Tech Journal From MacGyver to Optimizer: How to Secure and Enhance Your Ad Hoc Remote Work Solutions
By Dena Colombo / 16 Mar 2021 / Topics: Cybersecurity Collaboration Featured
By Dena Colombo / 16 Mar 2021 / Topics: Cybersecurity Collaboration Featured
In early 2020, the pandemic forced IT leaders around the world to take on the role of MacGyver — crafting solutions to the remote work dilemma with little more than a Swiss Army knife and duct tape. Okay, maybe they weren’t limited to a Swiss Army knife and duct tape, but most IT leaders had to quickly pool resources and adopt new technologies to enable remote work practically overnight.
Now, having achieved remote work enablement, many IT leaders are taking the opportunity to revisit how they did it. Whether it’s security, remote management, collaboration or cost optimization, there are plenty of opportunities to optimize the MacGyvered solutions we all rolled out in 2020.
In this article, we’ll share our thoughts and advice on how to make the most of your recent IT investments, while also shoring up any gaps in security or the end-user experience.
Your optimization journey should ideally start with reflection. Ask yourself the following questions:
After reflecting on how you got to where you are, your next step is to identify how you can refine what you’ve already built and reengage your end users. While the pandemic may have forced your organization to move to the cloud faster than expected, you now have an incredible opportunity to realize the full potential of the cloud.
When forced to MacGyver a remote work solution, most organizations implemented whatever was convenient or economical at the time. For example, many of our clients jumped on the free trials offered by some of our collaboration partners (Microsoft Teams, Cisco Webex and Zoom).
The trials served as a short-term solution to the problem of remote communication, buying companies more time to figure out their long-term plans. Now that most of these trials have expired, IT leaders are having to make their next move. While some are converting their trials into paid subscriptions, others are moving to their preferred collaboration platform. If you’re nearing the end of a trial, make sure you’ve considered your options and solidified your go-forward plan.
Even if you’ve already landed your preferred cloud collaboration solution, that doesn’t mean you can set it and forget it. A return to the office could be on the horizon, which means you may need to decide what collaboration will look like for a hybrid workforce.
We’ve already seen this with some of our clients who rolled out Microsoft Teams for remote collaboration, though they previously used Cisco in the office. Now they have to decide whether to adapt Microsoft Teams for use within the office, make the switch back to Cisco or perhaps combine the two.
A critical component of any new technology rollout is always change management and end-user education. However, IT leaders had to skip this step to prioritize business continuity. At the end of the day, companies did get their users working, but most don’t know how to use all the features available to them.
For instance, with Microsoft Teams we’ve found that most people are only using the platform for meetings and chat — they’ve barely scratched the surface of everything they could be doing with Teams. Organizations pay for advanced functionality, but since no one knows how to use it, the investment is wasted.
Even before the pandemic, so few organizations were getting the full value from their IT investments that we created a solution around Managed Adoption. This offering helps our clients understand all the capabilities of a given platform, as well as the benefits users could achieve by fully adopting the product. We’d urge you to check it out if you’re struggling with end-user adoption.
The “MacGyver syndrome” can be particularly dangerous when it comes to any cloud solutions tied to identities and data access. Any weakness in permissions or password management could easily lead to a serious security breach.
Unfortunately, IT leaders were so focused on business continuity that security often took a back seat in the transition to remote work. In a recent Netwrix report, an alarming 85% of Chief Information Security Officers (CISOs) admitted they sacrificed cybersecurity to enable employees to work remotely; 63% also reported an increase in the frequency of cyberattacks since the pandemic began.
Security stats
- 60% of CISOs found new security gaps as a result of the transition to remote work.
- 58% reported employees ignoring cybersecurity policies and guidelines.
- 54% said they lack the visibility needed to ensure proper data protection.
- 48% reported phishing attacks within the first three months of the pandemic.
At this point, it’s critical to identify any security vulnerabilities your team may have missed while rushing to cloud-enable the business. In an interview with TechRepublic, Michael Raggo, cloud security expert at CloudKnox, had this to say: “One of the systemic issues we've seen in organizations that have been breached recently are a vast amount of over-permissioned identities accessing cloud infrastructure and gaining access to business-critical resources and confidential data.”
Take this opportunity to not only look for weaknesses in your network security or Virtual Private Network (VPN) architecture, but also your user permissions. Over-permissioning your users is no different than leaving a skeleton key on the table for anyone to access anything. As Raggo advises, these times necessitate “adhering to the principle of least privilege, leveraging a continuous, automated and data-driven approach using activity-based authorization.”
The world is becoming more connected and data is easier to access. This is great for your end users, but can also lead to more security vulnerabilities. That’s why it’s vital to think differently about security.
At Insight, we’re focused on starting security at the door — and the door is the identity. While endpoint protection will always be important, it’s even more important to secure user identities through things like Multi-factor Authentication (MFA) and Single Sign-On (SSO). This, combined with intentional user permissioning and data classification will create a strong security posture for your organization.
In the same TechRepublic article we referenced earlier, Jason Rader, national director of network and cloud security at Insight, explores what it means to protect at the door: “Identifying your users, ensuring they’re who they say they are and controlling the resources they’re permitted to access have always been important. With this year's rise in remote workers, it’s time to revisit ways to gain more control and analysis out of this effort.”
Security isn’t just about your systems either, it also extends to your people and your culture. You have to create a culture where your users know how to access data securely and how to avoid phishing schemes. In one Forbes article, Insight CEO, Ken Lamneck advocates for security education, saying: “Security awareness programs, such as sending periodic fake phishing emails to educate employees about different phishing techniques, can be an important line of defense against bad actors targeting your remote workforce.”
Finally, you’ll also need to address new compliance regulations, including the California Consumer Privacy Act (CCPA), Cybersecurity Maturity Model Certification (CMMC) and the General Data Protection Regulation (GDPR). Consider now whether you have enough visibility into your security stack to remain compliant with these and other upcoming regulations.
Security is always going to be at the danger zone — it has to remain a top priority moving forward. But, having said that, there’s opportunity now for IT leaders to reflect on how they really want the business to run. Will you continue to let all employees work from home? Will you create a hybrid environment? Or do you expect your workforce to return to the office fulltime?
There’s opportunity to grow across the board, whether you’re back in the office, working from home or somewhere in between, and this time, you don’t have to figure it out with just a Swiss Army knife and duct tape.
Cybersecurity Collaboration Tech Journal Connected Workforce View all focus areas