Sponsored For millions of organisations across the world, the SARS-CoV-2 pandemic of 2020 has turned remote and home working from an occasional event into the only way work is now possible. The abrupt shock of this transformation, which in many cases unfolded within days, is still palpable.
Communications infrastructure built to support modest numbers of home and mobile workers suddenly had to support the entire workforce. IT departments and management have had to rapidly calculate whether they have the resources and processes to support possibly thousands of employees working from their own homes on an indefinite basis, including technical staff themselves.
There’s also an assumption that workers preferred the status quo of building their working lives around the organised identity of the office. The pandemic challenges this perception. Despite the challenges, workers can adapt and even start to prefer the idea of working either from home or living a more hybrid experience than has been the case until now. In that sense, it could be that enforced remote working will simply accelerate a trend that has been underway for some years, that of remote and hybrid office working. This challenges businesses to rethink their approach to home working, making it possible through technical and organisational adaptation.
Remote workforce challenges
A fundamental challenge to overcome is that the home environment is not like that of the office. Many employees will not have a laptop, which initially means they will have to use their own computers to access work resources. Others will lack a quiet working space, or a broadband connection to ensure reliable connectivity. Even employees that tick all these boxes will probably not have all the applications they need to work remotely or will have them but configured for office security policies that no longer work on the public side of the firewall.
Naturally, security and IT teams must expand the capacity and performance of their VPNs and security infrastructure to meet the demand for remote office connectivity. But the bigger challenge is simply supporting the remote user in this unpredictable home setting. This has a technical dimension but also a cultural one that whose complexity it would be easy to under-estimate.
For example, there is a risk that over time employees can become they socially isolated and disconnected from the company and its values. If communication is weak, demotivation and disloyalty can set in, the management of which becomes difficult for team leaders, who themselves are working remotely. In this environment, the communication necessary to maintain transparency and motivation can start to erode. The takeaway here is that increasing remote working is not simply a technical challenge for the IT team - management and leaders must ensure that the technology meets the social and cultural demands of remote working too.
Overcoming this challenge requires technologies that offer a high level of consistency and software integration while not constraining employees because of location. Normally, this presents severe architectural challenges for security and the management of Windows 10 devices, which are traditionally provisioned in a highly centralised manner. Practical hurdles range from onboarding new users and configuring applications to patch management and enabling everyday security settings governing authentication and account security. Attempting to co-ordinate these on an ongoing basis can quickly lead to chaos and the risk of security breaches.
An over-riding principle of remote working must be to keep the user experience as simple as possible by not over-burdening employees with complex setup or configuration. Where possible, being given a new PC, or being asked to configure an existing one, must be hassle free. Fortunately, cloud technology makes such an idea possible while ensuring control.
VMware offers an integrated suite of management systems to ease the path to deploying and managing remote employees built around its cloud products, Workspace ONE, which enables simple provisioning of and access to applications from any type of device, and Carbon Black Cloud, which can protect an entire workforce through endpoint Security-as-a-Service (SaaS).
Through Unified Endpoint Management (UEM), Workspace ONE allows flexible cloud management of Windows 10 PCs in a way that would be a hurdle for traditional on-premises management. For example, many companies are still hiring, but remotely. So “how do you prepare their PCs for their first day and then how do you get these computers to them?” writes Lisa Matragrano, a senior product marketing manager at VMware End User Computing (EUC), in a blog recounting her own experience of drop-ship provisioning.
Traditionally, PC deployment requires costly high touch IT involvement, requiring multiple steps that can cause delays in setup. Drop-ship, or factory, provisioning, enabled by Workspace One, eliminates those multiple steps, starting with physical deployment made possible through integration with major OEM providers. PCs are provisioned with a correctly configured software environment from the first boot in the factory and then, saving more time, shipped directly to the employee at home. The process greatly reduces IT involvement, Matagreno writes, citing a study by Principled Technologies, Dell provisioning with VMware Workspace ONE saves more than a week of IT time per 1,000 devices deployed.
A central facet of Workspace ONE is that it supports multiple operating systems - Android and Apple as well as Windows - in a single digital workspace that integrates with a company’s Active Directory (AD).
Instead of managing each device and application in its own silo, apps are provisioned to any device, including own bring your own device (BYOD) according to an organisation’s access and security policies. From a single console, groups or departments can be given access to every application they need for their work regardless of the type of device they are using. This design also accommodates virtual desktop infrastructure (VDI) where specific applications or the entire desktop environment are virtualized.
Working outside the perimeters of the corporate firewall, remote employees are easier targets for cybercriminals. Should an attack be successful on only a single device, the chances are this compromise will take longer to become apparent. For IT teams operating under pandemic conditions, supporting large numbers of workers in a remote manner turns this from a special problem into an all-consuming focus.
VMWare’s Carbon Black Cloud addresses this reality with a suite of cloud-managed protections, including next-generation anti-virus (NGAV), endpoint detection and response (EDR) able to model and spot anomalous patterns, backed by an auditing and remediation function. Being cloud based, this platform enjoys a single view of large volumes of security events, something that scales irrespective of whether the workforce is based in an office or working remotely.
The principle that knits Workspace ONE and Carbon Black together is that of zero trust security that makes no assumptions about the trustworthiness of the user. In the content of Workspace ONE that means being able to define security policies for applications such as Office 365 with fine control. For example, this might include data loss prevention (DLP) settings:
- Whether users can save as, copy and paste, or back up data
- Under what conditions data should be encrypted on devices
- Whether users can print data
- Which third-party locations data can be stored on
Many organisations implement IT security technologies and policies without adequate regard to usability. This does not make for a great employee experience. But with modern endpoint management solutions, appropriate security measures and good employee experience and security can happily co-habit.
For example, Workspace ONE Access provides visibility into devices through unified endpoint management and security integrations. Workspace ONE Access technology gives the IT team “new tools they can use to make the intersection of security and experience a happier place for employees while maintaining control of data,” according to James Millington, Director of Product Marketing at VMware End User Computing.
Workspace ONE Access is a cloud-based identity broker between the organisation’s other identity providers and stores. ”It’s not just the user’s identity that can be the key. We can combine identity with device information, compliance information, network or location information, and pooled information from other security sources to better enable and secure access, “Millington says.
Using Workspace ONE Access in tandem with Workspace ONE’s UEM and security features, it’s possible to implement a zero trust model that protects sensitive information without compromising user experience. Together, the two technologies solve the key extended-network challenges that plague end users and IT teams.
From the user’s point of view, being remote should be no different to sitting in an office. Applications should always be available, authentication and security should never be barriers, and data protection should sit in the background without becoming intrusive. Logistical challenges remain.. Legacy applications might also need workarounds. But for an organisation trying to adapt to a changed and more remote world, the security and simplicity of integrated cloud services will be a huge step up on the traditional model of perimeter security and client-server.
Sponsored by VMware
Distribute work. Unified IT: