NETSCOUT
Anstee focuses on the technical infrastructure required to deliver consistent user experiences while maintaining security, emphasizing the importance of comprehensive visibility across diverse environments.
“Performance of UC tools should be as seamless and secure for users in remote locations as it is for office-based workers. The key to ensuring this is end-to-end visibility—UC across hybrid working models requires increased visibility across technology boundaries to support the diverse needs of the modern-day workforce.
“End-to-end service visibility enables IT teams to not only assure high-quality end-user experience in any network or location but also allows them to quickly identify and resolve problems—such as user experience concerns—in complex environments, reducing mean time to repair (MTTR). This helps to ensure employees are productive, UC platforms work seamlessly, and business runs smoothly.”
Mike Rennie, Senior Manager, Information Security at GoTo
Rennie addresses common concerns about security creating friction, demonstrating how well-designed security measures can actually enhance rather than hinder user experience.
“To a large extent, efficient interactions depend on unified communications tools being easy to use. So, it’s not hard to understand why there are sometimes concerns about extra security checks and precautions adding problematic friction. But we shouldn’t fall into the trap of seeing strong safeguards and smooth functionality as mutually exclusive.
“Secure communications can still be streamlined. Take, for instance, the zero trust approach. Running repeated reauthentication isn’t as convoluted as it may seem, especially not on the user side: once individuals have created their unique signature key, they can then use it to unlock whatever information or software they need with minimal effort. Such experiences are no more cumbersome than entering one-time passcodes when making online purchases, but just as essential to prevent unauthorised actions, protect data, and curb cyberattacks.”
Darren Remblence, 8×8’s Chief Information Security Officer
Remblence provides practical insights into the physical security challenges of remote work while noting the positive infrastructure developments that have improved hybrid work experiences.
“We live in a society that is prone to oversharing often to its detriment whether through social media, cell phones or general interaction. It would be nice to think that your average person is too wrapped up in their own world to intrude upon your privacy, however there are too many examples of private moments being played out on social media and beyond.
“Protect yourself at all times, no amount of encryption will protect you from eavesdropping or shoulder surfing when traveling and/or working in public locations, use common sense and good security practice when working remotely.
“On a positive note post-Covid, the past challenges of bandwidth quality to remote sites have been all but eliminated through sudden and massive ISP network upgrades and so now problems with connectivity impacting a user’s experience when using UC tools are a rare event. Even for fully mobile users, 4G and 5G have marched forward in coverage and capability whilst the bandwidth demand for voice and video connections has remained relatively static and so the user experience is again now generally satisfied compared to only a few years ago.”
How can organizations ensure business continuity in the event of a cyber incident affecting their UC infrastructure?
Business continuity in the context of UC security extends beyond traditional disaster recovery to encompass proactive resilience building and comprehensive incident response planning. The experts emphasize that effective continuity strategies must address both technological resilience and organizational preparedness.
Aruna Ravichandran, SVP & CMO of Webex, SVP Product Marketing of AI & Networking
Ravichandran frames business continuity as an exercise in building inherent resilience rather than simply planning for recovery, emphasizing the importance of adaptive systems and collaborative response capabilities.
“Business continuity isn’t just about recovery. It’s about building resilience right into the fabric of how organizations operate. In a hybrid world, that means designing systems that can adapt, reroute, and keep teams connected, even when things don’t go as planned.
“Continuity also comes from planning, testing, and learning, from having clear processes, cross-functional teams ready to respond, and a culture that sees every incident as a chance to improve. With the right blend of intelligent automation and human collaboration, business continuity becomes less about bouncing back and more about never missing a beat.”
Darren Anstee, Chief Technology Officer for Security at NETSCOUT
Anstee emphasizes the critical importance of preparation and testing, highlighting how proactive measures can significantly reduce the impact of cyber incidents on UC infrastructure.
“To ensure UC infrastructure is resilient in the face of a cyber incident, preparation and rehearsal are vital. These proactive measures are not just good practice—they are foundational processes in minimising the impact of a cyberattack, ensuring IT experts can quickly address service issues and significantly reduce MTTR. Simulating disruptions ensures that people, processes and systems are fully prepared to deal with an attack, and provide a true assessment of readiness.
“Adding to this, having a business continuity plan in place is hugely important—every organisation should have one. This includes a well-defined business impact analysis (BIA) process that companies can use to assess the impact of an attack against critical infrastructure or services, so that business continuity and disaster recovery plans, as well as the investment and resources behind them, can be put in place.”
Mike Rennie, Senior Manager, Information Security at GoTo
Rennie stresses the importance of comprehensive planning that extends beyond technology to include clear roles, responsibilities, and response procedures, with regular testing to ensure effectiveness.
“While prevention is by far the best solution, keeping operations as close to normal as possible if defences are breached requires a truly comprehensive plan. Businesses must define what counts as an incident to enable fast recognition and response, and most crucially, map every detail of what should happen next. This not only means setting out clear key roles and responsibilities, but also specific procedural guidance, such as who should be notified and when, how to contain and mitigate issues, and what best practice recovery looks like.
“As an additional step, practice is also a wise strategy to streamline operation during an actual incident. Regular drills will help teams feel comfortable with their response tasks so they can act swiftly and minimise damage, as well as highlighting any processes that might need refining before real incidents occur.”
Darren Remblence, 8×8’s Chief Information Security Officer
Remblence advocates for a trust-but-verify approach with UC vendors, emphasizing the importance of transparency and evidence-based assessment of vendor preparedness.
“Trust but verify! Organisations should verify their UC vendors have effective plans and processes in place to mitigate against cyber risks such as DDOS and ransomware, still a top cybersecurity threat and one that continues to evolve in sophistication, as well as the more traditional access protections. A simple ask for an incident management plan, business continuity plan and evidence of testing will indicate levels of preparedness for dealing with a whole host of issues!
“Transparency is key to developing trust in the relationship and service, UC vendors should be able to talk confidently, and openly, about their security management framework across the whole complement of supporting security initiatives for example background screening, phish testing or independent bug bounty programs.”
What emerging security technologies or trends should UC leaders follow to stay ahead of evolving threats in hybrid work setups?
The future of UC security is being shaped by artificial intelligence, autonomous operations, and more sophisticated threat intelligence capabilities. However, the experts caution that while AI represents significant opportunities, it also introduces new risks that organizations must carefully navigate.
Aruna Ravichandran, SVP & CMO of Webex, SVP Product Marketing of AI & Networking
Ravichandran highlights the emergence of agentic and autonomous security operations as a transformative trend, while emphasizing the importance of maintaining human oversight and transparency.
“The pace of change in hybrid work means that yesterday’s security strategies just don’t cut it anymore. The most exciting trend we’re seeing is the rise of agentic and autonomous security operations, or what we call AgenticOps. Imagine AI-driven systems that don’t just detect threats but anticipate them, adapt protections on the fly, and even take action to resolve issues before users notice. It’s a shift from static rules to dynamic, context-aware defense.
“Alongside AgenticOps, zero trust architectures, full-spectrum encryption, and responsible AI are all shaping the next wave of secure collaboration. The real advantage comes when these technologies work together. We designed AgenticOps to act with greater independence, and it will always keep humans in the loop to enhance decision-making—not replace it. This creates a security environment that’s not only smarter, but more transparent and trustworthy. At Cisco, our focus is on building these capabilities into every layer of the collaboration stack so our customers don’t just keep up with threats, they stay ahead of them.”
Darren Anstee, Chief Technology Officer for Security at NETSCOUT
Anstee focuses on the evolution of AI-driven security operations and the critical importance of data quality in enabling effective threat detection and response capabilities.
“Evolving AIOps capabilities are interesting, as when fed with the right datasets they can provide earlier detection and remediation of issues—whether they have a malicious root cause of not. The challenge is to feed these systems with consistent, granular data that accurately describes service availability, in addition to performance across and between different environments, ideally incorporating the results of both passive monitoring and active (synthetic) testing.
“The use of threat intelligence isn’t new in security, but it has evolved, becoming more important as we see more frequent and sophisticated attacks. Today, AI can be used to derive and curate threat intelligence from global datasets, providing actionable, timely insight into current threat activity. Organisations should ensure that the threat intelligence they use locally is derived in this way, as it can make a big difference.”
Mike Rennie, Senior Manager, Information Security at GoTo
Rennie addresses both the opportunities and risks presented by AI in security contexts, emphasizing the dual nature of AI as both a defensive tool and a potential threat vector.
“The obvious focus is AI, specifically on two key fronts. First, there is the integration of smart tools into UC toolkits. Interest in AI’s efficiency-boosting power is growing among IT leaders and employees, with global knowledge workers estimating it could save them thirteen hours per week, according to GoTo’s research.
“Combined with the increasing sophistication of conversational AI, this enthusiasm is driving fast-rising adoption of solutions that can take on routine work, such as intelligent service agents and receptionists. Harnessing these benefits securely, however, will also mean carefully considering and mitigating against potential risks, including establishing clear usage guidelines and reinforcing security parameters.
“Secondly, we come to the less positive applications of AI. Bad actors have been quick to recognise the potential of AI to fuel their efforts, especially in the case of phishing scams. So, there is an equally pressing need for IT teams to continually bolster the resilience of their mitigation methods. Fortunately, this is being made easier by intelligent cybersecurity offerings that can improve the scale and effectiveness of their defences, with twenty-four/seven monitoring and ever-evolving algorithms reducing the risk of threats slipping through the net.”
Darren Remblence, 8×8’s Chief Information Security Officer
Remblence provides a comprehensive view of emerging security technologies, emphasizing the importance of maintaining perspective on non-AI innovations while recognizing the transformative potential of artificial intelligence.
“Artificial intelligence (AI) is clearly dominating the industry and there are interesting developments particularly in the fields of security and threat detection and response. AI based log analysis has started to provide more comprehensive alerts for indicators of compromise in real time, offering enhanced automation, analysis and response, in turn reducing the likelihood and impact of zero day attacks.
“With non-AI predictive pattern recognition it can be very difficult to find the balance between an overload of false positives and missing early indicators placing reliance and stress on the traditional, overwhelmed SOC/NOC team. This difference becomes especially prominent in remote working environments where a wide range of network behaviors add to an already complex dynamic compared to the known behaviors of office environments.
“AI is and will continue to be a significant differentiator as the technology evolves, particularly as it pertains to the human element. However, it’s important to remain open to emerging technologies that are not quite as media friendly as AI such as multi cloud security, strong identity management and zero trust and mesh architecture. It’s exciting times.”
