Sponsored By

Long-Term Remote Work: Keeping Workers Productive & Secure

The pandemic has changed how we get work done. Now, data security must catch up.

Joe Payne

May 19, 2020

5 Min Read

In less than two weeks, our entire work culture shifted. In response to COVID-19, on March 19, 2020, California declared the first statewide stay-at-home order. By March 30, 26 states had joined California, sending millions to work from home. With that, COVID-19 forced companies to make rapid decisions to keep workforces safe and business moving forward.

Since that time, companies have plunged headlong into response and survival plans. Immediate concerns were focused on the health of employees and getting them set up to work from home. Security and IT teams worked around the clock to make sure employees had the tools they needed to stay connected and productive. Slack, Zoom, Microsoft OneDrive, and other collaboration apps were rolled out en masse, if they weren't already part of a work culture. All of this put a strain on security. Suddenly, security was on the hook to manage data risk beyond traditional company perimeters and do it at scale.

By now, other considerations are coming into focus. While employees are settling into home-office routines, companies are focused on making sure their businesses will exist. That may sound dramatic, but it's the same problem that Bob's coffee shop, JP Morgan, and a million other businesses continue to ponder. Business as we knew it is not going to be the same. With a nearly 100% remote workforce — and a world that is social distancing — how do we keep employees productive and teams innovating while keeping businesses secure?

Surveillance Approach
To make sure employees stay on task and don't waste time, some companies have chosen the Big Brother route. Since they can't see their employees working from home, they've installed monitoring software that collects screenshots every few minutes, logs keystrokes, and tracks website visits.

The challenge with this surveillance approach is that these types of monitoring metrics are not a measure of productivity or security. An engineer tallying up keystrokes won't tell you whether the lines of code for your new product release were finished on time. And a sales rep logging keystrokes and looking busy is not going to alert you to the fact that he was really uploading your customer records to a personal email account.

Not only does the Big Brother approach fail to solve productivity and security issues, it leads to a cultural problem: namely, a lack of trust and transparency. And that's certainly not the type of environment that fosters collaboration, creativity, and innovation.

Future of Work
The future of work has fundamentally changed. According to recent industry research, nearly three-quarters of CFO respondents plan to move more employees into permanent remote positions after the COVID-19 pandemic. The reality is that working from home and the collaboration apps that keep employees connected and productive are here to stay.

When it comes to securing a collaborative culture, covertly counting keystrokes or tracking how long workers are on their computers is antiquated police-state security. Surveillance of end users stands in stark opposition to what an open, collaborative culture is all about. If you accept these as truths, it is not a difficult leap to see that conventional approaches to data security must change.

There is a new way to think about data security. It starts by assuming positive rather than negative intent. It's based on trusting and verifying versus not trusting at all.

To solve the security challenge, new approaches to security need to take into account the implications of using collaborative apps and the increasing exposure of the endpoint. Rather than counting keystrokes, security should focus on out-of-the-ordinary file movements — for instance, when a remote worker downloads 20 files to a thumb drive or uploads financial records to a personal Dropbox. When someone abuses the trust that has been given to them, security can then investigate. That way, you don't let one "bad apple" ruin it for the rest, and the rest of the workforce can get their jobs done without interruption. Fundamentally, a trust-but-verify approach positions security teams as partners — not the police.

To address the productivity issue — well, for starters, security should not be a crutch for solving performance problems. Performance should be measured by achieving key business results. What security teams should be doing is enabling employees to work with apps that enhance productivity and help them do this safely. In our "new normal," it is more important than ever for security to be seen as enabling — rather than impeding — the very performance-based and collaborative culture businesses need to succeed.

Change does not come easy. And this new approach to securing a culture of collaboration definitely calls into question some holy grails of data security. The late Rear Admiral Grace Hopper, known as one of the foremost computer science engineers, said the most damaging phrase in the language is "We've always done it this way!" COVID-19 has unleashed unprecedented change on how we get work done. It's time that data security catches up.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

 

About the Author(s)

Joe Payne

President and CEO at Code42

Joe Payne is the President and CEO of Code42 Software. Joe is a seasoned executive with more than 20 years of leadership experience and a proven track record leading high growth security and technology companies. With a passion for identifying and solving emerging market needs, Joe engages personally in product strategy and direction, while growing and providing vision and guidance to a world-class team of security executives. Previously, Joe served as CEO of eSecurity, the first SIEM software company. He also served as the president of iDefense prior to its acquisition by VeriSign. At iDefense, Joe led some of the best white-hat security researchers in the world and worked with the top financial institutions and government agencies in the United States to improve their risk profile.

Joe also has held additional executive positions at eGrail, MicroStrategy, InteliData and Eloqua. As CEO of Eloqua, Joe led the team to $125 million in revenue, a successful IPO and a subsequent acquisition by Oracle. Joe currently serves on the Board of Directors of First Focus Campaign for Children, a non-partisan, not-for-profit advocacy organization. Joe previously served on the boards of Dealertrack (NASDAQ: TRAK), Cornerstone OnDemand (NASDAQ: CSOD), Eloqua (NASDAQ: ELOQ), Workfront, TrackMaven, Plex, e-Security, eGrail, and Ecutel.

Joe is a co-author of Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can't Ignore, which shines a light on insider risk and details what business and security leaders can do to keep their workforces productive and data protected.

Joe received his Master of Business Administration from the Fuqua School of Business where he was a Fuqua scholar. He is a magna cum laude graduate of Duke University. When not hard at work, you can find Joe cheering for the US National Soccer Team or his beloved Duke Blue Devils. Joe is married with four children.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights