What it could mean for Canadian companies?
It has been over a year now since a large number of Canadian knowledge workers – workers whose jobs involve handling or using information – started working from home. For some of us, it has been a dream come true – we have been able to wake up a little later, save an hour or more per day commuting to the office, and spend more time with family. Others however, miss the daily banter with their colleagues and the sense of a normal routine.
Overall, a lot of Canadian teleworkers workers seem to prefer a hybrid workspace, meaning the ability to work from home some days, and go into the office on others. Based on Stats Canada, eighty percent of current teleworkers indicated that they would like to work at least half of their hours from home once the pandemic is over.
Canadian companies are embracing the future of the hybrid working schedule and giving employees a choice in whether they have to return to the office. Deloitte Canada has already announced that they will give their staff total flexibility over where they want to work post-pandemic, and many companies are following suit. What will the hybrid workplace mean for Canadian companies?
The ability to source more diverse talent
Companies that give employees the flexibility from working from anywhere they’d like – office or home – will have the benefit of being able to recruit and hire the right talent from different cities or provinces in Canada, or diversify even further by recruiting globally. The benefits of expanding your talent pool outside of your city can include cost savings, hiring faster and diversification.
Less office space
Many companies will find that they will be able to fit their staff in half of the space they once used. Companies may start to lease out their office space, which will provide them with more capital to inject into other projects.
These companies may move away from traditional assigned offices and workspaces and focus on collaboration rooms where employees can come and go when they need to work from the office. Telus has announced that they will be incorporating a mix of coworking spaces, collaboration rooms and wellness stations as they give employees freedom to choose where they can work from.
A focus on Cybersecurity
Companies will need to focus on privacy and cybersecurity now more than ever. With the majority of employees working remotely, legal and private documents that normally would have been handled in person are being scanned and signed virtually. With the rise of DocuSign and similar software, paper copies have become a thing of the past in many organizations.
With a permanent shift towards remote work there exists a concern for how data is being accessed and stored. Companies may need to invest more in Cybersecurity infrastructure to ensure they remain privacy compliant for their clients, protect their employees and prevent data leaks.
The pandemic shifted our perception of what an office job should look that. One thing is certain; and it’s that remote work is here to stay for the majority of Canadian companies. Companies need to adapt and remain flexible to remain competitive and viable as they navigate through the new normal.
By: Joanna Ambros, MBA
By Paolo Del Nibletto
Most channel partners are happy to put the 2020 year in the rearview mirror and concentrate on new money-making, customer-satisfying strategies for a post-pandemic world. As this group starts to claw their way back to what business was like before the pandemic, the impact of COVID-19 and the subsequent lockdowns are still bringing serious challenges to channel partners in North America especially when it comes to data protection.
If there is one thing business has learned from the COVID-19 pandemic and the many stay-at-home orders from governments is that it has put a major strain on business continuity. It has also made the IT department reach new levels of anxiety as so many of its workers are now remote.
As the business world settled into this new mix of remote and workplace operations in 2020 and 2021, they began to put serious thought to modernizing its data protection plans. There are five main reasons for this, according to Veeam 2021 Data Protection Report, are:
The acceleration of cloud.
Modernization of IT environments.
Loss of data/failed backups; and
These five factors have led to many channel partners seeking new ways to modernize data protection in a post-pandemic world.
Dave Russell, vice president of Enterprise Strategy at Veeam, (the co-author of the report along with Jason Buffington, Veeam’s vice-president, Solutions & Product Strategy) pinpointed ransomware along with overall cybersecurity as top priorities for CIOs in a post-pandemic world.
“CIOs are looking for features and solutions that can overcome ransomware. At the end of the day, we are not a security company, we have hired a CSO, but it is fair to say the everyone in the data centre and everyone in the company has a role to play in security, but if you think about the greatest security vulnerability it is with the employees and fishing attacks,” Russell said.
A modern data protection approach, Russell suggests, must have best practices around digital hygiene.
Digital hygiene, Russell adds, is not specific to Veeam but can include items such as creating different passwords and separation of key resources and data on different networks so not everything can be compromised or access at the same place.
“Cybersecurity would still be a concern even without the pandemic. IT is still scared about cybersecurity because they do not know what the threats look like and how they evolve and change. In a post-pandemic world cybersecurity jumps to the top,” he said.
If there is another reason beyond the five mentioned for developing a modern data protection strategy in a post-pandemic world, Russell believes it is digital transformation. COVID-19 has had a dramatic impact on digital transformation. According to the Veeam 2021 Data Protection Report, there was a massive increase in digital transformation speed in 2020, with 54 percent of organizations accelerating their digital transformation plans. Meanwhile, organizations already into their digital transformation journey ramped up their investments in this area. For example, 91 percent of organizations in the first few months of the pandemic increased cloud services usage in support of the many remote workers that were now in their midst.
Russell commented about an intersection of digital transformation that occurred in 2020, where some put their heads in the sand and took a pause because of COVID-19, while others saw it as perfect timing to “double down” on digital transformation.
Modern data protection does have a major role to play in digital transformation as it improves the overall data connection, accuracy, capture and protection. “And it surfaces up data to the cloud for sharing. We know that digital transformation will be backed on data and so it has to be protected.”
DRIVING THE RIGHT OUTCOMES
The ultimate outcome for business is to ensure peace of mind. Russell speaks to building confidence in an organization to deliver data at any time, any place and on any device. Currently, the spend on backup and data recovery versus cloud and SaaS solutions has a seven times gap. But the heightened state of ransomware in the wild has now made modern data protection a board-level discussion. From Russell’s experience, approximately five percent of data has been recovered. “The situation could become worse,” he said, “if they never had to recover their systems.” The issue stems from the IT team knowing there is a problem, but the business side not being up-to-speed. “There’s an old joke. What is your DR plan? It’s an updated resume,” Russell added.
HOW DO YOU GET THERE?
Russell envisions organizations making high probability type bets, as stated earlier in this article, ultimately prioritizing defending against ransomware. “That’s the big disaster other than a hurricane.”
One area is data protection-as-a-service or DPaaS for managed services providers in the channel community. Another is Disaster-Recovery-as-a-Service or DRaaS. Both offer the ability to reduce IT costs while providing always updated solutions and peace of mind knowing that disasters can be averted.
A best practices approach can certainly work in this area especially for enterprise backup for physical and virtual servers. One thing to look for is a solution that is purpose-built with an onsite backup appliance and secure replication to the cloud. By implementing this type of as-a-service solution organizations will get the benefit of leading-edge technology, data deduplication, encryption, cloud storage and multiple retention capabilities.
Before the COVID-19 pandemic and subsequent lockdown, IT budgets were on the rise. According to a Spiceworks’ State of IT 2020 Report, IT budgets were rising as businesses began to replace outdated technology to the tune of 44 percent, up from 38 percent previously in 2019. The survey results were based on 1,000 IT professionals interviewed throughout North America.
The Outlook for 2020 and Beyond
But that was then, and this is now. Those same budget drivers are now held into question because of the economic realities brought upon us by COVID-19. Many technology leaders were forced into survival mode and asked to review non-essential IT spending to see if those actions could be deferred, altered, or eliminated. A new study from online research firm Pulse Inc. found that 23 percent of CIOs have had their budgets frozen, while 20 percent saw a significant cut of more than 10 percent. With this sudden cut to their budgets, they had to make every cybersecurity dollar count quickly.
Several organizations have turned to the essentials, virtualizing their company’s applications, securing connections through Virtual Private Networks and locking down permissions. However, now that companies are through the pandemic’s initial panic, leaders need to see where they can fill the gap with affordable but effective solutions. Gartner Research predicted that more than 40 percent of employees plan to work away from their offices post-COVID-19 pandemic. Lawrence Pingree, Gartner’s Managing Vice President, said some security segments benefit this new future, such as cloud-based offerings and as-a-service subscriptions.
So how do I make our Cybersecurity Dollars count?
There are two areas IT leaders should look to for affordable and effective cyber security solutions during this time in lockdown:
Email Security & User Training
Since most attacks are delivered through email, remote workers will be vulnerable to spear phishing, ransomware, and other emerging threats. Protecting inboxes with a simple, low-cost monthly solution that protects against these threats is essential. However, the risk of data loss and legal compliance are to be of concern as well. Several companies offer solutions in this area; however, be wary of long contracts and pricing agreements determined by user count, since this will most likely be changing throughout the next while. Users must also be trained to keep an eye out for suspicious emails since a lot of devices still aren’t fully managed. Your users will be your first line of defence in an endless uphill battle. There are several free and paid solutions out there to get your users trained.
As companies rush to equip remote workers with technology to continue their work away from the office, IT leaders should not forget to secure endpoints connected to the network. This is one area of the IT budget that cannot be left behind as each Endpoint can be opened by hackers and exploited. There are several solutions out there to protect endpoints, but companies should focus on solutions that are fully managed and automated to reduce the risk to their company and reduce costs. Also, one thing to consider when looking into endpoint security is encryption of their devices. Jolera talks about this in further detail in our article “3 Ways to Secure Remote Workers for the Future”.
The thing to note is that there are several solutions out there in the market to protect your organization. However, careful consideration needs to be taken as the new normal is trending towards remote work. This means that these solutions aren’t band-aids but permanent solutions to help transform your organization.
Jolera has multiple affordable but effective solutions for partners to distribute to their clients worldwide. These solutions are built with remote workers in mind. Our services like Secure IT Mail and Secure IT Endpoint can be deployed quickly and scale to the ever-changing business environment as companies reduce users and gain new ones. These solutions are integrated into our sophisticated Security Information & Event Management system (SIEM) and are monitored and managed by security specialists in our 24x7x365 Security Operations Center.
Now that workplaces around the world are – more or less – functioning under some combination of remote work tools, a new set of security challenges has manifested itself. Cybersecurity risks like phishing scams, man-in-the-middle attacks, ransomware, evil twin attacks, passive sniffing, and many more cause even more sleepless nights for IT personnel tasked with maintaining their company’s security. But there might be light at the end of the tunnel with the concept of ‘Zero Trust’.
What is Zero Trust Security?
The Zero Trust concept focuses on the idea that an organization systematically refrains from automatically trusting anything inside or outside its perimeters. It might seem at first like this isn’t a great idea, but it is the foundation on which traditional security and access have been built. With a Zero trust strategy in play, everything must go through a rigorous verification process before any connection to its internal networks and programs can be permitted.
According to Charlie Gero, CTO of Enterprise, and Advanced Projects Group at Akamai Technologies, quoted in a 2018 CSO magazine article: Zero Trust boils down to “do not trust anyone.” In a nutshell, a Zero Trust solution creates “trust zones” that continuously identify, test and authenticate devices or users whenever they try to access resources on the internal company network. In a Zero Trust scenario, a hacker is barred from taking advantage of vulnerabilities.
Zero Trust was created by John Kindervag in 2010 when he was a principal analyst at research firm Forrester Research. Kindervag was part of Forrester’s security and risk team when he developed the Zero Trust model to expose the myth that internal networks were safe. One of Kindervag’s examples of how internal networks were vulnerable was with the American National Security Agency (NSA) whistleblower, Edward Snowden. Snowden had unfettered access to internal systems and stole classified documents, Kindervag said during a security roundtable hosted by Palo Alto Networks. Kindervag currently works for Palo Alto Networks. Snowden, as an IT contractor, did not ‘game’ or cheat the system. He simply used the access the (fundamentally flawed) system granted him.
Besides the Zero Trust strategy’s apparent data protection gains, one of the most significant benefits of the concept is that organizations can provide remote users with protected access to their organization’s applications with confidence. The converse applies equally, too – organizations can shut down access in a similarly efficient way.
An added advantage to Zero Trust is that organizations can significantly reduce the load on the VPN. It also increases the speed and ease of access to data, since Remote Desktop connections slow users down. During this COVID-19 pandemic with so many individuals working remotely, this could be a reliable solution to ease the stress on the system.
Zero Trust Deployment
Zero Trust may sound like an ideal solution during COVID-19 however, it is not an easy solution to implement. Organizations must adjust their IT budgets to accommodate a Zero Trust strategy since their current infrastructure may not be ready for it. A potential weak spot for Zero Trust maybe when a workforce uses personal computer equipment for business. The lack of endpoint security on those devices may trip up a Zero Trust environment. This will inevitably leave workers defenseless against a cyber-attack opening vital data to theft. However, solutions like Mobile Device Management facilitate a greater degree of control and will go some way to achieving a more secure position. These solutions, provided by Microsoft or JAMF, for example, solve this by automatically managing devices and deploying endpoint protection and encrypting the machines and assessing the devices for conditions of compliance before enabling further access.
Regardless if we’re in the middle of a pandemic or not, it’s never too late to get started formalizing a plan for Zero Trust. Implementing Zero Trust will take time, but organizations should consider starting with isolated trust zones, developing a pilot program, and selecting essential organization applications for remote access. As always, Jolera is here to help our partners on the journey to Zero Trust with our professional services and managed services like Manage IT and Secure IT Endpoint, offering 24/7 security and uptime for an organization’s environment.
The COVID-19 pandemic has disrupted our global economy and forced businesses to change the way they operate. The evolution of this virus and its socio-economic impact has made it difficult for many businesses to adapt their operations. However, through it all, Jolera has managed to maintain consistent and successful operations. We asked Jolera’s very own Chief Operating Officer, Manish Govindaraj, how the company managed to adapt and thrive during the global crisis while staying true to its people-first core values. Manish describes his team’s approach to enacting the company’s Business Continuity Plan (BCP), as well as their coordinated return to work strategy.
“For a business to continue operating under these situations of duress or crisis, you have to have an active and tested Business Continuity Plan. For us, as a SOC II Type II certified entity, we have been testing our BCP on a quarterly basis, not just because SOC II demands it, but also because it’s good business practice.”– Manish Govindaraj
According to Manish, the organization’s transition to remote operation meant balancing the safety of employees with the ideal productivity levels necessary to satisfy customers’ expectations. With hundreds of staff members operating globally, Jolera was identified as an essential service and aimed to “challenge ourselves to provide a seamless experience to our customers, as if nothing had changed,”. With hundreds of channel partners, thousands of end clients, and such depending on their services, company stakeholders recognized the importance of honouring commitments to both customers and employees alike.
“We are a true 24/7/365 entity, and that had to be held true while we were remote with all of our staff members. At the forefront of all of this was the importance to keep our employees safe, and as a result, keep our business safe.”– Manish Govindaraj
The company made the transition to total remote operation at the beginning of March, even before the government of Ontario declared a state of emergency. “We acted early, reducing the risk of exposing our staff members to the virus at the workplace; that was very important to us,” Manish reflected. In the best interest of employees, Manish led the initiative to remote operation with Jolera Inc’s Pandemic Response Team.
Together, they identified four key aspects to protect their people and their business:
1. Keep everyone safe
2. Deliver on customer mandates
3. Ensure operational security
4. Build a stronger Jolera community
Once employees safely transitioned to remote operation, the company introduced rigours to maintain and further improve productivity. Manish reported, “Through daily active management, collaboration and transparency through better reporting, we saw a Jolera community bond even closer together and a total rise in productivity.
As government-mandated restrictions began to ease around the world, businesses once again were challenged to transition their operations and safely re-open their doors. Before building any plan to re-open, Manish’s main objective was to create a sense of normalcy for workers in the physical office. With this goal in mind, Manish teamed up with Jolera’s Pandemic Response Team to build and execute a re-opening plan.
“We kept it somewhat simple. If you look at the government of Ontario’s plan, there are multiple phases, and we just distilled it down to two phases. In Phase 1, we begin operating our offices with a limited number of staff per location. This was to test physical distancing and safe practices at work. We did not put a number or target into play, simply because it was an elective approach where employees chose to be part of that phase and wanted to join back in the office. Phase 2 is going to be about returning to a sense of normal in alignment with guidance from our government.”– Manish Govindaraj
It was essential, to Manish, to source information from reliable government agencies when making decisions about opening the various offices across the globe. “Because we are so spread out and geographically dispersed, we had to factor in the diverse needs that existed based on where we were located geographically. The reality in Porto, Portugal, is very different from that of Toronto, Calgary or even Winnipeg.”
In addition to geographical diversities, local considerations unique to each building or operating site also had to be considered. Manish identified challenges associated with each operating site; “We needed to coordinate with building security and building management to ensure that our people could come in and start working.” Although prerequisites such as PPE, cleaning equipment and sanitization requirements were identified to ensure the offices were equipped to operate safely, individual employee considerations also needed to be accounted for.
“We made the decision not to include people who relied on public transit during Phase 1. Instead, we chose a subset of employees who would drive into work to limit their exposure to the public.”– Manish Govindaraj
Taking all of these factors into account, Manish identified, “the most important thing was to start building confidence among our people that we’ve taken the right actions in order to re-open our offices in a limited capacity.” Open communication and reviewing the plan with department leaders gave staff a full debrief of all the considerations that had been factored into building an executable return to work plan. Physical distancing and other new behaviours at the office have since been adopted to ensure that people are kept safe.
“When COVID-19 started surfacing as a distant threat, there was a lot of media hype about what it was, what it could be and where things could be heading. The narrative was morphing every day. As a leadership team, we agreed that we would look to government agencies and sources from within the governments of where our offices are located to guide our decisions and actions. We’ve been monitoring all of those sources for direction on what we needed to do relative to every point in time throughout this crisis. Whether it was before we invoked our BCP and Pandemic Plan or as we continue to monitor our evolving coordinated return to work plan, one size does not fit all – we had to tailor our plans according to the information that we were getting from the different government agencies.”– Manish Govindaraj
Manish credits Jolera’s readiness and resilience to the immensely talented and committed people within the organization.
“We had the comfort level going in [to remote operation] that our people can perform well remotely. We have a great team, and we have the right oversight and collaboration mechanisms in play. The team came together; they just fell right into the groove and delivered on their mandate. Overall, we are delivering on all the things that we need to deliver on, keeping both our customers and our teams satisfied.”– Manish Govindaraj
Many businesses have transitioned to a new operating model and are beginning to accept this new normal. With all the challenges facing our world today, one can assume that things will be different for a while. Organizations have begun to mobilize their workforce, and remote-work capabilities are becoming more flexible. Gone are the days when workers were tethered to a dedicated desktop and seated closely amongst their peers.
What does this mean for the security of organizations?
With an increased number of employees working off mobile devices such as laptops, tablets and mobile phones, users will often connect to unsecured networks to access work files. Without proper management of mobile devices, users are vulnerable to malicious attacks, and threat actors are ready to take advantage of this situation.
Here are three ways to help protect your remote workers and secure your organization’s data
1. Device Level Encryption
For many years, encryption has been a standard practice to help protect sensitive data from prying eyes. However, not all devices have device-level encryption settings turned on as a default. If you are an organization that is beholden to compliance, encryption helps to meet those requirements. With added endpoint security, you will have device management, centralized deployment, policy administration, and audit reporting capabilities for all devices associated with your network. This means that if a remote worker’s device becomes compromised, your company’s sensitive data will remain safe, and the infection will be isolated from the rest of your corporate network.
2. Managed Security
Security applications and devices, such as firewalls and Virtual Private Networks (VPNs), are an integral part of any layered security environment. Although these systems generally prevent unauthorized access to and from your network, the virtual alerts and threat identification that they provide usually remain unmonitored. To be effective, remote workers need to have confidence in their data protection systems when signing into their respective networks. Having 24/7 managed security affords your organization a more vigorous defence against potential threat actors. With Jolera’s layered managed security approach, your organization will have real-time alerting on threats filtered through our Security Information Event Management (SIEM) system. In addition to automated protection, live agents will analyze and remediate these threats through our Network Operations Centre (NOC) and Security Operations Centre (SOC).
3. Mobile Device Management
Mobile device management (MDM) enables organizations to ensure its remote workers’ data is always protected. The great thing about MDM is that it can integrate with services such as Office 365 and the Active Directory to control who has access and what they have access to within your network. MDM solutions also provide the ability to set rules and configure settings on personal devices to allow users to securely access company data and networks. MDM can deploy and authenticate apps on devices, both on-premises and remotely.
When deployed properly, MDM can increase the security of devices tenfold by pushing certificates to devices that are in the field, while preparing reports on these users and their devices for compliance purposes. It can also remotely wipe the device if it’s found that the device has been lost or stolen or deemed not in use by the organization.
Each of these security layers can help to protect sensitive data from breaches and threat actors. Managing a remote IT environment means that organizations require a 24/7/365 approach that includes monitoring, support, troubleshooting, maintenance, reporting and asset management for all end-user devices. The need for remote support and network security has become an essential part of business operations.