As CIO.com recently observed, \u201cNever before have the pros and cons of working from home become more obvious than in 2020, as the coronavirus initiated a mass exodus from corporate offices worldwide. In the early days, employees reveled in their ability to sleep in and spend more time with the family.\u201d\nThat euphoria was short-lived.\n\u201cSoon the warped reality of the pandemic set in. Workdays grew longer in the absence of daily commutes. Workers\u2019 eyes glazed over as they sit through a marathon of daily Zoom meetings.\u201d\nRegardless of whether companies choose to continue to operate remotely, bring employees back into the office, or implement a hybrid solution in the future, what are the biggest pain points and challenges IT operations and security teams face today?\nThat\u2019s the question we posed recently to members of the IDG Influencer Network, a community of industry analysts, IT professionals, and journalists. While their answers varied, Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions, spoke for many when he stressed the importance of asset and software management.\n\u201cOrganizations that do not have an inventory of their devices cannot effectively manage or patch those devices, let alone apply and update security controls on those devices,\u201d McGladrey said. \u201cThis is further complicated by many organizations allowing users to continue to use personal devices to store, process, and transfer corporate data due to the rapid shift to primarily remote work. Expect lawsuits involving insurers refusing to provide coverage for data breaches involving data on assets that were not centrally tracked or managed.\u201d\nBrian Thomas (@DivergentCIO), Chief Technology Officer for Coruzant Technologies, would agree with that.\n\u201cThe challenges we face now are more around the people, productivity, and security,\u201d he said. \u201cWe are still adjusting to this massive remote work shift, but are seeing areas that are improving, but others are concerning. Mainly how to keep companies secure when much of our network has been extended into homes with non-company devices.\u201d\n\u201cThe biggest pain points are sure to be around BYOD and shadow IT as employees resort to their own devices and cloud services to get their jobs done,\u201d said Will Kelly (@willkelly), a Senior Technical Writer. \u201cThere will be overstretched security teams who\u2019ll feel this pain especially because they lack experience supporting hybrid and distributed workforces at scale.\u201d\nRosa L Smothers (@RosaLSmothers), SVP of Cyber Operations, said the rush to push their employees into remote work has created a number of security headaches for some companies.\n\u201cSome have provided laptops, while others are using their personal computer to conduct business,\u201d she said. \u201cThis is a particular concern for homes in which the computer has multiple users. Kids without good security awareness training will click on links or download random software that could drop all sorts of malware onto the machine.\u201d\nLike many Influencers, Scott Schober (@ScottBVS), President and CEO of Berkeley Varitronics Systems Inc., said the COVID-19 pandemic has turned his businesses \u201cupside down\u201d over the past few months.\n\u201cLooking forward, companies need to realize that remote workforces will not go away anytime soon,\u201d he said. \u201cManagement needs to embrace the concept of a remote workforce and strive to treat each individual employee as a remote employee, allowing a single team approach to problems. Cybersecurity can be an exceptional challenge and I recommend management require all employees receive regular cybersecurity \u2018best practices\u2019 training and simulation. Training is a vital component that will enable each remote worker with the tools and understanding to build and maintain a strong cyber posture.\u201d\nSarah Ramsingh (@SarahRamsingh), a Machine Learning and Quantum Mechanics Expert, agreed.\n\u201cSecurity is now placed on the end-user,\u201d she said. \u201cOne of the most important aspects of the office was having IT support in place to reinforce best practices. Security teams now have to fortify security from a distance. Constantly re-evaluating security clearance is a top priority. Organizations must make monthly IT video conference check-ins with various work departments mandatory.\u201d\nRemote work accelerates the move to \u2018Zero Trust\u2019\nWayne Anderson (@DigitalSecArch), Security and Compliance Architect with Microsoft\u2019s M365 Center of Excellence, said that Zero Trust shifted from an option to a business priority in the early days of the pandemic.\n\u201cIn light of the growth in remote work, 51% of business leaders are speeding up the deployment of Zero Trust capabilities,\u201d he said. \u201cThe Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey. That reality is reflected in the numbers, like 94% of companies report that they are in the process of deploying new Zero Trust capabilities to some extent.\u201d\nThat sounds familiar to Larry Larmeu (@LarryLarmeu), an Enterprise Technology Leader.\n\u201cWith a highly distributed workforce, this approach of boxing people in [by creating security \u2018zones\u2019] is a challenge and requires things like VPNs and application virtualization, which generally degrade the user experience to a varying extent,\u201d Larmeu said. \u201cTaking a different strategy of securing data, leveraging modern cloud-native tools, and focusing less on where the user is or what device they are on and more on assuring you know who the user is, ensuring they have access only to what is required, and minimizing attack surfaces will be key to enabling a secure dynamic workforce. It's a change in mindset as much as it is a change in tools, so it will require new skills and strong leadership to get there.\u201d\nGeorge Gerchow (@georgegerchow), Chief Security Officer at Sumo Logic, said he fears the consequences of a second outbreak.\n\u201cWe know another outbreak will take place,\u201d Gerchow said. \u201cSo bad actors will thrive as people go in and out of the office. IOT security and privacy information will also be exploited. Fever scanners, tracing software. We will have a hard time securing these things that will house massive amounts of PII.\u201d\nThe need for agility is preeminent\nFrank Cutitta (@fcutitta), CEO and Founder of HealthTech Decisions Lab, expects IT leadership will go through what he refers to as organizational \u201cwhiplash,\u201d where they rapidly shifted business models to an extreme, then back to \u201cthe past normal,\u201d and quite possibly back to the more draconian regulations placed on workers by governments and business leaders as a result of new waves of the pandemic.\n\u201cAgility and resilience baked into the culture of IT suite will be the antidote for whiplash,\u201d he said. \u201cIT organizations saddled with the age-old departmental stereotype of \u201cthe land of slow and no\u201d will quickly become marginalized and irrelevant. The ultimate challenge will be the ability to embed outside-in thinking into the fabric of IT organizations.\u201d\nThe need for agility also resonated with Ratan Jyoti (@reach2ratan), Chief Information Security Officer at Ujjivan Small Finance Bank Limited.\n\u201cThe pandemic has brought challenges in virtually every aspect of business, and IT is no exception,\u201d he said. \u201cTo survive, a digital transformation is required, so digital security becomes of paramount importance. The biggest challenge for IT is changing business processes for the organization, which requires considerable efforts from IT and agile security.\u201d\nHelen Yu (@YuHelenYu), a C-Level Tech Executive, said the biggest challenges for IT operations and security teams are the need to reprioritize what matters and the need to accomplish operation and security must-dos with fewer resources and limited budget.\n\u201cOrganizations need to focus on resilience, reliability, flexibility and speed when driving the adoption of these new ways of working at scale,\u201d she said.\u00a0\nCaroline Wong (@CarolineWMWong), CIO of Cobalt, was terse: On-boarding and off-boarding employees have to change.\n\u201cOn-boarding in a remote or hybrid environment is very different from bringing on a new hire at a company where all of the employees are physically together in the same office space,\u201d she said. \u201cSecurity awareness during on-boarding remains critical and will likely focus on different aspects of fundamental topics such as social engineering, laptop security, malware, and account management. During off-boarding, security teams will need to be in lockstep with human resources teams to ensure accounts are shut down properly and that company-owned and managed devices are returned.\u201d\nCedric Wells (@cedricfwells), a Former IT Director, said CISOs are going to have their hands full going forward.\n\u201cIf you think securing your network and users while they were in the office was a big undertaking, imagine now having to secure your Intellectual Property and your employees coming from just about anywhere, and provide a great user experience,\u201d he said. \u201cOn top of that, the \u2018bad guys\u2019 are working overtime trying to breach companies \u2013 some of which have been successful. Security teams will need to find the right balance of enabling folks to get their job done in an efficient way and remove the friction, while at the same time not putting the company at greater risk.\u201d\nBen Rothke (@benrothke), Senior Information Security Specialist at Tapad, believes \u201cthe most significant pain point is management working off an old-school IT mode\u201d with a focus on on-premises solutions. It\u2019s stopping them from making a transition to cloud-enabled services, he said.\nWithin the first two months of the COVID-19 pandemic, Tanium helped the world\u2019s most demanding organizations recover their operations and regain control and visibility. Learn how to secure your distributed workforces today with Tanium as a Service, the world\u2019s first and only zero-infrastructure unified endpoint management and security solution.