After teleworking, are we heading towards a democratization of flex office? While telework has widely developed in organizations in 2020 due to the Covid-19 pandemic, flex office now appears as the next logical step in the reorganization of workspaces. Regular teleworking (for example one or two days a week) promotes a reorganization of offices: for the same number of employees, fewer workstations are necessary within the organization’s premises. What is the flex office? The flex office concept means that there is no dedicated office for each employee. When they are on their organization’s premises, employees install themselves wherever they want or can, depending on the space available and the program of their day. Flex office also includes the concepts of mobility and teleworking. The objective is to break down all geographical barriers, both outside the company (working from home, on a train, in a co-working area, etc.) and within the company itself, by abolishing the boundaries between different departments within the same company. Why introducing this concept? The first argument is economic and pragmatic: the average occupancy rate of a permanent office is between 50 and 60%, and with the democratization of teleworking, this rate is going to decrease even further. As a result, and given the cost per square meter of office space, many organizations see flex office as a way to reduce their fixed costs without compromising a geographical location that could impact some of their employees. However, the economic aspect is not the only one involved; flex office is beneficial on several levels: It promotes exchanges: by opening up physical spaces, sales representatives will be able to work next to developers or an IT manager next to the Digital Workplace Manager. Their exchanges provide a better understanding of the constraints and challenges of each person and thus promote solutions that take these aspects into account.It provides flexibility: employees can work wherever they want, according to their program, their constraints and the people they want to work with during the day, in spaces that sometimes favor a studious atmosphere, other times a collaborative one.It increases productivity: thanks to this greater flexibility and teleworking, which reduces stress and fatigue, employees become more efficient and are less often absent. Occasional teleworking reduces employee absenteeism by a factor of three. The evidence Zero Trust in the light of this new paradigm Mobile employees access their applications from anywhere, from controlled or uncontrolled networks, and even when they are at the office, intra-organizational mobility is a potential risk insofar as employees do not necessarily know the people around them, who may, in some cases, represent a threat in terms of cybersecurity. The flex office system must therefore be accompanied by a Zero Trust policy. In this flex office context, several links of the Zero Trust chain of trust are particularly important to implement: AuthenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows... More: to consider where the user is located when accessing his applications so that, depending on this context, authentication can be strengthened via different MFA mechanisms (multi-factor authentication, which consists of authenticating with at least two distinct proofs of identity) such as OTP (for example, One-Time Password generated by SMS), smart cards or question-and-answer mechanisms.Network access to the application: to eliminate the “VPN risk”, since the VPNVirtual Private Network. VPN is a technology that simulates a local area network between two trusted networks. In practice this allows two elements (workstations, servers, printers, etc.) to communicate with... More gives access to a complete network and does not allow to control, within this access, what the user connects to. ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to... More allows a selective access to applications and not global network access, to cover access from controlled or uncontrolled networks, in a telework/mobility situation. Guaranteeing identity in real time: to counter the risk induced by the flex office system. Unlike an organization with permanent offices where every new person present on a platform is immediately identified, in a flex office situation, and particularly in large companies, it is common not to know your office neighbor. If a malicious person has managed to penetrate the physical boundaries of the organization, this person can potentially take possession of the workstation of an employee who is temporarily absent and did not lock his session. Deploying a continuous authentication mechanism eliminates this risk by automatically blocking the session, requesting the person to re-authenticate, or alerting the supervisor if there is any doubt about the identity of the person behind the screen.