IT’s New Normal

Recalibrating IT management and security for the post-COVID world

istock 1190052235
iStock

Pandemic-imposed imperatives have forced businesses to compress years’ worth of digital transformation to just months. Top of the list for transformation has been enabling teams to work effectively from home while shoring up cloud infrastructure and security.

Those observations were certainly born out in an IDG TechTALK on Twitter on October 15, sponsored by Tanium.

Gene De Libero (@GeneDeLibero), Chief Strategy Officer at GeekHive, headed up the discussion, drawing lively participation from experts in cybersecurity, digital transformation, and related disciplines.

Here are some highlights, lightly edited for clarity.

Question 1: How should IT leadership continue to manage the security of their remote workforce? How should leadership gear up to manage a hybrid workforce?

Participants offered up prescriptions on how to keep people working at home secure even as some of their colleagues return to the office. At a high level, they addressed the need to set and enforce proper policies.

An enforced remote work security policy - and no slacking on this one folks :) Secure & approve all VPNs and regulate the use of personal devices used by employees, then update a #remotework security policy. Dust the old one off!
Audrey DeSisto @AudreyDesisto

Map it out. From the core account out, tighten and fine-tune all access. Persistently train and talk on the responsibility of access and pick your battles - especially in #highered where you can’t control all devices. Stay aware!
Paige Francis | VP/CIO | Forbes Contributor @CIOPaige

And frontline workers, as much as IT staff, must participate in securing sensitive data.

Now more than ever the remote workers need to be more vigilant and play an active role in being an integrated part of organizational IT management.
Moin Shaikh @moingshaikh

That includes securing home IT, too.

You must establish a remote work #cybersecurity assessment and maybe replace some of your employees’ home routers. There are plenty of devices at people’s homes who have never been patched. One device can create a liability. Antonio Vieira Santos @AkwyZ

Even so, the buck has to stop with corporate IT.

In this intense #WFH environment, the onus of policing our digital highways is up to businesses. #Covid gave us an excuse (rather an opportunity) to be scrappy, but make no mistake, bad guys are watching. So keep the new ways of conducting virtual business secure. Sarbjeet Johal @sarbjeetjohal

Don’t secure places, secure data. Encrypt everything inside and out. There’s no safe zone anymore. Most importantly, train your people. Larry Larmeu @LarryLarmeu

Question 2: How should organizations shift their IT investment strategy? What changes do you expect in the return-to-work phase?

Addressing the need to pivot to new IT strategies for the new normal, some cited the need to renew existing commitments.

If your strategy is fresh, there shouldn’t be a big shift. We should be planning for #hybridworkplace - in #highered we should have been building for this all along. Of course, most of us haven’t been, but we talk a big game.
Paige Francis | VP/CIO | Forbes Contributor @CIOPaige

More emphasis on holistic thinking. Make everyone understand that security isn’t a burden but a necessity for continuation of operations and also peace of mind.
Arsalan Khan @ArsalanAKhan

However, it does seem clear that a stronger emphasis on cloud infrastructure will serve enterprises for the foreseeable future.

It’s time to shift their IT investment strategy to #cloud first and the security that goes along with it. Return to work is going to start, stumble, and hesitate for even the most prepared orgs. Will Kelly @willkelly

You really need to be investing in more telecommunication. This is one way the financial side will change. As far as going back to work, I’m not sure what that will look like or when, so it is vital to be sure remote working is easy to use when needed. Debra Ruh @debraruh

Of course, that won’t do much good if employees can’t reach corporate networks, cloud or otherwise.

Organizations should invest in updating employee work devices where older devices may slow down productivity and increase #security #risk, as well as setting aside funding for professional development and training. Audrey DeSisto @AudreyDesisto

Consider subsidizing the costs of high-speed internet for remote employees whose ‘return-to-work’ plan is to continue to avoid the office and work remote >50%. Kayne McGladrey, CISSP @kaynemcgladrey

Question 3: How have IT operations, security, and risk priorities shifted over the last few months?

Here, some chat participants cited a loss of IT control.

In my experience, once you let the #ShadowIT and #BYOD Genies out, it’s hard to put them back in the bottle. Even harder during times of crisis like so many orgs are in now. Will Kelly @willkelly

Well, most have been shifted to focus on the online/remote work side!
Debra Ruh @debraruh

To be reactive is a common human trait that also manifests itself in organizations. This applies to #cybersecurity as well. Hopefully, the #pandemic has made us rethink that it’s better to be proactive most of the time.
Arsalan Khan @ArsalanAKhan

The work-from-home environment has also forced changes in mindset.

Hopefully, CEOs who believe that we can only innovate when in the same physical space will be on their way to retiring. Antonio Vieira Santos @AkwyZ

Supporting and securing a remote workforce by pivoting from an in-office to a remote-first model has been a big priority change for firms. #ShadowIT and #BYOD are also raising their ugly heads. So few large businesses were set up for FT WFH, making for some painful shifts. Will Kelly @willkelly

Thinking around risk management has also changed.

Risk has changed as the network perimeter has changed. More data is now located off-network. IT departments had to double-check that laptops were encrypted, VPNs were upgraded, and monitoring looked beyond traditional offices. Jason James @itlinchpin

Question 4: What has become clear about the state of your IT network now that wasn’t apparent at the beginning of the year?

The pandemic has highlighted shortcomings in IT strategy, as well as revealed at least one silver lining—namely, that teams can work effectively wherever their members happen to reside.

I think we have found that we can really thrive remotely. Having our team all over the globe, we had already been mostly this way already. Debra Ruh @debraruh

To work effectively, however, employees must have the right resources. Unfortunately, security patches and tools for monitoring IT assets (ITAM solutions) have fallen short of the work-from-home challenge.

I’ve spoken to Clients where legacy patching systems fell over because the corporate devices were no longer connected 24x7 to a LAN to receive patches; this also affected ITAM solutions. Kayne McGladrey, CISSP @kaynemcgladrey

Security is more important than ever in this environment.

Your IT network’s security boundary doesn’t really have a boundary. 
Arsalan Khan @ArsalanAKhan

#ZeroTrust isn’t “future” - it has to be “now.” If your organization is not already deploying more encryption, identity inspection, and contextual decision-making, you probably need to be looking hard for compromises today.
Wayne Anderson @DigitalSecArch

And, responding to Anderson:

On a related note, #ZeroTrust isn’t a sticker on your router or a #cybersecurity product that you buy. It’s a shift in architectural patterns that have to be supported by policies. Kayne McGladrey, CISSP @kaynemcgladrey

Question 5: How did IT hygiene play a role in your company’s ability/inability to address new challenges created by a rapidly distributed workforce?

Effective IT hygiene is now more critical than ever for fostering security.

Without proper IT hygiene, your network becomes filthy (unreliable), and then it’s easier for bad germs (hackers) to take advantage of it. A good understanding/appreciation of what IT really does matters here too. Arsalan Khan @ArsalanAKhan

I think it’s not hygiene itself that stopped #remotework, but the assumptions that underlie the strategy. That devices would be on a network. That concurrency came from certain places. That legacy systems could be protected by ignoring certain access patterns. Wayne Anderson @DigitalSecArch

Being prepared for these things is the best #IT hygiene possible. Also, being fully cloud-enabled made the transition to having a 100% remote workforce much easier & seamless. Ben Rothke @benrothke

While today’s enterprise IT environment remains dynamic and rapidly evolving, some truths have come to light during the pandemic, including the need to foster digital transformation to support employees working at home in larger numbers than ever before. Many lessons are variations on familiar themes: IT hygiene remains paramount, and digital transformation is as much a mindset as anything else.

To learn more about securing the home-based workforce, visit https://world-at-home.tanium.com.

Related:

Copyright © 2020 IDG Communications, Inc.