How to control the IT chaos of a hybrid workforce

08 June 2022

By Ken Galvin, senior product manager, Quest

By Ken Galvin, senior product manager, Quest

Organisations across the world have embraced remote working, offering more agility and flexibility than ever before. There was a time where tablets, smart phones, and new IoT devices were not a common business tool. However, just as organisations started to get to grips with how to handle these applications and devices, we faced a new turn of events with employees looking to work not only from any device, but across any location and at any time. Our digital lives make us more productive and offer us the potential to work in a much more free and agile way. The good news is that this opens up a whole host of benefits and worker productivity for the organisations that can make this work, but we can’t neglect the hard-working IT teams in the background. These new trends can present a whole host of challenges in terms of security, compliance and data access. So, with the new hybrid workforce set to stay, how can organisations enjoy the benefits and minimise the risks?

In the past 18 months, while employees have enjoyed a more flexible working style brought on largely by the pandemic, IT admins have suddenly found themselves overwhelmed. They have had to adjust almost overnight and manage a remote workforce, who are using a variety of different company owned and personal devices, downloading and installing software from various sources and are relying on IT teams to help overcome challenges that are keeping them from being productive.

As part of this, IT admins have had to also consider how secure the home is for remote employees, how to patch devices remotely, look at password security, VPNs and battle against ever more destructive cyber-attacks.

The reality is that every device connecting to an organisation’s network is a potential attack vector. We see every day that malicious actors are taking advantage of the lack of control many organisations have over this sudden flood of unknown devices.

As the number of remote devices increases in both volume and diversity, it’s no surprise that teams find it harder and more time consuming to manage, secure and keep track. Without some type of automation in play, organisations simply cannot keep up. But automation simply for the sake of it will not cut it. A lack of consistent and unified endpoint management leaves businesses in a precarious situation.

If businesses don’t know what devices they have, then IT teams cannot manage them. And if you cannot manage them, you cannot secure them. For any organisation that is embracing either remote working in some form or mobile devices, one of the first and most critical steps is to gain visibility. Businesses need to address this issue by tracking remote devices and ensuring they can manage them when it comes to security updates and data access. However, it is important to note that gaining visibility means doing a thorough inventory. Endpoints also include printers, cameras, and an ever-growing amount of IoT devices. It essentially means tracking any device that has the potential to connect to your corporate network or will be used to access company data.

Not only will this give a business more control, but IT teams can be aware of what devices are accessing their network, administrative rights can be set and if a device goes missing or is corrupted the organisation can act swiftly to ensure company information is kept safe and secure.

Once organisations have started to get to grip on the different devices connecting to the network, IT departments must prioritise addressing the security risk, regaining control and improving management and compliance.

Although employees might be accessing information away from the traditional corporate office or on remote and personal devices, this doesn’t mean that we should give way to usual business protocol and privileges. It is just as important that IT admins set admin rights and restrict a user’s ability to access sensitive information or change operating system configurations. Too much user control potentially introduces vulnerabilities that allows malware to gain a foothold. In addition, if devices get lost or if data does become corrupt, by limiting the access this in turn is going to limit any potential data loss and help businesses to stay compliant with data protection laws.

Alongside access restrictions, it is also important that businesses look at when devices were last patched and updated. There are tools out there that make device patching super simple, and organisations are aware of the security risks, however this continues to be a pain point for many businesses.

As we saw earlier this year, it is something the UK Government was even scrutinised for when malware was found on laptops they had given out to support vulnerable children who were being home schooled during lockdown. This was due to an unpatched vulnerability, and it could have been prevented if the machines had been adequately updated. It is far too often that we hear of hackers preying on individuals and companies that are already struggling through a challenging time, but hackers are opportunistic, and they will continue to look for any attack vector to infiltrate.

All too often organisations do not formalize their patch management. The recent Emotet outbreak acts as a perfect example of this. Of course, every IT admin knows the importance of patching, but it can take longer when it comes to remote devices and some businesses struggle to push patches to the right devices at the right time. Businesses need to have a specific plan for patching remote devices and a solution that can roll out patches, compliance and access rights in an automated fashion regardless of device location. With the number of endpoints showing no signs of slowing down and IDC predicting there to be 55.7 billion connected devices in use by 2025, we need to be careful of the potential consequences and ensure that businesses have an effective endpoint management plan in place. Organisations can’t rely solely on the security they had in place inside the corporate office. We need to evolve our approach and leverage automated endpoint management plans when it comes to the remote workforce and remote devices, to ensure that businesses have visibility, robust regulatory compliance and security no matter which device employees are using and wherever they may be.