COVID-19 has unleashed unprecedented change on our work cultures. When companies closed their doors, millions of employees were sent home to work. To make sure workers had the tools they needed to stay connected and productive, security teams swung into action. Slack, Zoom, Google Drive and other collaboration apps — if they weren’t already part of a work culture — were rolled out en masse. Suddenly, security was on the hook to manage data risk beyond traditional company perimeters and do it at scale. So what does this “new normal” mean for security teams?
We asked the Code42 security team about the changes they’ve seen and what they think the future of work might look like.
The endpoint will continue to rise in importance.
Nathan Hunstad, principal security researcher and engineer
“I think we are going to continue to see an increase in routine remote work, which makes traditional perimeter security tools, like web proxies, firewalls and network-based IDS less valuable. Visibility into the endpoint and user activities on the endpoints, wherever they are located, is much more valuable now.”
Cloud collaboration tools are here to stay.
Todd Thorsen, director, information security, risk management and compliance
“I see the continuation of work-from-home as being more common-place and sustainable. Some companies that were not open to remote workers before the pandemic will keep employees in permanent remote positions post COVID-19 (or at least allow the option to employees where it makes sense). The other thing I think about is that organizations that were averse to cloud adoption in the past are likely implementing cloud collaboration tools now out of necessity. If organizations see the benefits of these tools, they will continue to use them as part of a ‘new normal.’ With the shift to the cloud, organizations are no longer just protecting the ‘Castle.’ Their risk footprints have changed so they need to be able to monitor and protect organizational data whether on or off the corporate network.”
Security will join forces with HR.
Michelle Killian, director, information security
“Organizations will continue down the path — whether planned pre-pandemic or not — of creating more collaborative work environments. When vetting tools for implementation, we’ll not only consider the technological, security and compliance requirements, but also engage more with Human Resources teams to look at the collaborative benefits and requirements that they have for employee engagement and satisfaction.
Also, I believe a tool like Code42 can become more useful for understanding what user training might be needed and for keeping a general pulse on the organization. If more employees choose to work remote even part time when offices open up, we are going to lose the benefit of person-to-person interactions. Situational awareness (gaps in knowledge, tool use/misuse, etc.) that was often gained through person-to-person interactions, especially with onboarding new users, can be uncovered using Code42.”
New data streams will shine a new light on data privacy.
Peter Lukas, manager, security architecture
“‘Anecdotal visibility’ into the computing habits of remote workers will continue, even as people return to the office. The technology that enabled individuals to work from anywhere (their homes) during the pandemic may continue to provide streams of individual activity data to their company’s IT department. Information Security, Human Resources and Legal departments may soon find themselves balancing the security, privacy and retention methods of this collected data.”
Creativity will be even more influential in training remote workers to keep security top of mind.
Chrysa Freeman, information security program manager
“As with many things, we don’t realize how great it was until we lose it and that holds true for how we stayed connected to our fellow employees when we congregated at the office. Where we once were able to just tilt our head or walk down the hall for a coffee, we now need to hit buttons, make sure we look good on camera and set up time to connect virtually. The cliche ‘water cooler chatter’ is gone and organizations need to find a way to replicate it digitally.
This new work-from-home environment is going to be a challenge for security awareness professionals because the employees we are trying to influence to make our companies more secure are now sitting alone and may feel less and less connected with each other and the corporate culture. We’re going to need to be more creative to understand our audiences, and send the right security messages at the right time, ensuring they are meaningful and memorable. Slack and Zoom have been key for me. Video instead of a phone call may be uncomfortable for some folks but if it is recommended by leadership, video can create a bridge between the watercooler and our new digital lifestyles. Tools like Slack allow coworkers to stay connected with not only work projects, but also hobbies, humor and other water cooler topics. If your company is adapting new collaboration tools, security needs to be involved, not only in the set-up, but also in finding ways to insert security communications where they’ll get the most attention.
As we settle into our new work-from-home routines, communication has never been more important — from executives to managers to peers. We need to find the right balance with our security communications — upping our game to stay connected but being cautious not to over-communicate, which could lead our employees to tune out. We may also need to adjust our tone and any images we use to make sure they still feel relatable in this ‘new normal’.”