Employees are returning to the office, which, for a split second, might sound like a relief if you’re on the IT team. After all, what’s better than a nice, controlled perimeter. A firewall protecting the network. A castle back within the moat! But many employees still expect to be able to work from home, at least some of the time.

“It’s not so much the return to office as it is the partial return to office,” said Seth Robinson, senior director of technology analysis at the nonprofit trade association CompTIA.

As employees kinda sorta return to their cubicles, they’ll bring with them more than just their backpacks from 2020. Workers are returning with security setups from the work-from-home era.

Tools like endpoint detection and response, conditional access control, cloud access security brokers, and multi-factor authentication—valuable practices for a perimeter-free environment—are likely to be effective and in use in an office environment as well.

“What we’ve seen…happening is offices turning into coffee shops. They’ve got a coffeemaker, a refrigerator, desks, and free wi-fi. And they are operating very much like you would operate at home,” said Jason LaPorte, CTO and CISO of Power Consulting.

In other words, the same security safeguards that protected users when they began working from home are still in effect in office environments. Software-defined networks (SD-WANs), for example, enforce access control at home, and they’ll likely find a role in the office, according to Brian Haugli, CEO at the cybersecurity and privacy firm SideChannel.

An April 2022 report from Futuriom of 118 US-based enterprise networking and IT managers found that 83% of respondents said that digitalization and hybrid work environments have increased their need for SD-WAN managed services.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

At least some cybersecurity execs are concerned the ongoing federal trial of Uber’s former chief of security, Joe Sullivan, could have ramifications across the industry, according to the Wall Street Journal and the New York Times. Yet the support isn’t universal.

Sullivan, a former federal prosecutor who is now chief security officer at Cloudflare, is facing charges of criminal obstruction for allegedly helping to cover up a 2016 breach that exposed data on 57 million accounts, including 600,000 drivers’ license numbers. As the trial began on Sept. 7, prosecutors argued that Sullivan sought to avoid reporting the incident as a security breach to the Federal Trade Commission, which the FTC says Uber was legally obligated to do, thanks to an ongoing agency investigation of a prior Uber hack.

Instead, they say, Sullivan directed the hackers to a bug-bounty program intended for white-hat hackers, asked them to sign NDAs, and paid them $100,000 in bitcoin.

Sullivan’s attorney, David Angeli, has insisted his client fulfilled their legal obligations by reporting the incident to Uber’s legal team, the Times wrote, and claims they were merely “scapegoated” by Uber. Sullivan was fired by Uber in 2017. In 2019, the two men who breached Uber in the first place pleaded guilty to extortion and hacking charges, and the next year prosecutors went after the former chief of security. The Department of Justice dropped wire fraud charges against Sullivan earlier this year.

Okta’s cybersecurity director, Marc Rogers, told the Journal that CSOs rarely handle incidents by themselves but rather serve as “the figurehead for security and [are] often the one on the hook.” Former AT&T CSO Edward Amoroso told the paper, “Criminalization of the reporting decisions Joe made will not help to advance” cybersecurity, adding how Sullivan handled the matter “should be an open debate held across the security community, not in a court.”

Read the rest here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

Today’s top IT reads.

Stat: 24.73. That’s the 100-meter time of Cassie, a bipedal robot that set a new Guinness world record. (The Verge)

Quote: “The crew had to inspect the network, so we had to keep another 300 customers in the immediate vicinity off for another couple of hours.” —Danny Donald, spokesperson for Australian power company Energex, after a Wing drone hit the company’s power lines and caught fire (The Age)

Read: Amazon has announced a slew of new devices, ranging from a Kindle with a stylus to a bedside sleep tracker. (Wired)