This year, many companies realized business resilience was more than just a buzzword on a PowerPoint slide. They found themselves struggling to survive a crisis no one saw coming, but which had a massive impact worldwide. Now is the time to examine what business resilience means in practice, and to ensure that an organization has enough of it not just to survive the pandemic, but to thrive afterwards.
As they surface from the first wave of the pandemic and prepare for the financial barrage of the second, many organizations are focused on short-term survival. Business resilience addresses that challenge, but also involves longer-term planning.
When it comes to survival, companies are in uncharted territory. Business textbooks advise on weathering a recession, but none of them explain how to do it during a pandemic. Companies that secure funds to continue operations must still alter their working practices to accommodate new and rapidly changing health and safety requirements, which means a transition in the traditional working environment.
The everywhere enterprise
Businesses are adjusting to an Everywhere Enterprise model of working, where employees can work from anywhere and corporate data resides everywhere. This new model of working has helped them to overcome many of the short-term challenges face by Covid-19.
The Everywhere Enterprise created immediate cost savings in areas ranging from corporate food bills to energy payments and on-premises support teams, along with medium-term savings in rental costs. The model has also enabled businesses to enhance productivity by quickly mobilizing workforces. In a recent MobileIron survey, we found that two-thirds of employees (66 percent) agreed that their business had the right technologies in place at the start of the pandemic to enable them to work from home productively.
The same research also highlighted that the Everywhere Enterprise model is here to stay, with more than 80 percent of employees around the world agreeing they do not want to go back to the office full-time even after the constraints from the pandemic cease. Businesses must now look beyond the immediate challenges faced by the pandemic and plan for long-term growth and sustainability within this new way of working.
This means not just coping with adversity, but leaning into it, taking advantage of the opportunities that it presents. It means being adaptable and open to change, rather than rigid and brittle. Mobile and cloud technologies will continue to play a key role here, ensuring that employees can maintain strong and stable connections to their business and be productive wherever they are – but above all it is essential these technologies are secure.
Security is key to resilience
To fully realize business resilience through technology, companies must protect themselves from its adverse effects. Using technology increases your attack surface, making you more vulnerable to hacks that could incur regulatory fines, lawsuits, and damage to your reputation.
Businesses may feel tempted to reduce cybersecurity budgets during a pandemic, directing all funds to survival, just as a human body going into shock directs all its blood to vital organs.
However, ignoring security is the wrong approach. For the Everywhere Enterprise to be at its most resilient, security must be made a priority. Hackers are already using pandemic-themed sites for a barrage of phishing attacks. They are probing VPNs and collaboration systems for security flaws and launching social engineering ambushes on employees still grappling with new business processes.
Companies learning how to work remotely must also cope with new infrastructure challenges, including supporting work on employee-owned devices that they don't control. We can no longer simply trust people that we authenticate at our firewalls or those using trusted devices inside our networks.
No place for passwords
Neither can we rely on passwords alone. Today, someone using an untrusted device to access an account from outside the network could just as easily be a cybercriminal using stolen credentials as an employee using their own computer.
To solve this problem, we must double down on security and rethink how we authenticate employee access to digital resources. Zero trust security means giving everyone the least possible access until we can prove their identity and assess their privileges, not just at the firewall but everywhere.
To do this properly we must understand five elements. We must know about the device that the person is attempting access from. Is it under our control or untrusted? We must understand the context of the user session. Do they normally access a resource from that location, using that device, at that time?
We must also understand the application that the user is accessing. What data does it offer access to? And above all, we must understand the network that they’re accessing the resource from. A decade ago, most access was from inside the network. Today, with most access coming from outside, employees could be using their own consumer broadband connection or the local coffee shop network. Each network has its own risk level.
Finally, we must understand the rapidly evolving cyber threats facing us today.
Endpoint mobility can help
Secure mobility plays an important part in navigating this new landscape. New forms of technology, such as user endpoint management, enable us to support all devices, including employees' own personal machines, by creating protected work areas. We can support uncontrolled network connections by sanitizing traffic in the cloud. And we can support user access to applications and other resources using multi-factor authentication to eliminate account hijacking.
These measures don't have to come with significant costs. Companies can implement technologies like these to bolster security without ripping and replacing current infrastructure. They can implement them as low-cost monthly services that they can easily absorb as an operational expense.
Now is the time to implement these changes, when businesses are vulnerable and need protection. This isn't a situation that companies can ride out without proper security. Neither is it temporary. Optimizing for remote, flexible work today will not yield the long-term resilience companies need if they reintroduce old working practices after the worst of the pandemic is over.
Today, the biggest threat for many companies is meeting immediate cash flow commitments. In the longer term, your company will face two future threats. The first is the unforeseen event, like another pandemic or natural disaster. The second is the competitor that leaned into adversity, transforming itself to embrace new working conditions, expanding into new markets and launching new innovative products and services. Those companies that embrace and implement changes will be truly resilient and thrive after the worst of the pandemic, by future proofing operations to be best prepared for whatever the future may hold.
Alex Mosher, VP Global Strategy, MobileIron