The best technologies are those that improve work and life. They integrate quickly, then become so interwoven into the daily fabric that you can't remember life—or work—without them. But modern technology is a two-sided tool that can be used to both innovate and destroy. It’s changing the world, but modern threats—advanced, persistent threats targeting IT teams; data leakage through shadow IT; and AI-based phishing attacks—are also widespread.
To deal (or not deal), many businesses swing to extremes. Here are a few examples we’ve seen:
- They refuse to prioritize digital transformation or technology improvements because they may not see an immediate return on their investment.
- They avoid cybersecurity or business continuity planning because they assume they are too small to be a target or that security is an optional “insurance policy.”
- They react to circumstances or threats, implementing random of acts of technology in haphazard attempts to deal with crises and responding to disastrous events.
Each of these extremes expose businesses to unnecessary harm.
New risks of an expanded remote workforce
If you work in IT or compliance, you’ve always been in the business of dealing with risks outside of your control. But with an estimated 30 million office workers now working from home in the US and up to 300 million globally, strategically managing risk at a global scale is a challenge. And keeping your company compliant and secure outside of the network perimeter has become more difficult. Cyber criminals are preying on vulnerabilities and "organizations of all kinds are facing an uptick in email-based threats, endpoint security gaps, and other problems as a result of the sudden switch to a fully remote workforce," explains William Altman, Senior Analyst at the Global Cyber Center of NYC.
With a remote team—and particularly during periods of crisis and uncertainty—cybersecurity is paramount. Your IT team must be hypervigilant, and your approach to security must be strategic and holistic.
A modern approach to technology for remote teams
As technology evolves, so should our philosophies and approaches to use and manage it. Although new solutions and capabilities enter the market almost daily, several key trends will forever change the technology landscape and the value of IT teams within organizations.
- Artificial Intelligence is automating redundant and repetitive work.
- Cloud services enable organizations to shift responsibility and risk to cloud providers through PaaS and SaaS models.
- Traditional IT support has become commoditized.
- Remote workers demand more workplace flexibility and autonomy.
- Data and analytics deliver insights and enable better decision making for business leaders.
- Security and privacy regulations have increased at both federal and state levels.
To align your IT strategy to the current landscape, you must take a modern approach. Here are seven ways to modernize your technology and keep your remote team secure.
1. Zero Trust
Unfortunately, just because someone is on your network doesn’t mean they should be authorized to be there. Traditionally VPNs have been the gold standard for secure remote access to company resources. But since VPNs no longer reside in a centralized location within the corporate network perimeter, it’s become more important than ever to verify every access attempt, no matter where that request is coming from.
A zero-trust security model is a multi-layered approach to verify a series of conditions such as the user’s identity, the device, and the application and workload for which access is being requested. This model is far more mature than a traditional approach to securing remote access. When coupled with SaaS or PaaS offerings, such as Microsoft 365 and Azure Windows Virtual Desktop, you can shift the risk and minimize your attack surface.
Although securing your infrastructure is important, it may be even more important to educate your staff. This goes for both IT teams and the end users within your organization. Ninety-five percent of all security breaches are caused by human error. And in the absence of proper training, shadow IT, though often insightful, can lead to inadvertent compliance risks and violations. You must know your vulnerabilities; understand your risks; stay up to date with relevant trends, challenges, and solutions; and repeatedly train and educate users. If you are proactive with education, your people needn’t be your greatest weakness. They can become your greatest defense.
Meeting compliance requirements can help to reduce the threat of network attacks. However, because regulators are slow to make changes, meeting compliance requirements does not necessarily keep you secure. And with a newly remote team, your company has acquired a whole new set of risks that regulations like HIPAA or PCI have not accounted for in their standards. Of course, you must be diligent to put systems and governance in place to ensure your company is compliant, but you must also find ways to ensure that you think beyond compliance requirements and address actual risks. Additionally, make sure that compliance doesn’t come at the expense of productivity.
As many newly remote teams have experienced over the last few months, traditional approaches to IT have exposed their businesses to risks. Proliferation of data and applications increase attack surfaces. Outdated technology compromises security, productivity, and can lead to burnout, frustration, disengagement, and major costs. As threats become more sophisticated and complex, modern technology with a smaller footprint is a must. Consider using systems and services that are already within your technology ecosystem or at the very least, that integrate with it. A great example of this is using Azure AD, which comes with Office 365 subscriptions, instead of using traditional Active Directory domain controllers that require server-based infrastructure.
Antoine de Saint-Exupery said, “Perfection is achieved not when there is nothing more to add, but when there is nothing left to take away.” And particularly with a remote team, less is more. Too many solutions, multiple channels, and redundant platforms can lead to inefficiency, error, disconnection, distraction, and risk. You may need to consider what tools you need to get rid of as you construct the right IT strategy for your remote teams. With fewer apps and data, you can reduce your attack surface, so as a first step, consider performing an inventory and audit of all your different applications, third-party services, and data sources. Choose to either eliminate, replace, or integrate these systems in order to streamline your teams’ productivity.
As every IT manager or compliance officer knows, your technology, tools, policies, and rules are of little consequence if users and remote employees don’t adopt them. For your strategy to be effective, you must put provisions, training, and ongoing support in place to simplify complexities. Your end-user experience must be positive and seamless, with tools that are simple to understand and easy to access.
Driving your IT initiatives with a sound change-management methodology is critical to the successful outcomes of your projects. Get buy-in from senior leadership, and designate ambassadors within the organization to help evangelize these new tools and processes. Then provide your team with fanatical support that helps people become more self-sufficient and effective.
The final—and potentially most important—thing to consider in your IT strategy is its fit. Does your technology environment align to your company culture? Do your IT initiatives align to business objectives and priorities? And most importantly, how does it all fit into your company’s mission, vision, and values?
With an intentional approach to technology and comprehensive cloud-based solutions that are secure, compliant, modern, streamlined, simplified, and aligned to your business needs, you can get your IT under control and help your company succeed. For more on strategic IT for your remote team, download 10 IT strategies for your remote team.