Pandemic-imposed imperatives have forced businesses to compress years\u2019 worth of digital transformation to just months. Top of the list for transformation has been enabling teams to work effectively from home while shoring up cloud infrastructure and security.\nThose observations were certainly born out in an IDG TechTALK on Twitter on October 15, sponsored by Tanium.\nGene De Libero (@GeneDeLibero), Chief Strategy Officer at GeekHive, headed up the discussion, drawing lively participation from experts in cybersecurity, digital transformation, and related disciplines.\nHere are some highlights, lightly edited for clarity.\nQuestion 1: How should IT leadership continue to manage the security of their remote workforce? How should leadership gear up to manage a hybrid workforce?\nParticipants offered up prescriptions on how to keep people working at home secure even as some of their colleagues return to the office. At a high level, they addressed the need to set and enforce proper policies.\nAn enforced remote work security policy - and no slacking on this one folks :) Secure & approve all VPNs and regulate the use of personal devices used by employees, then update a #remotework security policy. Dust the old one off!Audrey DeSisto @AudreyDesisto\nMap it out. From the core account out, tighten and fine-tune all access. Persistently train and talk on the responsibility of access and pick your battles - especially in #highered where you can\u2019t control all devices. Stay aware!Paige Francis | VP\/CIO | Forbes Contributor @CIOPaige\nAnd frontline workers, as much as IT staff, must participate in securing sensitive data.\nNow more than ever the remote workers need to be more vigilant and play an active role in being an integrated part of organizational IT management. Moin Shaikh @moingshaikh\nThat includes securing home IT, too.\nYou must establish a remote work #cybersecurity assessment and maybe replace some of your employees\u2019 home routers. There are plenty of devices at people\u2019s homes who have never been patched. One device can create a liability. Antonio Vieira Santos @AkwyZ\nEven so, the buck has to stop with corporate IT.\nIn this intense #WFH environment, the onus of policing our digital highways is up to businesses. #Covid gave us an excuse (rather an opportunity) to be scrappy, but make no mistake, bad guys are watching. So keep the new ways of conducting virtual business secure. Sarbjeet Johal @sarbjeetjohal\nDon\u2019t secure places, secure data. Encrypt everything inside and out. There\u2019s no safe zone anymore. Most importantly, train your people. Larry Larmeu @LarryLarmeu\nQuestion 2: How should organizations shift their IT investment strategy? What changes do you expect in the return-to-work phase?\nAddressing the need to pivot to new IT strategies for the new normal, some cited the need to renew existing commitments.\nIf your strategy is fresh, there shouldn\u2019t be a big shift. We should be planning for #hybridworkplace - in #highered we should have been building for this all along. Of course, most of us haven\u2019t been, but we talk a big game. Paige Francis | VP\/CIO | Forbes Contributor @CIOPaige\nMore emphasis on holistic thinking. Make everyone understand that security isn\u2019t a burden but a necessity for continuation of operations and also peace of mind. Arsalan Khan\u00a0@ArsalanAKhan\nHowever, it does seem clear that a stronger emphasis on cloud infrastructure will serve enterprises for the foreseeable future.\nIt\u2019s time to shift their IT investment strategy to #cloud first and the security that goes along with it. Return to work is going to start, stumble, and hesitate for even the most prepared orgs. Will Kelly @willkelly\nYou really need to be investing in more telecommunication. This is one way the financial side will change. As far as going back to work, I\u2019m not sure what that will look like or when, so it is vital to be sure remote working is easy to use when needed. Debra Ruh @debraruh\nOf course, that won\u2019t do much good if employees can\u2019t reach corporate networks, cloud or otherwise.\nOrganizations should invest in updating employee work devices where older devices may slow down productivity and increase #security #risk, as well as setting aside funding for professional development and training. Audrey DeSisto @AudreyDesisto\nConsider subsidizing the costs of high-speed internet for remote employees whose \u2018return-to-work\u2019 plan is to continue to avoid the office and work remote >50%. Kayne McGladrey, CISSP @kaynemcgladrey\nQuestion 3: How have IT operations, security, and risk priorities shifted over the last few months?\nHere, some chat participants cited a loss of IT control.\nIn my experience, once you let the #ShadowIT and #BYOD Genies out, it\u2019s hard to put them back in the bottle. Even harder during times of crisis like so many orgs are in now. Will Kelly @willkelly\nWell, most have been shifted to focus on the online\/remote work side! Debra Ruh @debraruh\nTo be reactive is a common human trait that also manifests itself in organizations. This applies to #cybersecurity as well. Hopefully, the #pandemic has made us rethink that it\u2019s better to be proactive most of the time. Arsalan Khan\u00a0@ArsalanAKhan\nThe work-from-home environment has also forced changes in mindset.\nHopefully, CEOs who believe that we can only innovate when in the same physical space will be on their way to retiring. Antonio Vieira Santos @AkwyZ\nSupporting and securing a remote workforce by pivoting from an in-office to a remote-first model has been a big priority change for firms. #ShadowIT and #BYOD are also raising their ugly heads. So few large businesses were set up for FT WFH, making for some painful shifts. Will Kelly @willkelly\nThinking around risk management has also changed.\nRisk has changed as the network perimeter has changed. More data is now located off-network. IT departments had to double-check that laptops were encrypted, VPNs were upgraded, and monitoring looked beyond traditional offices. Jason James @itlinchpin\nQuestion 4: What has become clear about the state of your IT network now that wasn\u2019t apparent at the beginning of the year?\nThe pandemic has highlighted shortcomings in IT strategy, as well as revealed at least one silver lining\u2014namely, that teams can work effectively wherever their members happen to reside.\nI think we have found that we can really thrive remotely. Having our team all over the globe, we had already been mostly this way already. Debra Ruh @debraruh\nTo work effectively, however, employees must have the right resources. Unfortunately, security patches and tools for monitoring IT assets (ITAM solutions) have fallen short of the work-from-home challenge.\nI\u2019ve spoken to Clients where legacy patching systems fell over because the corporate devices were no longer connected 24x7 to a LAN to receive patches; this also affected ITAM solutions. Kayne McGladrey, CISSP @kaynemcgladrey\nSecurity is more important than ever in this environment.\nYour IT network\u2019s security boundary doesn\u2019t really have a boundary.\u00a0Arsalan Khan\u00a0@ArsalanAKhan\n#ZeroTrust isn\u2019t \u201cfuture\u201d - it has to be \u201cnow.\u201d If your organization is not already deploying more encryption, identity inspection, and contextual decision-making, you probably need to be looking hard for compromises today. Wayne Anderson @DigitalSecArch\nAnd, responding to Anderson:\nOn a related note, #ZeroTrust isn\u2019t a sticker on your router or a #cybersecurity product that you buy. It\u2019s a shift in architectural patterns that have to be supported by policies. Kayne McGladrey, CISSP @kaynemcgladrey\nQuestion 5: How did IT hygiene play a role in your company\u2019s ability\/inability to address new challenges created by a rapidly distributed workforce?\nEffective IT hygiene is now more critical than ever for fostering security.\nWithout proper IT hygiene, your network becomes filthy (unreliable), and then it\u2019s easier for bad germs (hackers) to take advantage of it. A good understanding\/appreciation of what IT really does matters here too. Arsalan Khan @ArsalanAKhan\nI think it\u2019s not hygiene itself that stopped #remotework, but the assumptions that underlie the strategy. That devices would be on a network. That concurrency came from certain places. That legacy systems could be protected by ignoring certain access patterns. Wayne Anderson @DigitalSecArch\nBeing prepared for these things is the best #IT hygiene possible. Also, being fully cloud-enabled made the transition to having a 100% remote workforce much easier & seamless. Ben Rothke @benrothke\nWhile today\u2019s enterprise IT environment remains dynamic and rapidly evolving, some truths have come to light during the pandemic, including the need to foster digital transformation to support employees working at home in larger numbers than ever before. Many lessons are variations on familiar themes: IT hygiene remains paramount, and digital transformation is as much a mindset as anything else.\nTo learn more about securing the home-based workforce, visit https:\/\/world-at-home.tanium.com.