In many companies, the majority of employees have spent the last 18 months working from home. Back in the early days of the pandemic, the sudden need for staff to work outside of the safe confines of the company network was a challenge for many IT departments. After an initial battle to establish secure and high-performance remote connections to applications and data in multi-cloud environments, data centers, and on company servers, this technological landscape has gradually become the “new normal”. Now, the flow is slowly starting to reverse, as employees head back to the office— exposing a host of legacy technical issues and stop-gap solutions in the process.
Redefining the new normal
The technical “hangover” from the lockdown era includes virtual private networks (VPNs), remote desktops, jump boxes, and other hastily implemented solutions that were urgently needed to satisfy the need for connectivity. These solutions redirected data traffic for users or modified endpoint configurations for updates and infrastructure services, in some cases rendering them completely inaccessible on the company network. Although useful at the time, these rapidly rolled-out transitional arrangements increased risk and costs in company networks. To avoid exposing themselves to serious security risks, companies must now evaluate their infrastructure and re-assess the attack vector created by their legacy tools over the past few months.
Companies should not fall into the trap of viewing the return to the office as just another step towards restoring normality. It would be a fatal error to ignore everything that has happened since most of the workforce departed from the office. Alongside the fact that staff will have become accustomed to increased flexibility and a better work-life balance while working from home, many employees will also have realized the advantages of high-speed internet, virtual meetings using Teams or Zoom, and SaaS solutions. Therefore, they will expect the high performance of these collaborative tools and cloud environments to be maintained when and if they return to the office. Many employees will also be looking to switch to a hybrid working model in which they can opt to work at home or in the office with seamless transitions between the two IT spheres.
Returning to the new normal
These developments all create new challenges for IT departments, who will need to identify and implement secure, long-term solutions. Their first task is to check the data paths against the available bandwidth. The use of collaborative tools and video conferencing will generate real-time data traffic in the company network, and employees will be using cloud-based applications much more than they did pre-pandemic. In the office, employees will expect the same audio and video quality in real-time and will need access rights to the applications they used while working from home. Company networks that are based on a traditional infrastructure and dependent on on-premise components will need to subject their bandwidth and transmission capacity to some serious testing. In light of all this, we have put together a list of requirements that IT departments can use to prepare for hybrid working:
1) Consistent working environments: When employees return to the office and log into their workstations to attend video conferences and access cloud-based applications, this should not present a challenge for the IT system. One way to establish a hybrid working model is to adopt a cloud-based zero-trust approach that combines the demand for connectivity with the need for security. Working directly via the internet from any location helps to avoid latency issues, while security in the cloud keeps employees secure regardless of where they are located. Network access is replaced by a rules-based model at application level.
Regardless of where the user is when they access their applications, the same rules apply. A cloud-based zero-trust approach removes the need to provide different IT security environments for remote and on-premise access and reduces the administrative burden, too. Zero-trust access uses rules and context to continually verify access rights to applications, allowing employees to work from anywhere. Employees can be connected directly to their services and apps, which remain invisible online throughout—enabling companies to reduce their vulnerability to attack.
2) Network capacity planning and performance monitoring: If just one employee attending an office meeting is working from home, a high-quality video conference will need to be set up to allow that employee to participate remotely. With this in mind, IT teams must think about how they can scale their infrastructure to make it easy for employees to connect and to provide the necessary amount of bandwidth. Even if uptake for hybrid working is relatively low, this model will significantly increase the volume of audio and video data traffic in the company network. If the employee suddenly can’t get the data quality in the office that they are used to at home due to a lack of bandwidth capacity, employers will be faced with a problem. High-performance connectivity is now a minimum requirement that employers must fulfill to keep employees satisfied.
Performance monitoring of network quality is one way to address this challenge. IT helpdesk employees all dread picking up tickets from employees complaining about poor audio quality in their video conferences. User experience problems are generally highly visible and disruptive, but difficult for the IT team to isolate because of their temporary nature. The data required to identify the issue has never been readily available or summarised in a format that would enable IT to track down the root cause of the transmission problem and optimize performance.
Modern solutions for digital experience monitoring are capable of continually recording and monitoring data from unified communications as a service (UCaaS) providers, such as Microsoft Teams or Zoom. They help to solve issues by linking these values to the network path and end device metrics collected during a Teams or Zoom meeting. If a user reports a poor video conference experience, an integrated workflow helps to check the metrics for call quality, network details and endpoint details and to determine the root cause of the problem—which could be anything from a Wi-Fi issue or high internet service provider latency to high central processing unit usage.
3) Clean up legacy technology issues: During the pandemic, companies were forced to hastily expand their infrastructure and develop solutions that would enable employees to enjoy a stable connection between their home office and the company network. In doing so, they often skipped the time-consuming control processes that these kinds of improvements would normally entail. As a result, companies now need to work through the legacy issues that this approach has created. When employees return to the office, action is required to ensure that these legacy issues don’t become a security risk.
Once a company has realized that it needs to re-evaluate its technological landscape, it will need to start thinking about all the technologies that have been activated over the past year and a half. Using a traditional risk and control mechanism as a starting point, it must re-assess all the network components that have been modified in the last 18 months. A crucial element of this assessment is a look at the company’s own ecosystem on the internet. Which parts of the company’s infrastructure are visible online without needing to be, and does this present a potential security risk? Companies should feel emboldened to re-evaluate their services and take any information that they do not need to expose offline. As part of this process of dismantling problematic technological legacies and general analysis, companies can also begin to redefine the future roles of their entire infrastructure based on the hybrid working model requirements.
Among these requirements is universally secure access to all external and internal applications from any location, based on the principle of least-privileged access. It is also critical to prevent lateral movement within the ecosystem. Access rules should follow the user and be implemented in a way that guarantees identical security provision regardless of the user’s location. The IT department must have an insight into all employee data streams to fulfill its control function.
Combining security and user requirements
The task of IT now is to replace hastily implemented workaround solutions with robust concepts that support both conventional and hybrid working models via a secure and scalable infrastructure. If employees find themselves dealing with a reduction in the performance, they have become accustomed to when they make their long-awaited return to the office, the transition will be met with reluctance. In the worst-case scenario, employees will not be willing to give up the freedom to choose where they work and may turn their back on companies that don’t want to accommodate new working models. The provision of high-performance infrastructure will become a selection criterion for employees—and a key differentiator in the “war for talent”.
Nathan Howe, VP emerging technologies, Zscaler