Companies large and small are discovering just how prepared they were for all employees to work remotely

John B. Dickson, CISSP, Principal, Denim Group

April 14, 2020

5 Min Read

The past few weeks have been a blur. I've eliminated the word "unprecedented" from my vocabulary. I've become a Zoom subject matter expert and have had far too much fun applying unique Zoom backgrounds to surprise my colleagues. I've not traveled for four weeks, which is the longest spell without travel in memory. Instead, I've worked from my home for two weeks with no end in sight. 

This radical shift could not have come at worse time for me and my colleagues at Denim Group. We had just closed one of the busiest weeks of the year at the annual RSA Security Conference and ran smack dab into a pandemic. My previous articles on the coronavirus seem to have been written in a bygone era. One sentence I wrote stands out: "As one attendee remarked, in a month we'll either laugh about how silly our fears were or we'll think attending RSA 2020 was the most reckless thing we've ever done."

With RSA well behind us, I can probably say with some level of confidence that I was not infected by the coronavirus while there. But in hindsight, it does seem attendance might have been, if not reckless, certainly questionable. We got a hint of what was to come less than a week after RSA, though; at least one security professional at RSA wondered how their VPNs would hold up when everyone worked from home.

I suspect this question has been asked in one way, shape, or form at virtually every organization in the last month. What we've witnessed throughout March is a shift that occurred in almost every company simultaneously. Some were better suited for the shift, while others are still struggling to support remote workers. I started to call it "work-from-home readiness," and, as vendors, we've had a chance to talk to hundreds of clients and prospects and have traded notes with other security vendors to obtain their perspective.

Here are some of the common reasons certain organizations were more prepared to support the massive shift from on-premises work to work from home:  

  • Business models: Certain companies were better suited to make the shift given their business models. For some, having employees working in an office was nice, but not necessary. Technology companies are the obvious candidate as they often already had distributed workforces and liberal work-from-home policies. In manufacturing, this is not the case. Absent of an entirely robotized assembly line, most manufacturing companies rely on employees to be present at their facilities to assemble product.

  • Business processes that broke: Although email and conference calling lend themselves to off-site work without friction, other business processes broke in unexpected ways. For us, it was US postal mail — we didn't have a process to accept mail with everyone working from home. This is important — some clients still pay via check. Our clients and prospects spoke of purchase order and statement of work processing, which require physical signatures in many cases.  

  • Technical debt: Likely directly related to the business models of certain companies, we've spoken to a variety that we thought would have the capability to work from home en masse but couldn't. Technical infrastructure constraints, including lack of VPN licenses, few employees with laptops, and lack of dual-factor authentication for remote workers all handcuffed companies and made them prioritize which workers get equipment first. 

  • Familiarity with remote tools: Suffice it to say, we are all smarter on Zoom, or your video conferencing solution of choice, than we were a month ago. Some organizations made the transition seamlessly as they already had a workforce who were comfortable with these technologies. Others had to learn in real time, putting a strain on internal IT support desk functions and lowering productivity across the organization. 

  • Culture: What's most interesting is the strong effect of corporate culture on an organizations' capacity to work from home. We've observed that organizations in the same industries have made the transition to work from home, while others have failed miserably. The common denominator is company culture. Certain organizations had flexible work-from-home policies as an employee benefit and were better suited to make this rapid transition. Others who had strong "on-premises" cultures were less prepared. By design, these companies discouraged working from home and emphasized the need for on-site collaboration. These companies are still struggling today to support their remote workers.

As we continue to muddle through working from home due to the pandemic, it's been fascinating to see how certain organizations have made the transition to working from home, while others have struggled. Common denominators, such as culture and technical debt, contributed, as organizations became intensely focused on uptime with minimal disruption. I expect that many of the changes that have been made by organizations will affect us long after the stay-at-home orders have been lifted.

For me and many of my colleagues, security is a day-to-day focus of these new, uncharted waters. The shift reminds us that security is part of a broader business resiliency discussion. Having the capability to work from home seamlessly and in secure fashion only strengthens the resiliency of your organization.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

About the Author(s)

John B. Dickson

John B. Dickson

CISSP, Principal, Denim Group

John Dickson is an internationally recognized security leader, entrepreneur, and Principal at Denim Group Ltd. He has nearly 20 years of hands-on experience in intrusion detection, network security, and application security in the commercial, public, and military sectors. As a Denim Group Principal, he helps executives and chief security officers of Fortune 500 companies and government organizations launch and expand their critical application security initiatives. His leadership has been instrumental in Denim Group being honored by Inc. Magazine as one of the fastest growing companies in the industry for five years in a row. A former US Air Force officer, Dickson served in the Air Force Information Warfare Center (AFIWC) and was a member of the Air Force Computer Emergency Response Team (AFCERT). Since his transition to the commercial arena, he has played significant client-facing roles with companies such as Trident Data Systems, KPMG, and SecureLogix. 

See more from John B. Dickson
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Mitre company logo
Cyberattacks & Data Breaches
Top MITRE ATT&CK Techniques and How to Defend Against ThemTop MITRE ATT&CK Techniques and How to Defend Against Them
byNate Nelson, Contributing Writer
Apr 10, 2024
4 Min Read
A medical professional wearing scrub attire clicking on a screen in front of her
Cyberattacks & Data Breaches
Round 2: Change Healthcare Targeted in Second Ransomware AttackRound 2: Change Healthcare Targeted in Second Ransomware Attack
byDark Reading Staff
Apr 8, 2024
2 Min Read
A magnifying glass being held up in front of the apple logo
Vulnerabilities & Threats
Apple Warns Users in 150 Countries of Mercenary Spyware AttacksApple Warns Users Targeted by Mercenary Spyware
byDark Reading Staff
Apr 11, 2024
1 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events