By Tyler Affolter
When enterprises were forced to sharply accelerate their fulltime remote site strategies in early 2020, there was an interesting split in perceived effectiveness. Enterprises at the time reacted to the pandemic by leveraging and trying to scale existing technologies (VPN, bandwidth), which was challenging and expensive. This caused them to look closely at alternative options that would allow remote working at scale. Coming out of the pandemic, organizations then made long-term decisions that the C-Level believed would work well, but in reality, the operations teams found implementation challenging.
Operational executives were living a very different reality, feeling every implementation and security headache that happens when relocating hundreds-of-thousands of workers across the globe with almost no notice or advanced preparation. Today nearly 75 percent of CEOs see strategies to modernize and digitally optimize their future workplaces as defined and agreed, yet fewer than 50 percent of their operational leaders agreed, according to NTT’s 2021 Global Workplace Report (GWR).
With remote site strategies, there are actually three distinct audiences: Users; Operational; and Executive. Users want and need to just get their work done; they like technology when it is seen as helping and they dislike technology when it is seen as interfering. Operational executives also need everything to just work, but they are typically less bothered by procedural hoops, such as having to log in repeatedly and go through cumbersome authentication procedures. And C-level executives focus on whether the enterprise, at a high level, is doing everything that needs to be done.
This is why today’s more advanced authentication systems work best to keep all three groups happy. For example, consider zero trust-friendly approaches leveraging behavioral analytics, which can happen in the background, compared with multi-factor authentication and passwords, which require user actions.
Complicating this further are varying levels of permissions/privileges, where different roles merit very different authority and access. A financial analyst working remotely, for example, has different needs than a remote sales person.
Then there are the ROI issues. Often, these zero-trust friendly techniques deliver strong ROI benefits, but unless explicitly articulated, many C-levels aren’t able to attribute benefits in employee retention, more applications in a difficult job market, shorter hold times for customers, better customer service answers and fewer supply chain hiccups as attributable to cybersecurity or analytics. And yet they are a direct cause of these benefits. This highlights a gap in measurements seen between IT and OT organizations, which leads to significant challenges in showing ROI for investment.
The new normal
The complexity of today’s hybrid environments goes well beyond remote sites. It includes an escalating migration of data to the cloud. And by “the cloud,” we really mean “many clouds.” Many enterprises have authorized arrangements with two or three cloud platforms, ostensibly to protect the enterprise in case one of the cloud providers crashes or has some other major problem. But while having a cloud environment disrupted is clearly a terrible thing, it’s hard to see how having multiple cloud environments would help since a corporate tenant is almost certainly not going to know about a breach until long after it’s happened. This highlights the need to have an overall security posture to ensure security/compliance across hybrid environments.
And although redundancy is important, leveraging multiple clouds, both public and private, is often more about best execution venue for an application. Each public cloud has strengths and weaknesses and private clouds can often be preferable from a cost perspective. There is also the concern of vendor lock in. Organizations need to ensure they have the flexibility to move their applications to another cloud (public or private) if their needs change, costs increase, or performance degrades.
And those are just the IT-authorized clouds. What about all of the Shadow IT clouds purchased by users or a workgroup without corporate permission? What about cloud environments used by distribution partners? A major retail site, for example, is just as likely to have problems due to a partner’s problems as its own.
More and more, companies are pushing these decisions to the business units that need to take advantage of technology to drive competitive differentiation. Enterprises are also empowering the business units to make IT related decisions and providing the framework for those business units to make those decisions. The framework would reference security/compliance requirements, and standard infrastructure guidelines to support.
Although on-prem was cut back sharply during the early days of the pandemic, most enterprises maintained some on-prem position. The initial cutback was almost solely staffing-based, as policy sometimes prevented sufficient staffing to manage the on-prem operations. But as much as CIOs felt the need to move on-prem to the cloud, they couldn’t shift everything because some of those on-prem applications simply couldn’t move to cloud infrastructure.
This highlights the technical debt problem. Many campus environments haven’t been upgraded in several years. Now that requirements are changing as people return to the office, does it make sense to re-invest? How can we make sure that investment doesn’t go to waste? One of the key attributes to IT infrastructure investment today is to create an agile environment, one that can scale up or down based on the business’ evolving needs. This is one of the reasons customers are looking at more “as a service” options.
For information on how to accelerate your hybrid workplace transformation, visit us here.