Building the secure foundation for today’s new norm
Thought Leadership: Kristine Dahl, vice president for End User Computing, EMEA, VMware
As the first days turn into weeks, and in certain countries months, the initial chaos provoked by the coronavirus pandemic is now, for many organisations, becoming a new normal.
Disruption still reigns, yet employers of all sizes are striving for continuity while keeping employees safe and as effective as they can be, from wherever they are able to work, and customers as engaged as possible.
For many, the early days will have been about getting a way of remote working rapidly rolled out, prioritising those people who are essential to their business. The fact is that no one knows how long this state of uncertainty will continue.
For those businesses that can continue to function, being able to operate as effectively as possible is going to be critical to their survival now – as is their ability to remain in business on the other side.
To do that, many are currently solving issues that have arisen as a result of those original decisions and policies. From workforces faced with being their own onsite IT support (and having to wrestle with issues such as broadband outages, and not knowing who to speak to), to networks wrestling with capacity as decentralised traffic assails them, and ensuring the security of this offsite reality, enterprises need to act to ensure they do not derail their initial efforts and cause further problems down the line.
Tackling new challenges
Ultimately the aim has been to get people up and running and operational. Perfection at this stage has not been the objective. But this is where there now has to be a change in focus.
Whether new to remote working or with well establish processes, it is worth all businesses using this point in time to look at what they’ve rolled out and challenge themselves on whether it is truly secure. Already, coronavirus-themed scams and attacks are starting to materialise, whether socially engineered to prey on uncertainty and worry with offers of secret cures or latest government updates, or capitalising on the sudden increase in consumer-grade applications being deployed to facilitate collaboration and communication.
While basic cyber hygiene principles are hugely relevant, the fact is that it is easier to monitor employees’ security commitment when they’re on site, using company-provided devices. With some businesses having resorted to equipping staff with laptops bought from high-street retailers as offices shut, or quickly deploying bring your own device (BYOD) approaches, that visibility is no longer readily available.
In an ideal world, this would not be an issue, as most enterprises should be operating on a principle of zero trust, whereby nothing on the network or connected to business applications is trusted – so if anything tries to access corporate services, it has to be verified before it can proceed.
In order to do this without hampering productivity, employees need to be able to authenticate themselves and their devices quickly. The fact is, however, that many organisations aren’t built to implement zero trust, and so fall back to an approach of ‘in-office’ good, ‘out-of-office’ bad. But that doesn’t work when everyone is now out of the office. Yet if they use previous approaches to security, that means that everyone is now also ‘bad’ and will struggle to get anything done.
This means they need to look at how they can bring in a zero-trust model. That’s having security at the forefront of the foundations they are laying, built in so that it provides full protection without hindering access or the ability to operate effectively. In doing so, organisations can not only set themselves for the new norm but mitigate against future disruption. However, to achieve that without restricting employees’ ability to do their jobs, employers need to have the visibility of all the approved devices and applications being used by their workforces.
Businesses also need to rethink how they manage traffic on their networks. With decentralised devices now trying to connect simultaneously to the same applications, corporate networks that are not built for remote working are going to struggle.
Certain applications and functions could be overloaded – stories are emerging of IT helpdesks being overwhelmed as office employees, used to coming in, switching on their device and immediately having access to a suite of tools and applications, are now faced with being their own IT support. With limited technical knowledge, they are using their employer’s helpdesks for often basic needs, diverting staff from mission critical work to answer questions on why their home broadband isn’t working.
To stop this overwhelming resource, enterprises need to prioritise, just as they did in the early stages by focusing on critical staff and their application. Doing so means they can better control traffic on networks, whether that’s deploying a triage system with FAQs or chatbots to stop helpdesks being overwhelmed by non-critical requests or protecting applications from users throttling performance with less urgent use.
Accessing compute resource and services is a big task – while businesses are getting people working from home, many workforces need to be supported further afield, including the huge field-hospitals being set up in nearly every city around the world.
As companies are rapidly scaling up how they service and support a fully remote workforce, they are adding more compute, and turning to cloud environments to support, even temporarily. This is where the possibilities of the cloud are can provide support, by being able to deliver infrastructure, compute, applications, networking and security to where’s it needed, as required.
With cloud, prioritising means that the right applications and data can be deployed into relevant environments quickly, harnessing the scale and burst of resource that businesses need now. It also means that they aren’t locked in – if the situation changes in a few months’ time, they can adapt their requirements accordingly without being tied to major infrastructure investments.
Additionally, with the need for speed and scale, procurement behaviours in both commercial and Government organisation have radically changed – with a certain easing on policy. Where once a bid to use services such as cloud in a business might have required several layers of decision-making, now organisations are adapting how they acquire new infrastructure quickly. For instance, where once certain types of data had to be kept in certain national locations, now there is an increasing understanding that they will allow certain data or apps to be in a data centre in another country.