Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
John B. Dickson
John B. Dickson
Connect Directly
E-Mail vvv

How Company Cultures Dictated Work-from-Home Readiness

Companies large and small are discovering just how prepared they were for all employees to work remotely

The past few weeks have been a blur. I've eliminated the word "unprecedented" from my vocabulary. I've become a Zoom subject matter expert and have had far too much fun applying unique Zoom backgrounds to surprise my colleagues. I've not traveled for four weeks, which is the longest spell without travel in memory. Instead, I've worked from my home for two weeks with no end in sight. 

This radical shift could not have come at worse time for me and my colleagues at Denim Group. We had just closed one of the busiest weeks of the year at the annual RSA Security Conference and ran smack dab into a pandemic. My previous articles on the coronavirus seem to have been written in a bygone era. One sentence I wrote stands out: "As one attendee remarked, in a month we'll either laugh about how silly our fears were or we'll think attending RSA 2020 was the most reckless thing we've ever done."

With RSA well behind us, I can probably say with some level of confidence that I was not infected by the coronavirus while there. But in hindsight, it does seem attendance might have been, if not reckless, certainly questionable. We got a hint of what was to come less than a week after RSA, though; at least one security professional at RSA wondered how their VPNs would hold up when everyone worked from home.

I suspect this question has been asked in one way, shape, or form at virtually every organization in the last month. What we've witnessed throughout March is a shift that occurred in almost every company simultaneously. Some were better suited for the shift, while others are still struggling to support remote workers. I started to call it "work-from-home readiness," and, as vendors, we've had a chance to talk to hundreds of clients and prospects and have traded notes with other security vendors to obtain their perspective.

Here are some of the common reasons certain organizations were more prepared to support the massive shift from on-premises work to work from home:  

  • Business models: Certain companies were better suited to make the shift given their business models. For some, having employees working in an office was nice, but not necessary. Technology companies are the obvious candidate as they often already had distributed workforces and liberal work-from-home policies. In manufacturing, this is not the case. Absent of an entirely robotized assembly line, most manufacturing companies rely on employees to be present at their facilities to assemble product.
  • Business processes that broke: Although email and conference calling lend themselves to off-site work without friction, other business processes broke in unexpected ways. For us, it was US postal mail — we didn't have a process to accept mail with everyone working from home. This is important — some clients still pay via check. Our clients and prospects spoke of purchase order and statement of work processing, which require physical signatures in many cases.  
  • Technical debt: Likely directly related to the business models of certain companies, we've spoken to a variety that we thought would have the capability to work from home en masse but couldn't. Technical infrastructure constraints, including lack of VPN licenses, few employees with laptops, and lack of dual-factor authentication for remote workers all handcuffed companies and made them prioritize which workers get equipment first. 
  • Familiarity with remote tools: Suffice it to say, we are all smarter on Zoom, or your video conferencing solution of choice, than we were a month ago. Some organizations made the transition seamlessly as they already had a workforce who were comfortable with these technologies. Others had to learn in real time, putting a strain on internal IT support desk functions and lowering productivity across the organization. 
  • Culture: What's most interesting is the strong effect of corporate culture on an organizations' capacity to work from home. We've observed that organizations in the same industries have made the transition to work from home, while others have failed miserably. The common denominator is company culture. Certain organizations had flexible work-from-home policies as an employee benefit and were better suited to make this rapid transition. Others who had strong "on-premises" cultures were less prepared. By design, these companies discouraged working from home and emphasized the need for on-site collaboration. These companies are still struggling today to support their remote workers.

As we continue to muddle through working from home due to the pandemic, it's been fascinating to see how certain organizations have made the transition to working from home, while others have struggled. Common denominators, such as culture and technical debt, contributed, as organizations became intensely focused on uptime with minimal disruption. I expect that many of the changes that have been made by organizations will affect us long after the stay-at-home orders have been lifted.

For me and many of my colleagues, security is a day-to-day focus of these new, uncharted waters. The shift reminds us that security is part of a broader business resiliency discussion. Having the capability to work from home seamlessly and in secure fashion only strengthens the resiliency of your organization.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

John Dickson is an internationally recognized security leader, entrepreneur, and Principal at Denim Group Ltd. He has nearly 20 years of hands-on experience in intrusion detection, network security, and application security in the commercial, public, and military sectors. As ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...