When the Workforce Went Home, IT Encountered a Brave New World

As CIO.com recently observed, “Never before have the pros and cons of working from home become more obvious than in 2020, as the coronavirus initiated a mass exodus from corporate offices worldwide. In the early days, employees reveled in their ability to sleep in and spend more time with the family.”

That euphoria was short-lived.

“Soon the warped reality of the pandemic set in. Workdays grew longer in the absence of daily commutes. Workers’ eyes glazed over as they sit through a marathon of daily Zoom meetings.”

Regardless of whether companies choose to continue to operate remotely, bring employees back into the office, or implement a hybrid solution in the future, what are the biggest pain points and challenges IT operations and security teams face today?

That’s the question we posed recently to members of the IDG Influencer Network, a community of industry analysts, IT professionals, and journalists. While their answers varied, Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions, spoke for many when he stressed the importance of asset and software management.

“Organizations that do not have an inventory of their devices cannot effectively manage or patch those devices, let alone apply and update security controls on those devices,” McGladrey said. “This is further complicated by many organizations allowing users to continue to use personal devices to store, process, and transfer corporate data due to the rapid shift to primarily remote work. Expect lawsuits involving insurers refusing to provide coverage for data breaches involving data on assets that were not centrally tracked or managed.”

Brian Thomas (@DivergentCIO), Chief Technology Officer for Coruzant Technologies, would agree with that.

“The challenges we face now are more around the people, productivity, and security,” he said. “We are still adjusting to this massive remote work shift, but are seeing areas that are improving, but others are concerning. Mainly how to keep companies secure when much of our network has been extended into homes with non-company devices.”

“The biggest pain points are sure to be around BYOD and shadow IT as employees resort to their own devices and cloud services to get their jobs done,” said Will Kelly (@willkelly), a Senior Technical Writer. “There will be overstretched security teams who’ll feel this pain especially because they lack experience supporting hybrid and distributed workforces at scale.”

Rosa L Smothers (@RosaLSmothers), SVP of Cyber Operations, said the rush to push their employees into remote work has created a number of security headaches for some companies.

“Some have provided laptops, while others are using their personal computer to conduct business,” she said. “This is a particular concern for homes in which the computer has multiple users. Kids without good security awareness training will click on links or download random software that could drop all sorts of malware onto the machine.”

Like many Influencers, Scott Schober (@ScottBVS), President and CEO of Berkeley Varitronics Systems Inc., said the COVID-19 pandemic has turned his businesses “upside down” over the past few months.

“Looking forward, companies need to realize that remote workforces will not go away anytime soon,” he said. “Management needs to embrace the concept of a remote workforce and strive to treat each individual employee as a remote employee, allowing a single team approach to problems. Cybersecurity can be an exceptional challenge and I recommend management require all employees receive regular cybersecurity ‘best practices’ training and simulation. Training is a vital component that will enable each remote worker with the tools and understanding to build and maintain a strong cyber posture.”

Sarah Ramsingh (@SarahRamsingh), a Machine Learning and Quantum Mechanics Expert, agreed.

“Security is now placed on the end-user,” she said. “One of the most important aspects of the office was having IT support in place to reinforce best practices. Security teams now have to fortify security from a distance. Constantly re-evaluating security clearance is a top priority. Organizations must make monthly IT video conference check-ins with various work departments mandatory.”

Remote work accelerates the move to ‘Zero Trust’

Wayne Anderson (@DigitalSecArch), Security and Compliance Architect with Microsoft’s M365 Center of Excellence, said that Zero Trust shifted from an option to a business priority in the early days of the pandemic.

“In light of the growth in remote work, 51% of business leaders are speeding up the deployment of Zero Trust capabilities,” he said. “The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey. That reality is reflected in the numbers, like 94% of companies report that they are in the process of deploying new Zero Trust capabilities to some extent.”

That sounds familiar to Larry Larmeu (@LarryLarmeu), an Enterprise Technology Leader.

“With a highly distributed workforce, this approach of boxing people in [by creating security ‘zones’] is a challenge and requires things like VPNs and application virtualization, which generally degrade the user experience to a varying extent,” Larmeu said. “Taking a different strategy of securing data, leveraging modern cloud-native tools, and focusing less on where the user is or what device they are on and more on assuring you know who the user is, ensuring they have access only to what is required, and minimizing attack surfaces will be key to enabling a secure dynamic workforce. It’s a change in mindset as much as it is a change in tools, so it will require new skills and strong leadership to get there.”

George Gerchow (@georgegerchow), Chief Security Officer at Sumo Logic, said he fears the consequences of a second outbreak.

“We know another outbreak will take place,” Gerchow said. “So bad actors will thrive as people go in and out of the office. IOT security and privacy information will also be exploited. Fever scanners, tracing software. We will have a hard time securing these things that will house massive amounts of PII.”

The need for agility is preeminent

Frank Cutitta (@fcutitta), CEO and Founder of HealthTech Decisions Lab, expects IT leadership will go through what he refers to as organizational “whiplash,” where they rapidly shifted business models to an extreme, then back to “the past normal,” and quite possibly back to the more draconian regulations placed on workers by governments and business leaders as a result of new waves of the pandemic.

“Agility and resilience baked into the culture of IT suite will be the antidote for whiplash,” he said. “IT organizations saddled with the age-old departmental stereotype of “the land of slow and no” will quickly become marginalized and irrelevant. The ultimate challenge will be the ability to embed outside-in thinking into the fabric of IT organizations.”

The need for agility also resonated with Ratan Jyoti (@reach2ratan), Chief Information Security Officer at Ujjivan Small Finance Bank Limited.

“The pandemic has brought challenges in virtually every aspect of business, and IT is no exception,” he said. “To survive, a digital transformation is required, so digital security becomes of paramount importance. The biggest challenge for IT is changing business processes for the organization, which requires considerable efforts from IT and agile security.”

Helen Yu (@YuHelenYu), a C-Level Tech Executive, said the biggest challenges for IT operations and security teams are the need to reprioritize what matters and the need to accomplish operation and security must-dos with fewer resources and limited budget.

“Organizations need to focus on resilience, reliability, flexibility and speed when driving the adoption of these new ways of working at scale,” she said. 

Caroline Wong (@CarolineWMWong), CIO of Cobalt, was terse: On-boarding and off-boarding employees have to change.

“On-boarding in a remote or hybrid environment is very different from bringing on a new hire at a company where all of the employees are physically together in the same office space,” she said. “Security awareness during on-boarding remains critical and will likely focus on different aspects of fundamental topics such as social engineering, laptop security, malware, and account management. During off-boarding, security teams will need to be in lockstep with human resources teams to ensure accounts are shut down properly and that company-owned and managed devices are returned.”

Cedric Wells (@cedricfwells), a Former IT Director, said CISOs are going to have their hands full going forward.

“If you think securing your network and users while they were in the office was a big undertaking, imagine now having to secure your Intellectual Property and your employees coming from just about anywhere, and provide a great user experience,” he said. “On top of that, the ‘bad guys’ are working overtime trying to breach companies – some of which have been successful. Security teams will need to find the right balance of enabling folks to get their job done in an efficient way and remove the friction, while at the same time not putting the company at greater risk.”

Ben Rothke (@benrothke), Senior Information Security Specialist at Tapad, believes “the most significant pain point is management working off an old-school IT mode” with a focus on on-premises solutions. It’s stopping them from making a transition to cloud-enabled services, he said.

Within the first two months of the COVID-19 pandemic, Tanium helped the world’s most demanding organizations recover their operations and regain control and visibility. Learn how to secure your distributed workforces today with Tanium as a Service, the world’s first and only zero-infrastructure unified endpoint management and security solution.