2020 is officially off to a fairly rough start. But being an optimist, I’m hoping for the best.
We’re learning that what was “routine” when it comes to working in an office may not be the best plan moving forward. Specifically, we might want to rethink the whole idea of “the office” as the center of the company. Remote work can ensure business continuity. This crisis could be the event that demonstrates a physical office building is a thing of the past.
I called out some of these challenges back in February. Connecting people to information is critical to most businesses’ operations. During times of crisis, the need to secure and support remote work is more important than ever. Technology lets us work from anywhere and on any device. We see a concerted shift toward the remote model across the board, driven by necessity and by organisations eager to embrace many of the potential benefits. But while many employees now count remote work as a standard benefit of the modern workplace, we still need a cultural shift in the way businesses think about remote work.
Remote work requires a change for companies and for employees. Two significant shifts will impact people: personal and community interaction, and security.
The personal and community interaction
Some fear remote work will kill corporate culture. I often hear “Being in the office is key to collaborating and driving culture.” or “I love coming to the office to see people.”
These concerns are valid, but misplaced. When I worked in an office in Australia, we would finish the workday with a few pints of beer. I enjoyed the social aspect of the work and the culture of chatting with my cubicle partner. But ultimately none of this helped my work effectiveness. People believe that effective work comes from working together — and that is correct. But culture develops through solid company principles embraced by employees. Interaction and execution of those principles happen just as well remotely as it does in the office — especially when using excellent collaboration tools, such as O365, Slack, Zoom, and others.
Remote workers exist in every enterprise, even the most traditional ones. Saying that culture and collaboration only happen in person disregards the contributions of remote workers, shutting them out of the process.
I frequently hear that employees need to be “secure.” There are two aspects to security: physical and technical.
Physical security – When you come into the office, your company provides a “secure” environment: It controls building access, climate, food services, seating, etc. While it’s important to provide a secure and comfortable work environment, it also leads to friction between employees who disagree. And as we’ve seen during the past few weeks, the “security” of the office is somewhat illusory. Furthermore, the company assumes risk attempting to maintain and control physical security.
Working from home allows me to control my working conditions exactly as I would like to have them — in my pajamas if I choose. Control over my own environment keeps me motivated and effective when working. It also removes people from risk in a crisis where it is undesirable to have people grouped together.
Technical security – The company also provides you with the tools and services needed to accomplish your job. It (hopefully) secures the access to your information and services, such as email, file sharing, applications, the internet, etc.
When outside the office, how do you protect your technology and tools? The go-to method has been virtual private networks (VPNs) that connect traffic back to the company network (in the office) so that you can use the controls there and access the services you need. But VPNs can be slow, are not necessarily foolproof, and don’t scale well (as some organisations are discovering when remote access spikes). Backhauling traffic over MPLS to data centers is expensive, and those connections can get quickly overwhelmed when all of your internal traffic suddenly moves outside your network. Collaborative tool performance can suffer as a result.
With workers and applications now residing outside the office, businesses should apply two key models to protect remote work: secure access service edge (SASE) and zero trust.
In the old (30-plus-year-old) model, a secure perimeter protected the data center and shielded apps and data from outside threats. With applications moving to the cloud, the internet of things (IoT) becoming more common, and users connecting from everywhere, the perimeter security model is no longer tenable. The outdated castle-and-moat model of security adds complexity and cost, and isn’t that secure. How do you enforce a perimeter around data outside your corporate network?
Secure access service edge (SASE), a new security market space defined in 2019 by Gartner, specifically addresses the security reality faced by cloud-first organisations. SASE secures traffic between the user and application — it’s the journey and not the destination that is most important. With the SASE model of local internet breakouts, digital businesses can provide security at all times, regardless of user location — and without complex and expensive hardware stacks of security devices that require constant maintenance and updating.
Zero trust is another best-practice model for connecting users to applications and data. Zero trust provides a single, simple access model for users — regardless of where they are and what they are trying to access. This is critical as enterprises move employees rapidly to remote work environments. Employing zero trust principles enables enterprises to isolate and segment who has access to what. This means no more shared spaces, as every access must be validated before it is enabled. Connections are ephemeral: the user and the application connect only for a particular communication and nothing further.
SASE and zero trust models rely on direct connectivity. They provide fast and secure paths to access any application without worrying about being pushed back into a network. You can use Wi-Fi, 4/5G, an LTE connection, or whatever.
Zscaler has been pioneering this approach for more than a decade. We can help provide you a path to quickly moving employees to secure, remote access that optimizes security and application performance.
Nathan Howe is ZPA Principal Architect at Zscaler