Security Strategies for a Distributed Workforce

A distributed workforce security plan has been made paramount because of recent, global, events. Where should technology leaders start?

How has the pandemic-induced movement towards remote work affected security and productivity of different organisations? And what do these organisations have in common when trying to adapt and grow in unison with a distributed workforce security plan?

With Keme Nzerem moderating, the speakers of this roundtable include:

• Ahmed Nabil Mahmoud, CISO, Standard Chartered Bank
• Amanda Hamilton, CIO, City and County Healthcare Group
• Hicham Faik, Global CISO, Attijariwafa Bank
• Kieran Higgins, Head of Digital Workplace Transformation, Cisco

As the working world evolves into one of a hybrid nature, it is paramount that those working from home can not only perform like before, but can do so securely. Kieran Higgins, head of digital transformation at Cisco, explained that security is about making sure people have access to the necessary tools virtually, as the pandemic has stunted office resources.

Amanda Hamilton, chief information officer at City & County Healthcare Group, informs us that for her, connectivity was a vital factor in prioritising security and productivity. She goes on to discuss the prevalence of PPE in a pandemic amidst a competitive market and how it meant resorting to the use of the government and third parties from around the world.

Cultural considerations

When a worldwide epidemic occurs and alters our way of life as we know it, not only must we develop the technical intricacies of our organisations, but we must also make room for an alteration in culture. A distributed workforce security strategy must understand the cultural components of a workforce if it is to become embedded within its psyche.

Ahmed Nabil Mahmoud of Standard Chartered Bank spoke of the technical complications within the financial field: “the main concern that was coming there was the leverage and the usage of different collaboration tools because of the massive push to work remotely”.

He reflected on the difficulty of having no playbook amidst such unprecedented times, and how the intense culture change is hard to navigate.

Hicham Faik of Attijariwafa Bank agreed that the distributed workforce security challenge was technical and cultural. In regard to the technical shift, he revealed that VPNs were put in place to secure connections and strengthen the way people access applications, as this used to be accessed from inside the network. Education is a huge part of culture and it was another priority to explain to employees how to connect securely from their houses.

Briefly outlining issues that can arise from this change, Faik mused over the question of companies asking employees to use their personal phones from home. Do they have the right to ask this? He explains that three of the main challenges of this cultural shift were privacy, communication and safety.

Democratisation elements

Another crucial element in workplace culture that each field has in common is equality and ethics. With remote working having to operate so differently and being a far newer approach, there are gaps and areas for improvement.

Amanda Hamilton discussed this, explaining that “the experience in office was robust, whereas remote working was more discreet…so as to not open up entire systems to remote access.” She concludes by saying that we must now open up systems in as seamless a way as possible, so that those who retain remote working have an equal experience.

Kieran Higgins adds to this notion, stating that democratising the relationship between in-office work and remote work aims for an “equitable relationship between the in-office experience and the remote experience”, thereby bringing together a single solution for a distributed workforce security plan.

Questions to be considered

Of course, such a shift is not achieved without difficulty, and the participants of the conversation explain the main obstacles to overcome.

Ahmed questions what might happen to IT staff that need to work remotely to solve problems. He then goes on to voice his concern over what happens to business managers that need to have the right reporting from business applications, as pre-pandemic there was access from the inside, and finally he questioned what will happen to developers in regards to critical infrastructures from outside the network. These are all concerns that are in the process of being actively addressed and worked around by businesses all over the world.

It seems that each individual values HR and strategy, standard operating procedures (established teleworking, monitoring of VPNs etc.) and proactive discussion regarding performance, limitation and awareness within a shifting organisation. It is through these key factors, that the participants believe security and productivity is achieved.

This roundtable on distributed workforce security was created in partnership with Menlo Security.