Business Continuity Series: Security
The rapid increase in remote working has opened the door for a wave of security risks, from employees using personal devices to accessing corporate applications. WWT’s Rick Dudeck outlines three key areas companies need to consider when deploying a secure and scalable remote access solution while providing practical, real-world advice for both individual employees and their employer.
Read the transcript below:
- Hi there. My name is Brian Feldt, with World Wide Technology. And today I'm joined by Rick Dudeck, Senior Practice Manager of WWT's security group. Today we'll be talking about securing the network for organizations, when most if not all of their employees are working from home. Rick, I guess to start us off, real basically, why is security such an issue right now, when companies are having their employees work remotely?
- Brian, it's an interesting aspect when you look at it. Corporations were pretty much managing their employees inside the corporate walls. And now, with everything turned upside down, or inside out if you will, or outside in, they're struggling with still managing the employees and managing the devices and still trying to, they have a requirement to keep the data and the assets protected, along with their users. So even though there's been this massive shift in where the workforce is, the security requirements really haven't changed much at all. There's still the regulations that corporations fall under, if you accept credit cards there's PCI, the health care industry around HIPAA, and they still have to comply to those but in a much different manner. So, getting a handle of that, understanding what's happening on the network is really a priority for companies right now.
- We have a lot of great resources on our platform, wwt.com. I was reading just one article yesterday that outlined, you know, some key areas that organizations need to consider when deploying a secure and scalable remote access solution. Can you walk us through those a little bit?
- Sure. What we're seeing is, there's an increase in the attacks happening right now. So, a lot of bad actors, if you will, are sending out a lot of email spam, phishing emails, trying to go ahead and get somebody to click on a link. And once they do, you may think, "Well, what do I have that somebody wants?" Really, probably nothing local on your machine but your machine becomes a jumping-off point. And this is where you start looking at, companies start looking at how do I secure that connectivity? Is it in the traditional virtual private networks that I have, which has it's own problems we're gonna talk about here in a little bit. Or do I start looking at cloud-based solutions for this connectivity and a way to provide security for that user. But also there's an onus, and we'll talk about what the user's responsibility is in all of this as well, to protect the corporation now that they're working in an environment that probably has Spot the dog sitting next to him, kids running up and down the hallway, and the distractions. So, a lot of good information, and I'm gonna give some links at the end as to where users can find more information, more in-depth information that you're referring to.
- So let's get a little bit practical here. What are some things organizations can do to protect themselves, when talking about a potential security breach when employees are working remotely, but then likewise, what can employees do themselves to protect themselves, and what can they do to protect their employers?
- Good question. So, I'm gonna, I've stole this concept if you will, from one of my colleagues. We were having a conversation and we looked at what happened if you go back to the beginning of March. And what we saw was the three phases of what our customers and our clients are dealing with. He called phase one, the scramble mode. All of a sudden, I had x-number of employees that lived inside my corporate walls and they're now dispersed. They're working from home. And there was this mad scramble. I need to get that connectivity that I just mentioned. I need hardware to do that. There's lead-time problems with getting the hardware. There's the configuration of the hardware. There's capacity, there's licensing. They were dealing with all of these issues, and still trying to maintain their business. Still maintain servicing their customers. And as they started rolling, maybe security wasn't in the forefront of their mind. It was I need to get connectivity. I need to get these workers working. And that's the scramble mode. What we see as phase two is more along the stabilization. And I think most companies now have moved out of scramble. They're connected, they're working. Now they're stabilizing, or as I added to this concept, there's also optimizing the experience. Not just the connectivity and the security, but also the user experience at home. Maybe another monitor they have now, so that they have that video capability for collaboration. And now there's I think a much larger focus on making sure that the security posture of the users at home, are now more in line with that corporate policy. So we rushed really fast to get connected, and now we're really digging in and looking at, do I meet my policies now? What do I have to do? And those are things along the lines of authenticating the users, and making sure that the right users are accessing the right data at the right time. It's securing those connections. It's encrypting the end devices so that should the device get lost or lands in the wrong hands, the data on it is encrypted. So that's the stabilization mode. And that's where I think a lot of companies are now. Help me make this better. Come in and let's take an evaluation. Lemme understand what I actually have on the network now. That visibility. What am I actually managing? The third phase as you move forward is going to be more around strategy, long term. So if you're reading articles in the paper, I think companies are coming to the realization, having a lot of my employees work out at home is not a bad thing. I'm still seeing productivity. I'm able to go ahead and secure those in the last phase. And you know, continue the securing of those. Folks seem to be more productive sometimes. They're, like me and probably you, I get up in the morning and I start right into my email, before that eight o'clock punching in the time clock, right? So I think we're gonna see a shift that not all of these workers are gonna come back into the corporate offices. So that's where the strategy comes in. And that's where, you know, World Wide can really help with our services around consulting and advisory, to help companies build a program of these users, now that the workforce is inside-out, if you will. All my users from the inside are now out on that outside.
- So for a lot of organizations that are, like you said, in scrambling mode, they're really looking to connect remote workers that are doing and providing vital services to people all around the world. So security may not be top of mind for them, right from the onset. So we have a lot of great resources on our platform, wwt.com. Maybe show us a couple of those things for in the case of organizations that security is not right there on the forefront, what they can use to leverage and start, you know, getting their ducks in a row?
- Sure thing. I'm gonna go ahead and share out of screen right now. And let me walk you through our wwt.com page. So, we took a stance in the top banner as you can see. There's a business continuity resources link. And I would advise, you know, first off I would advise so that you see my picture over here, but when you, you know, if you're not already a member of wwt.com, please come over here and log in. We only ask for an email address. And that'll give you access to a lot more than if you're not a registered user. So click on business continuity resources. And you'll see, you'll land on a page that actually talks about going through and enabling critical business operations. And you can see, we looked at some use cases around telehealth, etc. What I've been talkin' about today has been focused around this remote worker. If you click there, you can learn more, and you can go and read about some of the things that we're looking at doing. We have a briefing put around this, be happy to sit down with our customers and walk through what I've been talking about. And this page also covers that collaboration. For some users the only means of collaborating with their co-workers may be the phone that they have. How do we get them a better experience? The end-user computing piece that we talked about. That connectivity that we were talking about as well. And then security, where I focus and my group focuses. And you can click there and go back to some more of the solutions and the options that we're talking about. And you'll see some of the things that I mentioned in this brief video, around encrypting and making sure you don't lose the information, the identity piece of that. The end-point protection and detection. Protecting that end-point, making sure that it has anti-malware software running on it. How do I manage and know what's on my network, and how do I protect the company's data? Again, briefings are available for this. If you wanna dive in any of these topics further, you can go to the solutions page. The security transformation page here. And you can pick out the different pieces and parts that we're talking about. Endpoint security being a big one right here. Can walk through articles and assessments that we offer, etc. So there is a ton of information on our pages. Again, recommending that folks register, poke around, but that is the best place to start, is on that home page and the business continuity resources.
- What great stuff as always. Those are the only questions that I have for you today. As you can see, lots of great content on wwt.com. Not only in regards to security, but also enabling the remote worker, as we go through this type of period. Rick, thanks for the time this morning, and we'll talk again soon.
- Thank you, Brian. My pleasure.