Collaboration tools are undergoing drastic version updates and feature overhauls on a very frequent basis, which force security departments to keep a close eye to determine whether their standards will still be met.
Remote working was a growing trend among American businesses long before the COVID-19 pandemic of 2020 struck. As technology has continued to advance and promote more information sharing and collaboration, managers and employees alike have identified the opportunity to continue being productive without requiring a trip to the office.
The appetite for remote work has varied greatly from industry to industry and business to business. Many leaders still struggle to adopt a remote model for a variety of reasons, while debates about productivity, teamwork, morale and safety are taking place every day. One of the more common factors discussed from both productivity and security perspectives is distractions.
According to a recent study conducted by JPD, 54% of employees working from home feel they are more distracted, while 29% experience more distractions in the office. The study surveyed over 2,000 Americans who typically work from the office but are now doing so from their homes.
This year, the decision to embrace a remote workforce has been made for many of us. Many employees are getting an involuntary trial of remote work and experiencing both the benefits and drawbacks. While some people have already begun returning to the office, many others are considering the long-term effects of the COVID-19 pandemic and what it has taught us about our employees’ ability to be productive from nearly anywhere.
Some organizations are now taking this opportunity to implement a long-term remote working arrangement. For those embarking on this journey for the first time, unique challenges are presenting themselves when it comes to protecting our most critical assets.
Organizations need to be very careful not to unravel the hard work and investments which have gone into building adequate levels of security and privacy. Among a myriad of challenges to consider, a few stand out to me.
Standardization
There are several paths organizations can take to secure a remote employee’s network connection, information sharing, video-conferencing sessions and more. Regardless of your organization’s preference in equipment and applications, the ability to standardize hardware and software will play a critical role in their effectiveness.
Simply put, you will struggle to consistently provide strong levels of security if you are not limiting the number of technologies and workflows in use. Remember that a well configured and supported technology will almost certainly deliver better results than the popular application that is not part of the corporation’s standard technology portfolio.
Work with your technology partners and define the service and application catalogs to confirm that essential requirements aren’t being missed. If employees have a requirement and there is no standard or supported technology to fulfil it, complaints may be the best-case scenario.
I say this because most won’t complain at all. Instead, they’ll find creative ways to get their jobs done without an approved application or service. It’s the job of the security operations center to get out in front of this before it is too late.
Remote connections
Another important decision organizations will need to make is based on remote connections to corporate resources. Remote connections aren’t a new concept to most businesses; however, many haven’t experienced it on this broad and expansive scale before.
A layer three VPN tunnel may have been acceptable for a handful of employees using it after hours, but is it still the right technology when thousands of employees are using it for eight-plus hours each day?
Does your infrastructure have the capacity to scale and support it? And even if it does, is this kind of connection the safest and most practical model in 2020? These are questions you’ll need to ask yourselves while also considering alternative solutions, such as a virtual desktop infrastructure or application presentation technologies.
Information protection
Finally, we get to the challenge of information protection. As organizations increasingly embrace a remote population within their workforce, technology providers are feeling the pressure of adapting their solutions to accommodate.
It’s important to remember that enabling the business needs to be a key goal when configuring these technologies, therefore providing employees a safe and productive way to securely share information is critical.
The need to share data won’t disappear if you don’t make a standard workflow available, and business operations won’t simply find a new way to function. People will do what they need to do in order to complete the task or challenge in front of them. The situation results in sensitive data potentially being put at risk. We need to give the business the tools needed to be successful while maintaining security and privacy – a balancing act which requires much attention.
For many, working remotely is not a possibility. Our heroes stand on the front lines of healthcare, putting themselves at risk every day in order to protect and care for patients.
Everyone else has an extremely important role in supporting this mission, and many are now doing so from home. As security and technology practitioners, we need to find new ways to enable the support required to accomplish the mission. This can most effectively be achieved through collaborative work, strategic planning and a common vision across all technology groups.
Dan Costantino is chief information security officer at Penn Medicine