The past few weeks have been a blur. I've eliminated the word "unprecedented" from my vocabulary. I've become a Zoom subject matter expert and have had far too much fun applying unique Zoom backgrounds to surprise my colleagues. I've not traveled for four weeks, which is the longest spell without travel in memory. Instead, I've worked from my home for two weeks with no end in sight.
This radical shift could not have come at worse time for me and my colleagues at Denim Group. We had just closed one of the busiest weeks of the year at the annual RSA Security Conference and ran smack dab into a pandemic. My previous articles on the coronavirus seem to have been written in a bygone era. One sentence I wrote stands out: "As one attendee remarked, in a month we'll either laugh about how silly our fears were or we'll think attending RSA 2020 was the most reckless thing we've ever done."
With RSA well behind us, I can probably say with some level of confidence that I was not infected by the coronavirus while there. But in hindsight, it does seem attendance might have been, if not reckless, certainly questionable. We got a hint of what was to come less than a week after RSA, though; at least one security professional at RSA wondered how their VPNs would hold up when everyone worked from home.
I suspect this question has been asked in one way, shape, or form at virtually every organization in the last month. What we've witnessed throughout March is a shift that occurred in almost every company simultaneously. Some were better suited for the shift, while others are still struggling to support remote workers. I started to call it "work-from-home readiness," and, as vendors, we've had a chance to talk to hundreds of clients and prospects and have traded notes with other security vendors to obtain their perspective.
Here are some of the common reasons certain organizations were more prepared to support the massive shift from on-premises work to work from home:
- Business models: Certain companies were better suited to make the shift given their business models. For some, having employees working in an office was nice, but not necessary. Technology companies are the obvious candidate as they often already had distributed workforces and liberal work-from-home policies. In manufacturing, this is not the case. Absent of an entirely robotized assembly line, most manufacturing companies rely on employees to be present at their facilities to assemble product.
- Business processes that broke: Although email and conference calling lend themselves to off-site work without friction, other business processes broke in unexpected ways. For us, it was US postal mail — we didn't have a process to accept mail with everyone working from home. This is important — some clients still pay via check. Our clients and prospects spoke of purchase order and statement of work processing, which require physical signatures in many cases.
- Technical debt: Likely directly related to the business models of certain companies, we've spoken to a variety that we thought would have the capability to work from home en masse but couldn't. Technical infrastructure constraints, including lack of VPN licenses, few employees with laptops, and lack of dual-factor authentication for remote workers all handcuffed companies and made them prioritize which workers get equipment first.
- Familiarity with remote tools: Suffice it to say, we are all smarter on Zoom, or your video conferencing solution of choice, than we were a month ago. Some organizations made the transition seamlessly as they already had a workforce who were comfortable with these technologies. Others had to learn in real time, putting a strain on internal IT support desk functions and lowering productivity across the organization.
- Culture: What's most interesting is the strong effect of corporate culture on an organizations' capacity to work from home. We've observed that organizations in the same industries have made the transition to work from home, while others have failed miserably. The common denominator is company culture. Certain organizations had flexible work-from-home policies as an employee benefit and were better suited to make this rapid transition. Others who had strong "on-premises" cultures were less prepared. By design, these companies discouraged working from home and emphasized the need for on-site collaboration. These companies are still struggling today to support their remote workers.
As we continue to muddle through working from home due to the pandemic, it's been fascinating to see how certain organizations have made the transition to working from home, while others have struggled. Common denominators, such as culture and technical debt, contributed, as organizations became intensely focused on uptime with minimal disruption. I expect that many of the changes that have been made by organizations will affect us long after the stay-at-home orders have been lifted.
For me and many of my colleagues, security is a day-to-day focus of these new, uncharted waters. The shift reminds us that security is part of a broader business resiliency discussion. Having the capability to work from home seamlessly and in secure fashion only strengthens the resiliency of your organization.
- VPN Usage Surges as More Nations Shut Down Offices
- Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
- How the Software-Defined Perimeter Is Redefining Access Control
- Securing Your Remote Workforce: A Coronavirus Guide for Businesses
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.