The COVID-19 pandemic has forced organizations into different work practices -- the most obvious of which has been the need for employees to work remotely.
This has created a wave of sentiment among employees who have realized that long commutes aren't necessary to complete work-related tasks efficiently. However, without the social aspects of working from an office, many individuals want to work in a hybrid office and home environment.
For organizations, this means providing IT operations with greater flexibility in approach as they maintain security of access and an organization's intellectual property for hybrid workforces.
The main areas IT teams must focus on are network and device management and overall security.
Provision of a suitable network environment
A fully controlled network is rare. Cloud computing has introduced mixed networks that consist of the corporate network, dedicated interconnects to the cloud and the cloud network itself. Working from home (WFH) means this now extends to include public networks -- and, in many cases, uncontrolled devices. VPNs help control public network access. However, organizations must ensure that suitable network monitoring is in place to check continuously for malicious intrusion attempts and denial-of-service attacks.
Review the use of personal devices
Bring your own device (BYOD) has been a longstanding issue and many organizations already have policies in place. However, those who work remotely have pushed BYOD to become BYOO -- bring your own office.
Now, individuals use their own PC, laptop, tablet, mobile and fixed-line phone to carry out work tasks. These are far less controlled than devices under the organization's complete control -- and can be unsafe environments where viruses and other malware can find entry points into the corporate network. At the very least, organizations must mandate continuous updates to suitable antivirus and malware software.
Organizations should also have employees agree to a degree of monitoring and control over devices -- but this might not be agreeable to all employees. It might be necessary to replace BYOO policies with the provision of corporate-approved devices.
Provide corporate-agreed systems
An organization can insist that employees use specific employer-provided devices that are under the direct control of the organization. However, this approach is increasingly difficult as employees want the freedom to choose their own devices due to particular needs or wants. When this is the case, then the next point might be the only solution.
Look to sandboxed desktops
Remote desktops, such as those provided via Citrix and VMware, have existed for a long time. However, performance issues, the need for vast compute resources and network bandwidth -- along with cost -- make this possible only for the largest, most security-sensitive organizations.
Microsoft's release of Windows 365 desktop as a service, hosted within Azure, provides remote employees with a desktop that is independent of the access device. This device independence enables workers to switch seamlessly across different devices in the home and pick up where they left off when switching between home and the office. IT organizations can control remote desktops via suitable profiles -- for example, whether users can cut and paste information across the hosted desktop and their own, or whether they can print documents.
Back up and secure data
Unless all data is held in the cloud, there will be an increasing amount of data and information held, either permanently or impermanently, on users' devices. This data must be backed up for both business and regulatory purposes. Few individuals carry out backups as directed, and organizations could find it difficult to mandate it. The need for policies and agreement from individuals to allow for certain amounts of device control might be the bare minimum requirement to instate.
Overall information security
Individuals working in the office can be controlled to a certain extent. For example, an IT organization can set up profiles that prevent staff from printing out certain data; corporate policies can dictate that staff can be searched when leaving the building; and IT can monitor abnormal data usage.
When it comes to WFH, these protections become less possible. Monitoring what documents are printed can be a problem -- disgruntled employees can create copies of information to further their own ends.
Organizations must evaluate tools to better control data and information as it crosses over from the direct control of the organization into such environments. Sandboxed desktops can provide granular controls that are under the organization's direct purview. Data leak prevention helps ensure that only certain types of data can cross over into the home environment. In addition, digital rights management can curtail any user's access to data they might have, should they hand in their notice or worries arise of their trustworthiness.
The pandemic has changed the working environment for many and already, organizations are finding it difficult to mandate a return to the office. However, the technology exists for organizations to establish a supportive environment for flexible working -- and create a better environment for employees that promotes higher productivity and worker satisfaction levels.