Canadian IT managers believe work-from-home (WFH) will stretch on into 2021 but worry about the potential cybersecurity risks it could pose as the pandemic wears on.
According to a poll taken Thursday during a Canadian CIO virtual roundtable, nearly 80 per cent of IT executives expect their organizations to maintain or increase current levels of WFH staffing in 2021:
- 58% expect WFH levels to stay the same
- 21% expect WFH levels to increase
- 16% expect WFH to decrease
- 5% expect all staff to be back in the office/work site
Those numbers mirror a Citrix Systems Inc. survey of more than 3,700 IT leaders in seven countries, including Canada. Conducted in May, that poll revealed:
- 75% of IT leaders believe employees will not want to return to the office “as they knew it” before the pandemic started
- 72% of organizations are accelerating their digital transformation plans to accommodate long-term WFH
- 44% have hastened their timeline for those plans by more than a year
A more recent global study, released earlier this month, indicates more than half of companies currently allowing WFH expect to extend it into 2021.
WFH benefits
About 25 senior IT executives from Canadian enterprises in various industry verticals took part in Thursday’s Canadian CIO roundtable. The prevailing sentiment? WFH was deployed surprisingly quickly (and effectively) when the pandemic broke out.
“We had a really good infrastructure in place so we were able to take 95 per cent of our workforce globally to work-from-home immediately,” a Canadian IT executive from a global wealth management firm told the roundtable. (Participants were assured anonymity to encourage frank and open discussion during the event.)
WFH has been such a success that in a second roundtable poll, participants said improving it is the area of IT where they plan to increase their efforts the most:
- workforce collaboration (47%)
- SD-WAN (24%)
- IT automation (18%)
- AI, machine learning (12%)
Security concerns
While enabling remote work has kept employees safe and productive, however, it also presents new cybersecurity challenges for enterprise IT. In a third roundtable poll, participants said the top issue they’re reassessing due to the pandemic is network security, which was cited by 53 per cent. Another 29 per cent said the pandemic is causing them to take a deeper look at application security risks.
A huge realization among roundtable guests was how the increase in staff working remotely also increased the number of target areas vulnerable to potential cyber attacks.
“There’s a lot more BYO devices, a lot more cloud surfaces and people taking a look at non-enterprise IT,” said keynote guest Kurt Roemer, chief security strategist at Citrix, which sponsored the event.
Remote working has also reduced IT’s visibility into enterprise assets, especially in terms of security posture.
“The cloud infrastructure enabled (employees) to conduct their day-in-and-day-out business. But all the devices we had set up and were supposed to be managing disappeared. We weren’t getting the metrics back, so the ability to manage and monitor those disappeared too,” said one CISO during the roundtable.
Those types of infosec table stakes sidelined in the initial rush to set up WFH – like monitoring and metrics – must come back to the forefront as the pandemic continues, Roemer said.
“You need to support SaaS and the cloud and device diversity for BYOD. But make sure you’re doing it with a level of management and control and visibility, especially for things that are (needed) for compliance.”
More than connectivity
Although VPN connections to remote workers have garnered lots of attention, Roemer said the skyrocketing use of video and collaboration tools also deserves security scrutiny.
“It’s not just looking at connectivity. You need to understand the relationships people are having from a collaboration perspective, with their teammates, your customers, your data and with content. There’s a lot of moving to video-based content that can’t be analyzed through traditional methods. So analytics can really help provide for some greater governance and help identify the gaps we may have overlooked from an enterprise (security) perspective,” Roemer said.
According to the final poll conducted during the online event, here are the top pandemic related security concerns for roundtable IT executives (guests were allowed to choose multiple options):
- the distributed nature of our “attack surface” (81%)
- network security (69%)
- phishing and ransomware (63%)
- safeguarding intellectual property and customer records (56%)
- implementing zero trust (38%)
- application security (31%)
What’s next?
Roemer noted that a persona-based concept of cybersecurity is gaining new traction. It emphasizes the user’s contextual and situational relevance to data, devices and other users.
“Now it’s going towards an extension of identity with persona as the new perimeter. That (persona) is very unique to the project you’re working on or who you’re working with. So it’s getting away from that single identification at login. It’s an evolving concept,” Roemer explained.
Besides making sure WFH is accessible and secure, enterprises are also grappling with ‘what’s next?’ Roemer suggested the next phase of COVID-19 will force IT to think harder about supporting remote staff as people, not just productive workers.
“How can line-of-business leaders have the information necessary to optimize (WFH) while giving people flexibility so they can be able to take care of their children and take care of their education and all the other things they have to mix into their days? … How do we support that while ensuring we have the right security and compliance behind it, to make sure we can still be in business for decades to come?”