Protecting productivity within the disappearing perimeter
During the past year, business leaders have seen first-hand the benefits of adopting an everywhere enterprise model of working and are now carefully considering its role in the future of work. A study by Mercer revealed 94% of employers agreed that productivity was the same or higher than pre-pandemic levels, even with employees working remotely in 2020.
It is therefore unsurprising that Gartner’s research has found that 90% of HR leaders will allow employees to continue to work remotely in the future. Whilst this may be music to the ears of employees enjoying a better work-life balance, for many IT staff, alarm bells will be ringing.
As cybersecurity criminals capitalize on the exodus from the office, the global cost of cybercrime is $1 trillion, which is exerting extreme pressure on IT departments. In a survey of 1,600 global IT professionals, Ivanti found for 63% of those interviewed, IT workloads increased 37% since remote working began.
So why are IT staff workloads increasing, and how can CISOs relieve some of the pressure without compromising productivity?
The disappearing perimeter
IT departments whose approach to cybersecurity even remotely resembles the traditional perimeter will be fighting a losing battle. Prioritizing on-premise assets in the age of the cloud is outdated. Cloud applications and mobile devices have become essential to the everyday tasks that have kept productivity high during the pandemic crisis and are accessible everywhere.
Additionally, devices have become integral to productivity. 72% of employees agree that their device has been important to ensuring their productivity during lockdowns. As a result, corporate resources are no longer restricted within a physical perimeter that IT departments can monitor and secure. Against a backdrop of increasing cyber threats, and with the rise in the number of on-premise, cloud and edge devices accessing business data, the attack scenarios for IT to bear in mind are innumerable.
As more employees use personal devices and networks to access business applications, the line between business and personal data becomes blurred. If a bad actor penetrates a device through a personal channel, what is to stop them from breaching a business application?
Zero trust
The approach to cybersecurity needs to change to align with the approach to work. When employees left the office, cybercriminals followed. So, if they are working from anywhere, they need to be protected everywhere.
As the device and networks that were once defined become less prominent, IT staff need to assume that anyone trying to gain access to the corporate network is a bad actor.
Zero trust is based on the notion that we must assume bad actors are on our network, no matter which security controls or technologies we have in place. When users log into a network, they should have minimal access to resources until they and the device they are using have been authenticated and authorized.
Coupling this approach with on-device biometrics such as facial recognition creates a stronger standard of authentication. Biometric technology removes the burden and the responsibility for employees to consistently supply strong passwords. This also improves the user experience by unlocking single-sign-on (SSO) capabilities, drastically reducing the number of IT help desk tickets.
Around the clock automation
Knowing what devices employees are using to access corporate data is an important first step to protecting that data. Having full visibility into all IT assets, therefore, remains a priority for IT departments, but as the number of devices employees are using continues to grow, it is becoming an increasingly impossible task for IT to visualize their full IT environment.
Using IT asset management (ITAM) software with built-in automation to discover what assets employees are using to access business data will provide IT staff with real-time analysis of their software and hardware inventory. This ensures continuous visibility in real-time through active and passive scanning, network scanning and third-party connectors.
Automation can also be used to bolster compliance and user productivity, by frequently detecting and solving IT issues before users even notice them. AI-driven mobile threat defence tools constantly monitor application and user behaviour on devices, meaning they can respond in real time when suspicious activity is taking place on the device and protect against potential vulnerabilities.
They are also completely unobtrusive and require no action to be activated from the end-user, meaning employees can go about their work productively, while businesses’ IT departments are safe in the knowledge that their devices are operating securely.
Self-service problem management
Service management in the everywhere enterprise presents IT teams with yet more issues. When an entire workforce is remote, IT battles routine and novel requests simultaneously and continuously which can overstretch capacity. Ivanti found the most common requests to be VPN issues (74%), video conferencing (56%), bandwidth constraints (48%), password resets (47%) and messaging issues (47%).
Organizations need quick solutions that allow IT support to prioritize risk to effectively distinguish routine tickets from genuine causes of concern. Effective IT service management (ITSM) tools that utilize automation are key to this.
The use of intelligent bots to process inquiries and complaints from employees can contribute towards faster diagnosis and resolution of problems. An issue can then be appropriately escalated if it requires extra attention whilst ensuring end users are communicated with promptly and effectively. With more employees working outside of traditional 9-5 working hours, self-servicing will enable them to troubleshoot after IT has clocked off.
What began as a rushed reaction during a crisis has evolved to be the preferred model of work for employees and their bosses. With the role of IT proving to be essential in enabling productivity, it is crucial that they are not overwhelmed and can continue to assist in innovating business continuity and prosperity. Implementing automation and zero trust allows IT departments to optimize their time more efficiently and productively without compromising quality or security.