For digital leaders in and outside of IT, the ability to preserve digital value creation during periods of turbulence is imperative—even more so given our unprecedented reliance on digital capabilities. The model for ways of working has transformed significantly over the last 20 years. Still, the COVID-19 crisis and sudden need for universal remote work have quickly exposed some core issues around digital risk management, supported by infrastructure bandwidth and online collaboration tools. In other words, many companies have not yet cracked the code on remote work from an operational and systems perspective. In this blog series, we’ll explore these challenges and their implications for digital leaders.
In part one, we’ll delve into the market context driving remote work, and arm you with the insights needed to chart digital risk management capabilities.
Generational Change Within a Decade
The nine-to-five office desk job is a vestige of earlier labor force constructs, particularly as organizations tap into a diverse and evolving set of digital workforce models. Many companies are a blend of full- and part-time workers, contractors on board for short-term or project-based work, outsourced vendors, and multigenerational employees—from Gen Z to Baby Boomers.
As a result, leading companies are embracing on-site, remote, and flexible working arrangements to accommodate different workforce needs. For instance, 40 percent more employers in the U.S. offer flexible workplace options compared to five years earlier.
The definition of what it means to be “at work” is transforming. Times of crisis like the COVID-19 global pandemic accelerate this evolution, pushing many organizations to more fully embrace remote work. Described by the New York Times as “one of the biggest mass behavior changes that the nation has experienced,” the sudden widespread adoption of remote work amidst COVID-19 will undoubtedly test our infrastructure capacity and capabilities. Comparable disease-related crises such as SARS, H1N1, and Ebola have similarly threatened the health and well-being of business and commerce, but never in this way.
In the six years since the Ebola crisis, the world around us has evolved. The digital nature of work has continued to expand, and today’s knowledge workers are even more reliant on technology to create value. This increased reliance represents a digital risk that must be managed proactively. So, what should leaders in the digital space be thinking about to help preserve business value creation capacity?
Charting your Digital Risk Management Capabilities
As a starting point, the knowledge workforce's ability to operate remotely is vital. And that leads to questions around how best to design and operationalize an action plan. A practical action plan is comprehensive. It outlines critical remote capabilities, associated risks, and areas for related assessment.
The fundamental capabilities to consider as part of a comprehensive remote action work plan include:
- Remote file access: When users are remote, they still require access to files that are typically accessible on a protected network. As we continue moving towards a cloud-based model, the access of data becomes more fluid, and its touchpoints multiply exponentially. As such, we still have to account for the aforementioned file access mechanisms. Yet, we may also need to layer-in geofencing, two-factor authentication, cloud-enabled data loss prevention (DLP), and non-corporate endpoint security to ensure the confidentiality, integrity, authenticity, and availability (CIAA) of data.
- Remote application access: Most corporate applications today, such as ERP, CRM, and Office productivity tools, require little-to-no configuration, as end-users are accessing applications from a cloud-based source. File access via secured pathways is generally handled behind the scenes and unbeknownst to the end-users regardless of their physical location. However, many applications still require protected on-premise access across “fat” pipes. In those situations, there are virtualized application delivery models such as those from Citrix, VMWare, and Microsoft. These solutions also require special attention to ensure that the CIAA of data is properly maintained.
- Remote network access: With the move to cloud-based services and application gateways, our dependency on virtual private networking (VPNs) has substantially diminished. However, it hasn’t vanished quite yet. With a sudden influx of remote users, limited VPN and application gateway resources may become severely strained. There is also backend infrastructure that supports connectivity between cloud and on-premise systems that must be scaled-up to accommodate a sudden increase in traffic. Remote network access must be monitored continuously for health, and a plan should be in place to augment capacity on-demand.
- Mobile device management: The recent transition from corporate to privately owned assets further complicates the landscape and poses a new set of challenges around device management and security. Moving workers beyond the protected boundaries of the corporate network and giving them the freedom of end-user device selection increases the risk of device compromise (and resultant data leaks/losses). As such, mobile device policies must be adopted and actively enforced. Organizations can use mobile device management (MDM) solutions to accomplish this, but it requires foresight and planning as it can limit the productivity of remote workers.
- Remote team enablement: As we move workers out of the traditional workspace, we gain efficiencies in some areas and lose them in others. Gone are the distractions of the office and the lengthy commutes, but in the process, we lose the ability to interact in real-time. Additionally, remote workers tend to adopt flexible schedules, as they are no longer constrained by the typical work hours. So, we invariably need tools that allow for secure real-time communications via text, voice, and video. The tools that workers use in their personal lives are not the most secure mechanisms, and they are challenging to standardize on a specific collaborative platform. Organizations must pay close attention to this virtualized collaborative environment, ensuring that policies exist around tool usage within a standardized (and secure) toolset.
When enabling your organization's infrastructure to flex with the new demands brought by universal remote work, it’s critical to build your remote action plan around the above fundamental capabilities. When doing so, widen your focus beyond operational feasibility and consider how designing your approach around ways of working and the employee experience can help accelerate and maximize the adoption of your new plan across the organization.
In the second blog of our series, we’ll examine some of the critical evaluation criteria for effective digital risk management.