Egnyte’s Chief Security Officer Provides Practical Advice for IT Admins Of a Remote Workforce
Companies around the globe scrambled to make work life productive for their employees once health and government mandates instructed offices to close. While the Internet became awash in work from home advice for employees, it was the IT admins who had to quickly enable their workforces to be productive, secure, and fully equipped to mimic the office environment at their kitchen table. Admins have had to move fast, and in the mad dash, some elements of data security and access to files have become apparent.
Having now lived the remote experience over the past two months, I now have a clearer perspective on what IT admins need to do in order to eliminate risk and improve the security of company data. My hope is that it gives you some sense of how to craft a strategy that addresses the challenges of enabling remote workers with secure access to their files in a way that’s convenient for them and keeps you sane in the process.
Don’t count on employees using VPN
The reality is that when everyone -- and I mean, EVERYONE -- is at home, your Internet is going to get bogged down, and that can be a productivity killer. Imagine having two parents on Zoom calls, kids connecting to other school networks (or pretending to be working on schoolwork but playing NBA2K instead); that’s a LOT of bandwidth being used all at once.
"...what really supports a secure environment for access and collaboration is having a single access point to monitor and control files."
So even though Slack and Zoom are great for communicating, if access is slow or unstable, not much is getting accomplished. Files can’t be sent or downloaded and without access to their “stuff”, your employees won’t have much to talk about during their back-to-back Zoom calls.
The solution for many is to MacGyver the situation until they can do what they need to do. This usually means doing something like switching to hotspots on their personal phones. The result is that access is being turned on and off, and many aren’t paying very close attention to how they’re accessing their company files. All of a sudden, access points multiply and security policies aren’t being followed. End-users aren’t able to see the repercussions of these shortcuts, and that presents very real security issues.
Clearly, capacity is a productivity issue, and because residential homes typically have fairly pedestrian Internet speed, capacity will always be an issue. For IT admins, the issue is to provide an acceptable, secure workaround so you don’t have to rely on the DIY solutions created in moments of panic by remote workers. Trying to bypass the problem when capacity is overwhelmed may make for some creative solutions, but multi-factor authentication, access control to files and folders, and other standard security hygiene is a non-starter.
But what really supports a secure environment for access and collaboration is having a single access point to monitor and control files. Having that means full audit capability and data protection for content at endpoints, in transit, and in storage. And that works for content that’s stored in the cloud, enterprise apps, in on-premises repositories, and anywhere else employees are accessing data.
Giving employees a single location, to create, share, and access files directly makes things simpler - no question about that. Removing the burden of having to connect through a VPN, and having to deal with unstable connectivity when the house is all online at once means that access is seamless.
Prepare for the worst: use encryption
Most companies plan ahead, or at least they think they do. The best-case scenario for companies that host their files and data on-premises is that their disaster recovery plan is working and no data has been lost or exposed. But the efficacy of disaster recovery only becomes evident after you’ve been breached.
Companies that rely on file servers are sweating the details of limited disaster recovery plans for their data center hardware, which is hugely expensive and resource-intensive to figure out. And right now, no one has time to figure out how they’re going to scale or add capacity. IT managers are also having to think through encryption, authentication, and access control. It’s a swirl of activity and if they’re managing it in an on-premises environment, it will become overwhelming.
This probably sounds very doom and gloom, but the reality in the midst of what we’re all facing is that there are all kinds of contingencies that companies haven’t thought of. Users want to access files and data on personal devices, or their home Internet connection drops in the middle of downloading or uploading files. What happens to those files? There are productivity and security ramifications that remote employees likely won’t consider, and that introduces potential security risks. It has to give IT admins pause and realize file servers are going to be a continual impediment to their security and efficiency goals.
Use technology to scale policy monitoring and enforcement
When everyone is in an office, the IT organization has the mindset of centralized governance for network security and compliance. But every remote worker is basically setting up his or her own office when they log on from the kitchen or spare bedroom. So how are you going to account for security when you don’t have control over your office environment?
IT teams have to create usage guidelines that meet with industry and government compliance standards. But the reality is that, in a time of massive disruption, if you haven’t applied automated policies to enforce those rules, you’ve already ceded control, and your valuable content will be at risk. There’s simply no way your team can manage manual policy detection, especially when employees are connecting over their home networks and through different devices. They want the files they want; doing it in a secure way should not be their problem.
Yet, it’s also not possible to create a separate environment for each home office. The only way to provide security effectively is through a single content platform. Apply your policies, manage through the dashboard of that solution, and you don’t have to worry about how employees are accessing and collaborating with the content. Encryption and access control is handled at the source (the content platform).
Help us, IT admins, you’re our only hope
True to the Jedi spirit, those who provide the most value are those who prevent things others never have to experience. The disruption experienced by remote workers is felt ten-fold by the IT admins who have to ensure safe access to files. The good news is that thinking ahead and realizing that file servers are antiquated and that disparate systems can’t work unless they have a way to centralize their content into a secure environment.
Photo by Anton Nazaretian on Unsplash