By Nathan Howe, Director of Transformation Strategy at Zscaler
COVID-19 has changed what we think of as the “office space” forever. As the pandemic hit across the globe, companies were forced to rapidly relocate staff to home offices, relying on existing network infrastructure to switch to remote working.
Most workforces have indeed shown that they can still be productive when outside an office environment, and as the business case continues to become more apparent, and the option to return to the office becomes viable, enterprises are taking stock of where their money is best invested.
At a macro level, there has already been debate about whether investing in the home offices of workers is a more economic path than paying hefty permanent rental fees for large office spaces. This, of course, would come with its own complications: should businesses be paying for the fastest home broadband connection and secure routers for their workers? What happens if a security incident takes place within a worker’s home, rather than the office?
Reallocation of responsibilities
With new challenges ever arising, at the highest levels of organisations, there’s been a distinct reallocation of responsibility, especially when it comes to unprecedented actions to ensure business continuity and security of assets that are now outside of an office’s traditional four walls. And with the growing focus on working with shrinking resources, a large part has fallen on finance teams’ shoulders.
For many businesses, when the pandemic hit, they were unprepared for this scale of remote working. At best, most planned for no more than one-third of their staff to work from home on a temporary basis at any one time. In this unforeseen situation however, bottlenecks quickly developed as a result of a massive increase in data traffic. This flood of data pushed the traditional methods for remote access to corporate networks and applications to its limits.
These issues would typically land on the desk of the IT team or the CTO. However, the reality is that the scale of the issues affected business productivity and continuity across entire organisations, so became a blockade to essential cash flow for businesses, quickly becoming a matter for finance.
Sacrificing security for function
During the earliest period of lockdown, companies took a cost-effective approach to cybersecurity that was driven by the finance function. During the search to identify the factor holding companies back from high-performance remote working, sacrificing technical solutions such as firewalls or remote access VPNs used as perimeter-based security infrastructures and on devices, would increase productivity and shore up the bottom line but penalise the organisation’s security posture.
Companies had to choose between ensuring normal levels of productivity or providing secure remote access to the sheer number of different devices used in the workplace. But it’s not always possible for companies to insist on compliance with standardised security policies across all devices.
Unfortunately, over lockdown many essential security processes, such as SSL decryption, have been bypassed entirely by companies to make remote working easier. These are quick and dirty fixes to increase connectivity and productivity, without addressing the broader issues around improving network architecture to facilitate better remote working standards. In the long term, these “fixes” not only increase the risk to an individual business, but all businesses and end-users.
Navigating uncertain times ahead
With the full return to physical offices still an uncertain potential, the security posture for organisations need to be addressed for long term stability rather than short term gains. The bypassing of security in favour of business continuity was, for many organisations, a difficult but essential decision during the most tumultuous periods of lockdown. However, finance functions have hopefully learned from its time with its hands on the security wheel is that they need to invest in converting their emergency workarounds into practical approaches for the future. The new world of work requires an hybrid approach that combines connectivity, security, and performance – all without making sacrifices that could jeopardise data and people.