By Kris Lahiri, Co-founder and Chief Security Officer of Egnyte
There’s no going back; remote work is here to stay. The COVID-19 pandemic simply accelerated a movement that was already happening. But are businesses equipped to handle such a rapid shift, and manage all the challenges that come with it? Some organizations believe they simply need to adopt new communication, collaboration and file sharing tools to make the leap. But, becoming a truly digital business today is about more than simply adopting Slack, Zoom or Box. You must build systems and processes that make distributed business operations and information sharing both seamless and secure.
In a post-COVID world, you have to develop strategies that enable every user to work collaboratively, with access to the content, files and data they need to be productive, while minimizing security and compliance risks. That’s a tall order, but all CIOs and IT administrators must confront it – and the sooner the better.
Let’s recap some of the top remote work challenges that apply almost universally. Chances are, your business network simply wasn’t designed to support remote work at scale. As employees switched to off-network operations overnight, many networks became overwhelmed. To make matters worse, users have been relying heavily on their home internet connections to get work done, all while competing with other family members for valuable bandwidth. Slow or unstable connections can be an instant productivity killer. In response, shadow IT grows as some employees turn to hotspots, non-sanctioned email and messaging channels on personal devices and free, unfamiliar cloud apps for file storage and other services. These are quick fixes that allow employees to get important work done, but they can cause a host of problems. Your IT team can’t manage applications and services it isn’t aware of, and your company can’t guard against security and compliance risks it can’t see.
To prevent your newly remote workforce from devolving into the wild west, it’s critical that you take control. Here are several best practices every CIO and IT administrator should consider in order to give off-network employees safe access to the files and content they need to be productive without compromising on security or compliance:
1. Limit Your Reliance on VPNs. You can and should use VPNs to provide point-to-point access to the network for core infrastructure tasks, but you shouldn’t rely on them as the go-to solution for privately and securely sharing data. The reality is that VPNs carry serious performance and scalability tradeoffs and can even increase security risks. Supplement those VPNs supporting core infrastructure tasks with alternative solutions for accessing and sharing files securely that don’t hinder productivity. This might mean implementing multi-factor authentication to ensure that only the appropriate users have access to sensitive information or a single point of access for company files and content (to simplify and secure file storage and sharing). Tools like these can help remote workers quickly and securely get access to the content they need without being burdened by slow VPN connections.
2. Implement Data Protections Fit for a Distributed Workforce. You’re now facing remote work security challenges on a much larger scale than you ever have before. These include off-network employees circumventing IT policies, greater use of personal devices to access company data, and more. To respond to these challenges and prepare for new ones, you must up-level your data protection effort. Consider implementing advanced antivirus solutions, endpoint defenses and ransomware protections to avert off-network attacks, and strengthen file permission policies through end-to-end encryption to ensure all shared files and folders remain private.
3. Modernize Your Policy Monitoring and Enforcement. Managing network security compliance and governance is much easier when your entire workforce is in the same location. When your teams are operating from home using unfamiliar networks and devices, enforcing key IT policies becomes an uphill battle. How can you maintain order and security across so many environments outside your direct control? The answer is to create network usage guidelines that comply with industry and government standards, and leverage automated policy enforcement to ensure employees are operating safely and securely at scale. This means making sure only employees with high-level privileges can open confidential files and documents, tracking data storage and access to monitor compliance and more. Utilizing a single content management platform can dramatically simplify the monumental task of ensuring that your critical IT policies are applied and enforced uniformly regardless of the location of each user.
4. Evolve Your Content Infrastructure: A growing remote workforce means you have much more data and content to manage and protect than what would traditionally be housed in the office or your data center. While some IT teams can modernize their content infrastructure by moving to a centralized, cloud-based management system, others are bound by costs or contracts that require them to preserve legacy systems. But settling for outdated content infrastructure simply isn’t tenable as remote work continues to present new productivity, security and compliance challenges. If you find yourself in this situation, consider a hybrid approach that integrates new cloud-based, centralized content management solutions with legacy systems to ensure your IT team has a greater degree of control over content management and file sharing.
There’s no going back to the way things were. We’re all grappling with the best way to adapt to this new reality in which we find ourselves. In order to ensure your digital business is equipped to handle the challenges brought on by remote work, you must transition away from disparate legacy file services and content management approaches. Consider the above advice and ask yourself, does your organization have the IT strategies, systems and policies in place to move forward as a truly digital business in the age of remote work?
About the Author: Kris Lahiri is a co-founder and the Chief Security Officer of Egnyte. He is responsible for creating and implementing Egnyte’s global information security and compliance management strategies, policies and controls that protect all of Egnyte’s customers’ content and users. Prior to Egnyte, Kris spent many years in the design and deployment of large-scale infrastructures for Fortune 100 customers of Valdero and KPMG Consulting. Kris has a B.Tech in Engineering from the Indian Institute of Technology, Banaras, and an MS from the University of Cincinnati. For more information, visit: https://www.egnyte.com. Connect with Kris at https://www.linkedin.com/in/kris-lahiri-135bb2 or https://twitter.com/governanceguru.