Remote work and governance: 3 ways to maintain visibility, control costs, and stay secure
COVID-19 imposed a schedule unlike anything seen in the modern era. Technology changes to support widespread remote work had to be nearly instant — often mostly or completely circumventing the tried-and-true, well calibrated change management processes most organizations have spent years refining.
With change advisory boards, architecture review panels, and technology steering committees largely sidelined, adapting on the fly has been tricky. Organizations are encountering a wide range of logistical, security, and cost ramifications they haven’t previously had to consider — making sure employees are signed up for services they need or confirming their logins work with Active Directory; identifying exposure in terms of security, data protection, and regulatory and legal compliance; containing the explosion in use of cloud services; and determining how adding licenses will impact the budget in the short- and long-term.
The way organizations address these challenges could have lasting and potentially costly implications. That’s why every organization working from home needs to start by taking a hard look at the current state of your environment as well as your processes and procedures.
Here are three steps to take now to ensure governance, reclaim compliance, and control spend both now and in the future.
1. Put together a leadership committee
The first thing you should do is put together a leadership committee for handling security and data protection issues. These are two of the more pressing issues right now: Data is moving off premises more than it ever has before, and security practices may not have been designed to accommodate the volume and type of users signing in from home networks.
The committee should be made up of individuals representing legal, internal governance, security, and data protection. Members should have executive sponsorship from the CIO, CTO, or another business leader who has the authority to make and enforce important decisions as they arise.
This group should be documenting where data is going, making sure any movement complies with regulations, and staying on top of asset management. This will give you greater visibility into your current environment. Documentation is key. It is far too easy to emerge from an emergency situation without a clear understanding of what has happened and what steps are needed to ameliorate the negative effects.
Once this framework is in place, your committee can delegate instructions to groups with the expertise to handle the day-to-day activities.
2. Implement universal work-from-home policies
If you jumped into this situation without existing work-from-home guidelines, employees might be making their own rules. For example, many have taken it upon themselves to download any tools and services they require to get their work done.
But if you haven’t yet developed universal remote work rules, you should do so as soon as you can. These requirements will be different depending on the organization. A department of defense contractor and a retailer aren’t going to have the same requirements. But there are still high-level guidelines that can’t be ignored.
With your regulatory requirements in mind, determine what employees need to be productive and what you are legally allowed to use as an organization.
Standardize the permissible tools. For instance, employees looking to collaborate might turn to a variety of options – some use Zoom, others use Microsoft Teams. Vet the tools and determine which is most secure and follows other policy requirements, then set a policy for what employees should use. Where proper procedures are not followed, be sure to have your technical staff address those issues.
3. Plan for how your current spend will impact your future business
Large force changes like this tend to become sticky. Oftentimes, they create problems that companies never get around to fully resolving.
COVID-19 may force you to reevaluate how you do things, what services you use, what business processes you implement, and what your spending habits look like. You may also have to re-allocate resources.
For example, maybe you had to purchase thousands of WebEx licenses for employees now working from home, or maybe you’ve determined that in this current climate it’s easier for your employees to save items on Microsoft OneDrive.
All the choices you make during this transition will have an impact on your future business. You need to be ready for that.
If you purchase new licenses now, how much are they going to cost you in the short term? Do you need to make these purchases part of your company’s spend strategy moving forward, or how soon can you reduce the number of licenses once users are back in the office? Have you made additional technology investments that will ultimately need to be incorporated into your long-term IT strategy?
Making sure you’ve adjusted to this new landscape is crucial. Preparing for what happens after is equally important.
You don’t have to do this alone
Everyone is doing the best they can to keep business going despite the circumstances. We know that now is a particularly difficult time to mount proactive actions, but the costs of not acting now will be much higher.
As you maintain governance and visibility and regularly assess your needs, remember that you’re not in this alone. Third-party partners can help you navigate these waters. They can work with you to perform threat assessments and determine your highest-priority risks. They can help you objectively determine the best tools for your employees. They can use their relationships with publishers to help you get the best rates and make sure you’re not paying for what you don’t need.
If you’re struggling to contain cloud costs or gain visibility into your environment now that devices are away from the network, contact your SHI account executive and we’ll help you find a solution.
Or, to learn more about securing and managing your remote workers, visit https://shi.com/connected-