As a growing number of companies move toward a more remote and distributed workforce model, many find themselves in a tradeoff: the overhead saved by reducing or eliminating centralised offices comes at a cost of greater risk to their IT security. With workers on the go frequently tapping into public, unsecured hotspots with a wide variety of portable devices, keeping the network and those devices secure is a major challenge.
At Pernod Ricard, we’ve seen these problems first hand. With already about 30 per cent of our nearly 19,000 employees working remotely, we’ve recently undertaken an initiative to expand this flexible policy, offering more employees the opportunity to work from home. As a result, remote users are now about 40 per cent of our total workforce.
As the number of remote machines grew, so did the stack of service desk requests. When those end-users needed IT support, it was often difficult for the service team to gather the necessary information to troubleshoot and resolve problems. The IT team was typically forced to contact the end-user to gather information about their system before we could update, patch or resolve issues. If the user wasn’t available, this delayed resolution, and even if they were, the interruption made the whole process inefficient for both our team and the end-user.
At the same time, protecting those assets became a bigger challenge. Sometimes remote machines are connected to the network for only a brief period before the user disconnects, closing the window on group policy management and CMM access. Maintaining visibility over each machine’s configuration, update status and installed software was becoming nearly impossible. When we did get access to the machines, applying upgrades and patches consumed too much time and resources, interfering with employee productivity. They simply didn’t want to have their machines taken out of commission for maintenance when there was work to be done.
We were not alone in this battle. According the Getting Your House in Order report by 1E, nearly 77 per cent of IT professionals say remote work will continue to be a security concern until their company figures out how to efficiently reach, patch and secure remote machines. The lack of remote control likely explains why over 60 per cent also say migrating remote workers to Windows 10 has been a challenge, despite it being widely accepted as more stable and secure than its predecessors.
From a management perspective, we recognised that there would never be enough resources, time or talent to combat this problem with a human touch. To resolve this, we turned to automation tools that have completely transformed our maintenance, patching and system configuration retrieval from a manual, time-consuming effort into an automatic, streamlined process.
Five steps to balance IT security and worker productivity
By implementing the Tachyon endpoint detection and monitoring solution, we’ve been able to accelerate service response and endpoint updates to keep our remote users and our network running smoothly and better protected. Here’s how an automated solution can help any organisation balance IT security and worker productivity:
1. Gain endpoint visibility. With our automated system, we can query the broad asset landscape of individual devices to gain configuration data in a matter of minutes. This lets us see which systems are out of date and which software is installed so we can spot opportunities for patching and upgrades. For example, we recently deployed BitLocker to encrypt all of our endpoints. Using Tachyon, we can see which machines have this encryption properly enabled, and which need our attention. With thousands of endpoints, each potentially running hundreds of pieces of software, this kind of granular visibility would be absolutely impossible without an automated platform.
2. Speed deployment of solutions. By understanding endpoint configuration, we can deploy OS patches and software upgrades quickly, to get them on the machines that need them most as a top priority. We can also time our deployment to take advantage of better bandwidth availability for delivery of large update files.
3. Accelerate troubleshooting. Now that we can instantly query a system for configuration data, we’ve eliminated the need to contact end-users to gather this data. In fact, we can even gather this information when the machine is rendered unusable due to a software glitch. For example, when we developed an issue with a font deployment that sent a number of our laptops into a black screen, users were unable to log on to even access troubleshooting resources. But, because the devices were still connected to the network, Tachyon gave us access to the data to help resolve the problem in minutes, once we identified the root cause.
4. Reduce interruptions. With automation tools, IT security teams can find out the information they need without having to contact users.
5. Manage resources. With the ability to see resource capacity on each endpoint, we can be mindful of CPU and other performance metrics when selecting tools, or upgrade hardware appropriately as needed. This allows us to give end-users the productivity software they need, without slowing them down by overtaxing their machine’s capability.
With the cybersecurity landscape continuously changing, and new threats emerging daily, developing IT security policy and procedures is only half the battle. The real protection happens when an organisation can implement solutions that give them a tactical advantage in securing their most vulnerable assets—remote endpoints. By deploying an automated endpoint monitoring and remediation solution and coordinating communication between IT security and operations teams, companies can gain a leg up, while also meeting end users’ needs for productivity and performance.
Ivan Jaramillo, IT Director, Client Support Services, Pernod Ricard
Image source: Shutterstock/Vasin Lee