Long-Term WFH: How to Make it Secure and Sustainable

BrandPost By Tanium
Oct 19, 2020

The early days of the pandemic are over. The security decisions you made then may no longer serve you. It’s time to establish sustainable visibility and control over your new environment.

adobestock 134752684 small
Credit: Tanium

“Initially, it was a band-aid over a bullet hole.”

Stephanie Aceves is a Director of Technical Account Management at Tanium, a provider of unified endpoint management and security solutions.

Aceves works directly with Tanium’s customers to drive successful deployments. She brings two unique perspectives to the table—a ground-level understanding of what her customers went through in their transition to WFH, and a picture of how their priorities have changed in the last six months.

Here’s what Aceves learned.

Mindset Shift: Moving From Temporary Fixes to Long-Term Solutions

Aceves watched her customers take their long-term digital transformation strategies, and rush to implement them ASAP.

“You have a lot of people talking about migrating to the cloud. But you see they have two-, four-, six-year plans to get there,” explained Aceves. “COVID-19 told them—very quickly—that is not viable. If you want to keep up, you’re going to need to make these changes almost in an overnight fashion.”

Aceves’s customers were terrified about many aspects of this transformation.

Most of all, they were afraid of the security ramifications of moving their employees out of the hardened HQ, and into a fully distributed operational environment—especially when they had spent the last 5-10 years constructing security around their network perimeter.

And overnight that perimeter disappeared, along with its security controls. 

“You look at this distributed workforce, and where’s the perimeter?” asked Aceves. “Do you put a perimeter around every single employee’s house? How do you properly secure these devices so they are able to connect to your company’s resources in a way that’s not obstructive to your employees, while addressing any risk you have with a workforce that’s completely remote?”

Aceves worked tirelessly with her clients to help them answer these questions, and maintain visibility and control over their environments, even as those environments rapidly transformed.

“I worked incredibly long hours,” said Aceves. “We went from providing almost emotional support to our customers, to telling them, ‘We are here to make changes to your business that are critical right now, because there is significant risk that is posed to your organization, and we have a way to get that figured out.’”

As a whole, Aceves and her customers were successful. They transitioned to a primarily distributed endpoint environment. They maintained business continuity. And they kept their people up and running.

But in order to do so, they had to make some hard decisions that served the unique needs of the moment, but may not serve the ongoing realities of the new normal.

How to Make Mass WFH Environments Sustainable

In the early days of the pandemic, Aceves’ customers struggled to balance the speed of their transformation with the need to follow an ideal level of caution, policy, and procedure.

“I think a lot of people were hoping this was a temporary solution, and were trying to put controls in place to properly secure what was relevant at that time, but they were not thinking long-term,” said Aceves.

Days, weeks, and months have passed since those initial “temporary” controls were put into place. Organizations have come to see mass WFH as a viable option for their long-term operations. They are now discussing how to make their initial transformations sustainable.

And as Aceves explains, that conversation must include fundamental questions about how to best secure the new distributed environment.

“We are seeing an investment in technologies that are able to support long-term WFH. You saw a lot of people purchasing Zoom for teleconferencing, or collaborative workplaces like Slack,” explained Aceves. “But how do you make sure they have the right version of Zoom on their computers? How do you make sure they are patched, and not exposing the organization to any risk?”

For Aceves, these critical questions are answered—for the long term—by taking a few steps to reestablish the fundamentals of IT hygiene in the new distributed work environment.

For Aceves, security begins with establishing visibility, updating systems, establishing a patch cadence, closing known exploits—and being able to do so in an environment with tens of thousands of remote machines.

By doing so, organizations can:

  • Proactively reduce risk in their environment by seeing their vulnerabilities and quickly remediating them, or enforcing mitigating controls for threats around them.
  • Empower their security decision makers to rapidly pivot from collecting current state to taking action when something slips through.
  • Drive the appropriate remediation by giving security teams the relevant forensic data they need, as well as the ability to take action on incidents in seconds.

Fundamentally, Aceves feels this moment allows organizations to reignite meaningful conversations around cybersecurity, and to once again understand its ongoing value.

“Cybersecurity is not just something we do to check a box. Cybersecurity is something that we care about. And through the beautiful fusion of cyber and IT, we can enable employees and not be obstructive in any way to their day-to-day tasks—while still making sure they are secure.”

To dive deeper into Aceves’ story, and to learn more about what happened when the world stayed home, visit world-at-home.tanium.com.