For IT leaders, the transition to remote work has been tantamount to opening thousands of branch offices. A recent CanadianCIO virtual roundtable shed light on how organizations are dealing with the challenges of a distributed workforce.
“We’ve found that individuals at home are just like branch offices,” said Jack Lumley, National Sales Manager Networking with Citrix Canada. “How can you help with security and user experience when everyone is a branch?”
Physical security was also a concern. “In the past, I didn’t have to worry about teenagers and cats having access to my infrastructure,” said Corey Cox, Vice-President of Information Systems for the Tandet Group of Companies.
Many of the CIOs said they’re addressing these challenges by modernizing their technologies and increasing training for employees. “We will have to tackle the branch office issue, because we’re not going back to full-time in the office,” said one participant.
Can you improve security and usability?
Phishing and ransomware were seen as top concerns by roundtable participants. In the past, the strategy to protect against cyber attacks was to secure the perimeter, said Lumley. “Now with remote work, BYOD and the cloud, there is no perimeter anymore,” he said. “We need a holistic approach with Zero Trust.”
Zero Trust is a security model based on the principle that no one should be trusted to gain access to systems, even if they’re already inside the network. “It has to include continuous authentication and authorization, while evaluating the context for the access request,” Lumley said.
Another suggestion to deal with the proliferation of “branches” is to bring the security edge closer to the user or device. “Why don’t we have a router at the person’s home to allow secure access?” asked one participant. This is in line with the new concept of SASE (Secure Access Service Edge) which spells out secure networking requirements, but only for a cloud environment. SASE and Zero Trust could work in tandem to secure hybrid environments.
SDWAN was also raised as a way to improve the user experience. SDWAN was originally pitched as a money-saving solution, said Lumley But now branch offices are using it to get the same level of performance for applications as employees would experience in the office. “Security and SDWAN go together to provide application assurance for users,” said Lumley.
New approaches to training
Phishing emails have been on the rise and the IT leaders suspected that employees might be clicking on them more than usual because of pandemic fatigue. Many organizations are increasing training for employees, despite a concern about getting the message out in the work from home culture.
One CIO suggested that security requirements have to be rolled out differently. “It’s not that people don’t want to do it, but we take an impractical, technical approach,” he said. “If there is a way to make security personal, it will resonate well.” Another said that his organization is having success by breaking awareness campaigns into bite-sized chunks to make them easy to digest. “And if I can get the C-suite to sit in on the training, it’s a big win,” he said. “We have to empower and upskill the workforce.”