The gradual reshaping of office life has been underway for some time, but the shift to remote work witnessed globally in the past few months has unleashed a fundamental rethink of what the office is for. Members convened for a fascinating virtual breakfast in partnership with Zscaler,  to discuss how to adapt culturally and technically to this new world.

The office reflects what a company stands for, what it does and where it sits in the market. Nathan Howe, Director of Transformation Strategy at Zscaler reminded us of the office’s origins hundreds of years ago, when Admiralty House embodied the centralisation of information control by the British Empire.

In that era, information could be protected by bricks and mortar.  Today, information flows around a mobile and distributed workforce, creating a range of security challenges. Covid-19 has foregrounded the shortcomings of secure remote access, revealed weaknesses in Business Continuity Planning (BCP), and shown today’s hub-and-spoke security model, protecting information flowing back to a central hub, is an outmoded way of thinking. 

Jaye Tillson, Head of Architecture at manufacturing firm TT Electronics, described the challenges of keeping 4800 staff across 29 locations across the globe securely and effectively connected. Over the last decade, the company had undertaken a journey from multiple disconnected entities with different systems and 11 month connection times, through to an MPLS solution that had to be rethought as bandwidth couldn’t meet the demands of an increasingly mobile workforce. Today, new acquisitions can be integrated in weeks through SD Wan, whilst working with Zscaler has enabled seamless security and better user experience for a growing remote workforce - essential in these challenging times.

Members split into six virtual discussion groups to explore issues ranging from how to instigate a user-centric security culture, to whether ‘remote first’ will become the norm for many organisations.  A number of issues and takeaways emerged:

Remote work realities

• The office model as we know it will fundamentally change, towards a hybrid model where the day-to-day job is executed remotely, whilst the office becomes a site for specific creative tasks, meetings and roles.
• Collaboration tools, whilst great for project management, don’t recreate the random moments and connections with colleagues that draw out hidden expertise and drive creativity. This could mean short-term gains in productivity, but a long-term loss of innovation. Could VR tools simulate human presence to solve this issue?
• Mentoring and performance management done remotely is particularly tough. Will people who need team connections suffer and look for roles that can provide a better balance?
• Tasks in the remote world are often allotted the same amount of time, regardless of importance, as the fluidity of office life and face-to-face interaction is replaced by a calendar-driven approach to time management, which is unsustainable.
• Organisations who can do remote work brilliantly and embed the sociality people require, will stand out.

BCP and user-centric security culture

• Despite back-ups for data centres and offices in place, many BCP plans didn’t meet the mass remote working challenges laid down by Covid-19. 
• A user-centric approach to BCP, that focuses on securing users, not buildings, is more appropriate for today.
• User-centric security is a balance between people and processes, and fundamentally is about removing pain points. Adopting a tiered security model, based on data classification is a likely solution, although there were questions whether IT should own this strategy or implement the policies around this.
• Lastly, does the shift to remote work mean that employers should be responsible for employees’ broadband?

Security challenges of multi cloud 

• Multi-cloud means different things to different organisations - it could be multiple Cloud Service Providers or private clouds. 
• Once you move into the cloud, you can start to lose control of what is out there especially in a devops environment with high levels of deployment and iteration - this can be a key vulnerability.
• Gaining visibility is critical, then placing a security framework around apps starting from zero trust, checking who has access to what, and decide whether to apply the same controls to private applications, as you do to those in the public cloud.

Adapting to the long term

• Scale was a key talking point when thinking about the longer term - from scaling hardware and devices for mass remote working, to scaling network security as demand and load fluctuates.
• How does security adapt to what is needed? Existing controls have been broken to meet current needs, but what should to be rebuilt as workplaces transition to a hybrid model of working and more BYOD over the next few months?  
• It’s time for a more egalitarian approach to connectivity. Access is access, whether remote or not, and perhaps the post-pandemic world needs baseline human rights of network connectivity.

In a short time, remote working has become an established part of life. This has forced a more user-centric approach to security, data management, network strategy and business continuity. It’s shown that organisations who adopt this approach can adapt to disruption without sacrificing their employees experience. How the new reality of work will play out depends on how organisations refine their strategy, and IT leaders have a critical role to play in championing the change to a secure and flexible model for working.

This event held was in partnership with Zscaler, a global IT security company.