Virtualization Technology News and Information
Maintaining a virtual data management strategy amidst hybrid remote work

By Stephen Cavey, Co-Founder and Chief Evangelist, Ground Labs

Over the last twelve months, businesses across industries have been forced to adapt to the realities of distributed work. As COVID-19 vaccinations ramp up and business leaders begin to consider reopening physical locations, there is no doubt that distributed work will continue to play a major role in corporate culture. Especially now that businesses have realized the direct benefits of remote work, many will be compelled to maintain flexible arrangements in order to compete and retain talent in the post-pandemic economy. In fact, according to a recent survey from Gartner, 47% of business leaders said they intend to permit employees to work remotely full-time. 

Rather than embracing full-time remote work after the pandemic, experts anticipate that more businesses will actually adopt a hybrid model where a portion of the workforce works remotely and in-person throughout the week, offering workers optimal flexibility based on their preferences and schedule. According to the same Gartner report, more than 80% of respondents said they plan to allow employees to work remotely at least part of the time. However, the prospect of a hybrid remote workforce raises a significant challenge: tracking and protecting dispersed data across in-office and remote work from home environments. 

From confidential financial data to intellectual property and customer information, businesses must have a firm grasp on where regulated and sensitive data resides at all times in order to maintain compliance and thwart possible data breaches. This task becomes even more difficult to manage when employees work across multiple devices-both in-person and remotely-and information is not always stored in the same consistent manner. Examples of such locations may include: within localized folders; synced onto cloud storage folders; local hidden data in temporary storage and deleted items; removable or home network storage or shared across applications, including internal chat apps.

As the business world approaches a hybrid work environment, organizations should follow best practices by putting systems and policies in place to locate and secure sensitive information. 

Set a clear standard of ownership over all devices

Especially as workers begin to return to the office while some continue working from home, it is imperative to set a clear standard for device ownership that is the same for both in-office and remote employees.

While many companies already uphold a complete device ownership policy where all devices are owned by the company, some businesses allow employees to use their own devices or a mix of personal and company owned devices. These scenarios should be avoided unless there are adequate software controls that containerize and separate corporate data from the individual's data and provide controls, such as remote wiping of the corporate data.

At the outset of the pandemic, many IT teams did not have time to prepare or establish a clear standard, which forced employees to use their own devices from home to remain productive. Now that we are one year into the global remote work experiment, businesses have the opportunity to review and prepare for the hybrid remote model and consider whether a complete device ownership or BYOD with adequate controls is most appropriate. 

Define company-wide security protocols 

Outside of setting a standard for device ownership, organizations should carefully review their existing security policies and set new best practices that are communicated with the entire workforce. 

As workers enter a hybrid work environment, it is important that they are fully aware of the organization's policies around devices that can or cannot be used or shared with others. While it is easier to implement a policy mandating that only company owned storage devices may be used for storage of company file data when all workers are in the office, this becomes less practical and more difficult to maintain when employees are remote a significant portion of the week and there is a higher likelihood of violation. 

For example, one common scenario that many organizations face is remote employees allowing a family or other household member to use their device for non-work reasons, such as external e-learning or streaming. This situation becomes more prevalent with full-time remote workers and it becomes even murkier when employees work from home and in the office a portion of the week. Ensuring that this risk is incorporated into future security education of staff and included in your new employee onboarding process will help reduce the risk of unapproved users on company devices. 

Know where your data resides 

Regardless of how strong your security practices might be, there will always be the risk of company data being stored in unknown or unapproved locations. To prepare for this situation, organizations should conduct regular housekeeping of the data stored across servers, databases, workstations and in the cloud-a practice known as data discovery. Deploying an ongoing and automated data discovery strategy not only identifies potential breaches in compliance, but it establishes a baseline level of confidence in the security of an organization's most critical data. 

While the emergence of the COVID-19 pandemic caught many IT teams off guard, businesses now have the opportunity to put best practices in place with the understanding that remote work is here to stay. Hybrid remote work will have a lasting impact on the modern workforce and organizations that uphold clear security standards and implement robust processes to achieve data awareness will be the most equipped to thrive in the next wave of the digital economy.


About the Author

Stephen Cavey, Co-Founder and Chief Evangelist at Ground Labs

Stephen Cavey 

Stephen Cavey is a co-founder of Ground Labs, leading a global team empowering its customers to discover, identify and secure sensitive data across their organizations. As the Chief Evangelist, he leads its worldwide product development, sales and marketing and business operations and was instrumental in extending Ground Labs' presence with enterprise customers. Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events on topics related to data security, risk mitigation and cybersecurity trends and futures. He started Ground Labs after holding engineering and leadership positions at Paycorp Holdings (now part of MYOB), a provider of integrated electronic payments solutions and Webpay, a payment services provider later acquired by Fidelity.

Published Thursday, March 25, 2021 7:38 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2021>