Work from home is here to stay, so how should IT adjust?
The pandemic has changed how we work, probably forever. Most employees with jobs that can be done effectively from home have no intention of returning full time to the office. They find that their work-life balance is much more balanced without the long commutes and constant interruptions that accompany office work.
According to a McKinsey/Ipsos survey, 58 percent of American workers had the opportunity to work from home at least one day a week in 2022, while 38 percent were not generally required to be in the office at all.
When people were given the chance to work flexibly, 87 percent took it, according to McKinsey. And Gallup projects that about 75% of remote-capable workers will be hybrid or fully remote over the long term.
While the work-from-home (WFH) trend is popular with employees, it stresses other parts of the enterprise, particularly IT teams, who have to adjust networking and security architectures to accommodate ever-more-mobile workforces, increasing investments in cloud computing, and the disappearing corporate perimeter.
Policies are the foundation for engineering firm
Prior to the pandemic, Geosyntec Consultants, a global engineering services firm, had a WAN strategy that connected more than 90 offices from Sweden to Australia over an SD-WAN service from Cato Networks.
What Geosyntec did not have, however, was robust support for remote workers. As with most pre-pandemic businesses, workers were expected, with a few exceptions, to work in the office. Typically, Geosyntec’s IT team supported 100 or fewer remote employees on any given day, who connected to corporate assets over VPN hardware.
When the pandemic shut down offices around the globe, the majority of Geosyntec’s combined staff of more 2,000 engineers, scientists, and related technical and project support personnel shifted to working from home.
“Prior to the pandemic, we had been considering changing our remote work policies, mainly to attract talent. The pandemic forced our hand, and we had to adjust in more ways than anyone could have predicted,” says Edo Nakdimon, senior IT manager at Geosyntec.
Predictably, performance bottlenecks emerged that could be traced back to the legacy VPN, pre-existing firewall configurations, and gateway hardware. But before Geosyntec’s IT team could start breaking through those networking bottlenecks, the entire organization had to step back to establish WFH policies and procedures.
“Many of the reasons our organization was hesitant about work from home were HR ones. What happens if an employee is on a business phone call and has an accident at home?” Nakdimon said. The emergency nature of the pandemic steamrolled over those concerns at first, but eventually the organization needed to come up with permanent rules.
“To work from home, we have some basic computing requirements, such as reliable broadband, but we also require things like ergonomic chairs and desks. We don’t want people working from laptops at the kitchen table,” he said.
For concerns like ergonomics, WFH policies are simply an extension of office policies, and Geosyntec will provide workers with the furniture they need. But the organization also had to create new policies for things like virtual meeting etiquette and data retention procedures.
Other policies that IT will be responsible for establishing, maintaining, and enforcing include installing and updating client-side security tools, establishing WFH data privacy protections, and improving private networking capabilities, such as through VPNs and other remote access tools.
Organizations pursuing digital transformation initiatives should also consider developing policies for such things as how they will vet vendors that provide mission-critical services, how to ensure they retain data ownership, and what they will do if a critical vendor goes bankrupt or gets acquired.
Scalability and security concerns lead to SASE
For Geosyntec, the scalability of existing technologies was another major challenge. Fortunately, they had already started to centralize security and networking through cloud services. “My fear had been that with 1,600 employees at home, many endpoints would be exposed to threats,” Nakdimon said.
His fears were not unfounded. The shift to WFH creates new cybersecurity threats, as bad actors adjust to these new realities, seeing new targets. “But because we had already centralized our WAN, we were able to quickly turn on new services to do things like pushing firewall capabilities to endpoints,” he said.
Since Geosyntec had already started shifting from hardware to cloud services, the organization didn’t need to totally overhaul its infrastructure, but rather accelerate digital transformation plans that were already in motion.
Nakdimon and his team installed more gateways, and they turned back to Cato Networks to add new services, transitioning from legacy, hardware-based VPNs and firewalls to Cato’s cloud-delivered alternatives.
Geosyntec also added Cato’s SASE service to deliver secure networking services for its WFH staff. Secure access service edge (SASE) is a network architecture that combines SD-WAN networking with a range of security services. SASE enables businesses to address a number of WFH challenges, authenticating users at the edge and enforcing policies once employees enter the corporate network.
Most SASE vendors offer a range of security services that help protect an attack surface that has grown much larger in WFH environments These include zero-trust network access (ZTNA), Firewall-as-a-Service (FWaaS), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB) services.
University responds to flood of help-desk requests
When the pandemic hit, higher education saw its entire business forced to move online. While remote and online education has been evolving slowly for decades, the pandemic sparked a stampede, with students, staff, and educators all migrating online at once.
The University of Rhode Island (URI) adjusted by rapidly shifting from in-classroom learning to online courses. However, many of the university’s approximately 17,000 students were still living in campus dorms when the pandemic hit, which meant that the university’s IT team now had to manage thousands of Wi-Fi access points across four campuses as critical infrastructure.
Predictably, the unexpected shift to online learning was accompanied with a spike in student complaints about frequent Wi-Fi disconnections and application performance issues, which spiked when students were attending online classes and taking exams.
The volume of help-desk requests quickly swamped the IT team, prompting them to seek outside help. The URI IT team evaluated a number of options, before eventually deploying the network monitoring solution from NetBeez.
After installing NetBeez Wi-Fi sensors throughout the campus, the IT team learned that many problems were triggered because student devices tended to hop through different channels and access points, which caused both dropped sessions and performance issues.
“With NetBeez we gained the ability to determine the root cause and solve intermittent Wi-Fi problems in under an hour. Without NetBeez it would have taken a very long time to even discover the issue after receiving a student complaint,” said Christopher Pepper, a network engineer at URI.
Be ready to address vendor management, tool sprawl
Migrating from hardware-centric, on-premises systems to cloud-based services helps organizations scale in order to handle a remote workforce, but IT execs should beware that this type of shift often moves problems around, rather than eliminating them altogether, or creates new ones.
For instance, IT teams that trade on-premises gear for SaaS no longer need to manage and maintain those tools, but they now must manage a collection of service providers. Some of those service providers may not even be under the control of enterprise IT, but rather the employees’ providers, as is the case with home broadband. Yet, if employees are unproductive because their ISP is non-responsive, employers may decide to step in to help.
Another problem related to managing multiple vendors is sprawl. Tool sprawl occurs when organizations adopt multiple tools that tackle related, but not completely overlapping, issues, and the pandemic created the type of emergency conditions that are ripe for out-of-control tool sprawl. Tool sprawl then forces IT to manage a series of disconnected dashboards, which makes troubleshooting difficult.
“It’s hard to support a large, remote workforce without centralizing as many networking and security functions as you can,” said Nakdimon. “Of course, you still need redundancy, but to have the control, speed, and management capabilities you need to make it all work, ideally, you need to be able to view everything through a single pane of glass.”
For large enterprises, unifying everything may not be possible, and it may not even be desirable since most large enterprises will have legacy constraints. The enterprise may also prioritize best-in-breed products over unified ones. Moreover, the single-pane-of-glass Holy Grail of unified services is often more aspiration than reality.
Most SASE vendors, for instance, provide a few core services of their own and then add services from partners around that core, which means that integration is rarely seamless. For smaller organizations with few IT resources, however, all-in-one services may well be the only ones those teams can manage, especially during times of rapid change.
Overarching principles
For IT execs shifting from Covid-19 panic mode to a long-term enterprise architecture that includes both in-office and remote workers, and both cloud-based applications and centralized resources, there are several key factors to keep in mind.
Setting broad policies for remote workers is the first step. Those policies should encompass reliable broadband, ergonomics, security, data retention, and should reflect the corporate culture in terms of virtual meeting procedures and etiquette.
The goal for IT teams should be to enable WFH employees to quickly get to the data and apps they need to do their jobs, but also to make sure that security requirements are not compromised, and that management platforms can scale across the entire enterprise infrastructure.
Copyright © 2023 IDG Communications, Inc.