As the first days turn into weeks, and in certain countries months,
the initial chaos provoked by the coronavirus pandemic is now, for many
organisations, becoming a new normal. Disruption still reigns, yet
employers of all sizes are striving for continuity
while keeping employees safe and as effective as they can be, from
wherever they are able to work, and customers as engaged as possible.
For many, the early days will have been about getting a way of remote
working rapidly rolled out, prioritising those people who are essential
to their business. The fact is that no one knows how long this state of
uncertainty will continue. For those businesses
that can continue to function, being able to operate as effectively as
possible is going to be critical to their survival now – as is their
ability to remain in business on the other side.
To do that, many are currently solving issues that have arisen as a
result of those original decisions and policies. From workforces faced
with being their own onsite IT support (and having to wrestle with
issues such as broadband outages, and not knowing
who to speak to), to networks wrestling with capacity as decentralised
traffic assails them, and ensuring the security of this offsite reality,
enterprises need to act to ensure they do not derail their initial
efforts and cause further problems down the line.
Tackling new challenges
Ultimately the aim has been to get people up and running and operational. Perfection at this stage has not been the objective.
But this is where there now has to be a change in focus. Whether new
to remote working or with well establish processes, it is worth all
businesses using this point in time to look at what they’ve rolled out
and challenge themselves on whether it is truly
secure. Already, coronavirus-themed scams and attacks are starting to
materialise, whether socially engineered to prey on uncertainty and
worry with offers of secret cures or latest government updates, or
capitalising on the sudden increase in consumer-grade
applications being deployed to facilitate collaboration and
communication.
While basic cyber hygiene principles are hugely relevant, the fact is
that it is easier to monitor employees’ security commitment when
they’re on site, using company-provided devices. With some businesses
having resorted to equipping staff with laptops bought
from high-street retailers as offices shut, or quickly deploying bring
your own device (BYOD) approaches, that visibility is no longer readily
available.
In an ideal world, this would not be an issue, as most enterprises
should be operating on a principle of zero trust, whereby nothing on the
network or connected to business applications is trusted – so if
anything tries to access corporate services, it has
to be verified before it can proceed. In order to do this without
hampering productivity, employees need to be able to authenticate
themselves and their devices quickly.
The fact is, however, that many organisations aren’t built to
implement zero trust, and so fall back to an approach of ‘in-office’
good, ‘out-of-office’ bad. But that doesn’t work when everyone is now
out of the office. Yet if they use previous approaches
to security, that means that everyone is now also ‘bad’ and will
struggle to get anything done. This means they need to look at how they
can bring in a zero-trust model. That’s having security at the forefront
of the foundations they are laying, built in so
that it provides full protection without hindering access or the ability
to operate effectively. In doing so, organisations can not only set
themselves for the new norm but mitigate against future disruption.
However, to achieve that without restricting employees’
ability to do their jobs, employers need to have the visibility of all
the approved devices and applications being used by their workforces.
Businesses also need to rethink how they manage traffic on their
networks. With decentralised devices now trying to connect
simultaneously to the same applications, corporate networks that are not
built for remote working are going to struggle. Certain applications
and functions could be overloaded – stories are emerging of IT helpdesks
being overwhelmed as office employees, used to coming in, switching on
their device and immediately having access to a suite of tools and
applications, are now faced with being their own
IT support. With limited technical knowledge, they are using their
employer’s helpdesks for often basic needs, diverting staff from mission
critical work to answer questions on why their home broadband isn’t
working.
To stop this overwhelming resource, enterprises need to prioritise,
just as they did in the early stages by focusing on critical staff and
their application. Doing so means they can better control traffic on
networks, whether that’s deploying a triage system
with FAQs or chatbots to stop helpdesks being overwhelmed by
non-critical requests or protecting applications from users throttling
performance with less urgent use.
Accessing compute resource and services is a big task – while
businesses are getting people working from home, many workforces need to
be supported further afield, including the huge field-hospitals being
set up in nearly every city around the world. As
companies are rapidly scaling up how they service and support a fully
remote workforce, they are adding more compute, and turning to cloud
environments to support, even temporarily. This is where the
possibilities of the cloud are can provide support, by being
able to deliver infrastructure, compute, applications, networking and
security to where’s it needed, as required.
With cloud, prioritising means that the right applications and data
can be deployed into relevant environments quickly, harnessing the scale
and burst of resource that businesses need now. It also means that they
aren’t locked in – if the situation changes
in a few months’ time, they can adapt their requirements accordingly
without being tied to major infrastructure investments.
Additionally, with the need for speed and scale, procurement
behaviours in both commercial and Government organisation have radically
changed – with a certain easing on policy. Where once a bid to use
services such as cloud in a business might have required
several layers of decision-making, now organisations are adapting how
they acquire new infrastructure quickly. For instance, where once
certain types of data had to be kept in certain national locations, now
there is an increasing understanding that they will
allow certain data or apps to be in a data centre in another country.
Organisations know that to continue working, they need to be willing to adjust in order to get the resource they need.
Whether a small retailer that’s gone completely online and delivery
only, a global bank trying to onboard thousands of employees remotely or
a temporary hospital deploying new IT in a mobile facility, that means
being able to define what they need to do
to get their organisation up and running.
In short, they need to be constantly reprioritising.
The blueprint for the new normal
Today’s new norm is still fluid. But it should be about being
prepared, whether that is ensuring security for today’s remote
workforce, being able to mobilise rapidly should a second outbreak
occur, and there will always be the time businesses need to get
back to normal. Enterprises need to provide stability – for their
customers, for their employees, and for their own ability to operate.
That means putting in place the foundation, or platform, from which to
operate in a secure, flexible and decisive manner.
More is going to change in the coming months, but decisions made now can
ensure that whatever lies ahead, enterprises are equipped to mitigate
the impact on their organisation.