By Stephen Cavey, Co-Founder and Chief
Evangelist, Ground Labs
Over
the last twelve months, businesses across industries have been forced to adapt
to the realities of distributed work. As COVID-19 vaccinations ramp up and
business leaders begin to consider reopening physical locations, there is no
doubt that distributed work will continue to play a major role in corporate
culture. Especially now that businesses have realized the direct benefits of
remote work, many will be compelled to maintain flexible arrangements in order
to compete and retain talent in the post-pandemic economy. In fact, according
to a recent survey from
Gartner, 47% of business leaders said they intend to permit employees to work
remotely full-time.
Rather
than embracing full-time remote work after the pandemic, experts anticipate
that more businesses will actually adopt a hybrid model where a portion of the
workforce works remotely and in-person throughout the week, offering workers
optimal flexibility based on their preferences and schedule. According to the
same Gartner report, more
than 80% of respondents said they plan to allow employees to work remotely at
least part of the time. However, the prospect of a hybrid remote workforce
raises a significant challenge: tracking and protecting dispersed data across
in-office and remote work from home environments.
From
confidential financial data to intellectual property and customer information,
businesses must have a firm grasp on where regulated and sensitive data resides
at all times in order to maintain compliance and thwart possible data breaches.
This task becomes even more difficult to manage when employees work across
multiple devices-both in-person and remotely-and information is not always
stored in the same consistent manner. Examples of such locations may include:
within localized folders; synced onto cloud storage folders; local hidden data
in temporary storage and deleted items; removable or home network storage or
shared across applications, including internal chat apps.
As
the business world approaches a hybrid work environment, organizations should
follow best practices by putting systems and policies in place to locate and
secure sensitive information.
Set a clear standard of ownership over all devices
Especially
as workers begin to return to the office while some continue working from home,
it is imperative to set a clear standard for device ownership that is the same
for both in-office and remote employees.
While
many companies already uphold a complete device ownership policy where all
devices are owned by the company, some businesses allow employees to use their
own devices or a mix of personal and company owned devices. These scenarios
should be avoided unless there are adequate software controls that containerize
and separate corporate data from the individual's data and provide controls,
such as remote wiping of the corporate data.
At
the outset of the pandemic, many IT teams did not have time to prepare or
establish a clear standard, which forced employees to use their own devices
from home to remain productive. Now that we are one year into the global remote
work experiment, businesses have the opportunity to review and prepare for the
hybrid remote model and consider whether a complete device ownership or BYOD
with adequate controls is most appropriate.
Define company-wide security protocols
Outside
of setting a standard for device ownership, organizations should carefully
review their existing security policies and set new best practices that are
communicated with the entire workforce.
As
workers enter a hybrid work environment, it is important that they are fully
aware of the organization's policies around devices that can or cannot be used
or shared with others. While it is easier to implement a policy mandating that
only company owned storage devices may be used for storage of company file data
when all workers are in the office, this becomes less practical and more
difficult to maintain when employees are remote a significant portion of the
week and there is a higher likelihood of violation.
For
example, one common scenario that many organizations face is remote employees
allowing a family or other household member to use their device for non-work
reasons, such as external e-learning or streaming. This situation becomes more
prevalent with full-time remote workers and it becomes even murkier when
employees work from home and in the office a portion of the week. Ensuring that
this risk is incorporated into future security education of staff and included
in your new employee onboarding process will help reduce the risk of unapproved
users on company devices.
Know where your data resides
Regardless
of how strong your security practices might be, there will always be the risk
of company data being stored in unknown or unapproved locations. To prepare for
this situation, organizations should conduct regular housekeeping of the data
stored across servers, databases, workstations and in the cloud-a practice
known as data discovery. Deploying an ongoing and automated data discovery
strategy not only identifies potential breaches in compliance, but it
establishes a baseline level of confidence in the security of an organization's
most critical data.
While
the emergence of the COVID-19 pandemic caught many IT teams off guard,
businesses now have the opportunity to put best practices in place with the
understanding that remote work is here to stay. Hybrid remote work will have a
lasting impact on the modern workforce and organizations that uphold clear
security standards and implement robust processes to achieve data awareness
will be the most equipped to thrive in the next wave of the digital economy.
##
About the Author
Stephen Cavey, Co-Founder and Chief
Evangelist at Ground Labs
Stephen Cavey is a co-founder of Ground
Labs, leading a global team empowering its customers to discover, identify and
secure sensitive data across their organizations. As the Chief Evangelist, he
leads its worldwide product development, sales and marketing and business
operations and was instrumental in extending Ground Labs' presence with
enterprise customers. Stephen has deep security domain expertise with a focus
on electronic payments and data security compliance. He is a frequent speaker
at industry events on topics related to data security, risk mitigation and cybersecurity
trends and futures. He started Ground Labs after holding engineering and
leadership positions at Paycorp Holdings (now part of MYOB), a provider of
integrated electronic payments solutions and Webpay, a payment services
provider later acquired by Fidelity.