Hybrid Work and Zero Trust: Predictions for 2024

2023 was dubbed “the year of efficiency”. It saw many organizations work towards operational efficiencies in an effort to become nimbler. “More with less” was the mantra spoken by several C-level execs as they tightened their security posture while driving higher productivity. 

Moving into 2024, the proliferation of generative AI is expected to rapidly accelerate innovation, address inefficiencies, and boost productivity across the board. Such a focus on productivity has also kept the conversation around work-from-anywhere alive and well. From a productivity perspective, hybrid work continues to be the benchmark, allowing flexibility to hire talent from anywhere. Executives are finding the right balance between fully remote, in-office, and hybrid employees to maximize business efficiency. Irrespective of what every organization chooses to do going forward, finding the right balance between access and security is key for increasing and maintaining productivity. 

We at Zscaler have put together a list of the top predictions for 2024 when it comes to hybrid work trends:

Return to office will peak

Over the last few years, one question has echoed in everyone’s minds: What will the new workplace look like? 2023 saw many organizations test a hybrid work model, shifting away from a fully remote workforce.  This trend is set to continue in 2024, with more and more companies fully embracing hybrid work, increasing the number of days to work from the office and collaborate.  The KPMG CEO Outlook Survey found that 64% of leaders globally predict a full return to in-office work by 2026. Further research shows that in the US, 90% of companies intend to implement their return-to-office plans by the end of 2024, according to a report from Resume Builder. These trends will also see IT and security teams reaching for solutions that can support them while maintaining business growth

Third party access requirements will grow 

With productivity and efficiency on the agenda for 2024, teams are extending their reach and skill sets beyond what’s available within the capacity of their full time employees. Namely, they’re hiring contractors to aid them in creating positive business outcomes. To do so, they need to adapt to working with remote contractors and have the tools and infrastructure in place to successfully manage staff along with the right level of security. Last year, a Linkedin study showed a higher growth in contract workers compared to full-time employees. This trend will continue into 2024 as organizations brace themselves for sudden changes in the market as well as their own bottom lines. These third-party users—contractors, vendors, or suppliers—will demand better access to business applications in order to be impactful. This level of fast, easy access to work will drive third-party productivity.

Cyberattack risk will increase

With workforces and applications becoming more dispersed, the attack surface has increased as well. Of course, bad actors have jumped on the opportunity, increasing their overall cyberattack output, including the recent social engineering attack in the entertainment and gaming industry. What’s more, generative AI has seen widespread organizational adoption, which, too, means more potential threat vectors. Bad actors are leveraging GenAI tools on their own time to discover vulnerabilities in critical sectors and add increased personalization to their attacks, resulting in a potential catastrophe for businesses of all industries through unwavering ransom demands. 

In addition, 2024 will see increased exploitation of legacy VPN and firewall infrastructure. The cost and complexity of maintaining physical devices that support VPNs, as well as patching their vulnerabilities, has left many IT teams in a rut of infrastructure maintenance rather than improvement. As such, IT teams are looking to amp up their security stack through the cloud to avoid and respond to threats.

More mergers and acquisitions will take place 

Despite economic uncertainty and the current wave of geopolitical challenges, the outlook for M&A appears promising, per Nasdaq.The push to consolidate or divest in certain industries has driven M&A in the past year, and this momentum is expected to continue. Organizations will need to find ways to efficiently onboard new employees and give them application access to maximize productivity amid a merger or acquisition. Organizations that have implemented zero trust network access (ZTNA) have seen a 50% reduction in onboarding time for new employees. Additionally, they’re able to provide consistent access policies across both organizations without compromising security.

VPNs will continue to lose fans 

Our 2023 VPN Risk report found that nearly 1 in 2 organizations experienced a VPN-related attack. This has been a strong reason to move away from legacy remote access solutions in favor of something more robust that can scale with the organization’s growth. With 92% of organizations considering, planning, or in the midst of a zero trust implementation in 2023, this trend will continue well into 2024. Reliance on VPNs will be reduced, and ZTNA will continue to gain traction due to its faster time to value. Indeed, a Zscaler customer reported a sub 48-hour  implementation of Zscaler Private Access, effectively replacing their VPNs for remote employees.

Organizations will adopt zero trust to better mitigate cyberattacks 

A zero trust architecture challenges threats by ensuring granular access control and multilayered network segmentation, delivering the best protection of organizations’ most critical data and communications. ZTNA is a ransomware deterrent, hiding crown jewel applications from the internet and making them virtually impossible to attack. n Gartner predicts that by 2025, at least 70% of new remote access deployments will be delivered predominantly via ZTNA as opposed to VPN services. Our 2023 VPN Risk Report suggests a continued growth in an understanding of risk by IT and security leaders as they continue their due diligence on effective zero trust solutions to replace legacy technologies

Conclusion

As workforces and applications become increasingly mobile, cloud security solutions offer the means of keeping them protected, without harming user experience. Amid a dynamic, evolving threat landscape, driven by artificial intelligence, the scale and agility offered through such solutions will help organizations better determine the right deployments for their needs.. 

Learn more about how you can protect your private apps and secure your hybrid workforce by leveraging Zscaler Private Access. This blog is part of a series of blogs that provide forward-facing statements into access and security in 2024. The next blog in this series covers SASE predictions. 

Forward-Looking Statements 

This blog contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. The words "believe," "may," "will," "potentially," "estimate," "continue," "anticipate," "intend," "could," "would," "project," "plan," "expect," and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements. These forward-looking statements include, but are not limited to, statements concerning: predictions about the state of the cyber security industry in calendar year 2024 and our ability to capitalize on such market opportunities; anticipated benefits and increased market adoption of “as-a-service models” and Zero Trust architecture to combat cyberthreats; and beliefs about the ability of AI and machine learning to reduce detection and remediation response times as well as proactively identify and stop cyberthreats. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to a number of risks, uncertainties and assumptions, and a significant number of factors could cause actual results to differ materially from statements made in this blog, including, but not limited to, security risks and developments unknown to Zscaler at the time of this blog and the assumptions underlying our predictions regarding the cyber security industry in calendar year 2024.

Risks and uncertainties specific to the Zscaler business are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 7, 2022, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler does not undertake to update any forward-looking statements made in this blog, even if new information becomes available in the future, except as required by law.