I’m going to resist using words like “unprecedented” and phrases like “the new normal” as much as possible, but we really can’t ignore that things have changed quickly in the last few weeks. Not so much people working from home – that’s been a feature of many of our (admittedly privileged IT worker) lives for years – starting with remote support in the 70s for technical staff in the middle of the night. No, what’s really changed in my view comes down to two things – scale and user types.
Scale is obvious – instead of a percentage of our teams WFH each day, suddenly we’re all remote for voice and data comms, and those of us who use remote access systems like VPN or 2FA which are license or technology bound have had to ramp things up fast and/or get creative with our kit. The luckier ones who were already using 100% cloud supported SaaS have only had to contend with occasional ISP overload or artificial caps on their home broadband. If you live in the sticks at the end of a 2-mile run of copper, like I do, there’s been no discernible difference. My heart bleeds for you FTTC/P jockeys who’ve seen their download speeds drop to 50mbps. It’s like being back on a modem, for God’s sake!
The addition of lots of user communities, who don’t normally have the luxury of home working, to the pyjama-bottom during the day crowd has been more interesting. Some companies have had to set aside or re-define policy in areas like data classification and network segregation and access controls, and I’ve seen some teams who, prior to the strategic impetus which is Covid-19, would never have been permitted to work remotely (or even alone, due either to the type of work they do or the complexity of providing remote access to their data) be issued with a laptop and some instructions and packed off to their bedrooms. There are going to be a lot of stats produced and a lot of theses written on the back of the pandemic and I’m really looking forward to seeing how current thinking and actions influence what happens when lockdowns start to be relaxed – will we all go back to the office and write off the investments made in time and technology during these few weeks? Will thousands of recently issued laptops and 2FA tokens be collected by IT and stored as a “spares mountain”?
I think it’s likely that we’ll settle down to a sort of middle ground, where many more functions can work remotely on some sort of rota basis and companies embrace the benefits that has both for wellbeing and business resilience. I also think that the oft-touted collaboration enabling technologies have made an indelible mark – never have I seen so many hitherto unloved functions of things like Zoom, Teams, WebEx et-al dragged from sub-menus into the light as people work out how they can create as near as possible the experience of being in a room working together, or at least appear to be working from a pineapple under the sea (for all you SpongeBob fans). It’s also persuaded some of the collaboration software vendors that they really should have a look at their security practices, which cannot be a bad thing.
It’s been an interesting time, and from a security point of view it’s reminded me of the mid-to-late 90s, when the ability to do something outweighed whether we should do it in some cases, and whether it was secure to do it in many more – we were caught up in a race to “get on the internet” and general practice was to worry about security later. Things were quite different this time, of course, everyone has a much greater appreciation of the need to secure data and access to applications than we did back then, so it’s not been quite as “wild-west”, but still, things have happened and fundamental changes have been made to technology and working practices because the business needed them to, and the role of the security team has been to make sure the implementations have been as safe as possible, the overarching goal of enabling the business to continue to function being truly more important than everything, and that’s been quite refreshing. You can’t secure a business which has gone bust.
Finally, there’s nothing like a clearly defined and easy to understand shared goal, coupled with a sense of urgency and with the removal of many bureaucratic barriers to make teams work seamlessly together and produce fast results – collaboration is not just for video conferences, and this has been a great reminder of that too.