How the remote workforce is impacting the way we store and access data
It's a common occurrence. A work-from-home employee, bored stiff by endless team updates and PowerPoint slides that don't concern him, tunes out on a virtual meeting. Off goes the video and audio, up comes another browser. Hmm, that TikTok video of a cat acting like a dog sure looks entertaining.
Global data consumption has been steadily rising since the emergence of COVID-19. Most of that, of course, is because many consumers have turned to streaming entertainment to pass the time during quarantine. But another portion of the activity involves employees downloading videos they shouldn't. Indeed, a NetMotion Software survey conducted shortly after the pandemic's eruption found 74 percent of workers were using corporate devices to stream non-work-related video content, mostly from YouTube, Netflix, and Hulu. And 20 percent of workers admit to spending more than 10 hours a week doing this.
Lee Robertson, chief technology officer and vice president of infrastructure operations at Hewlett Packard Enterprise, says that the issue is becoming a problem for IT organizations because so much data is now flowing between remote devices and corporate networks that it's becoming hard to manage and secure.
"Most enterprises are resilient," he says. "But as we continue moving toward this hybrid work model, where people split time between homes and offices, organizations will increasingly lose sight of who and what are accessing their networks. This could bring all sorts of operational and cybersecurity woes."
Intense operational impact
From an operational standpoint, employees accessing unauthorized content creates all sorts of network bandwidth, stability, and data integration challenges, Robertson says. What's more, the fact that employees often use home Wi-Fi to connect to work while family members use the same network to browse, shop, download apps, play games, and watch movies can create severe latency issues.
"I'm more concerned about that cross-pollination problem than I am about most other IT business continuity challenges because it's one of the most difficult ones to wrestle to the ground," he says.
Please read: What it means to think data-first
From a cybersecurity standpoint, Robertson says managing remote devices becomes tricky because employees are constantly downloading and collecting tremendous amounts of corporate and non-corporate data. Yet, 71 percent of security leaders lack sufficient visibility into remote employee home networks, according to a Tenable and Forrester study. Not surprisingly, 80 percent of security and business leaders say their organizations are at risk of a cybersecurity breach because of this situation, the study found.
"The explosion of data is real; there is more data being generated now than any other time in the history of IT," notes Steve McDowell, senior analyst at Moor Insights & Strategy. "The dirty secret of enterprise IT is that nobody really knows where all that data is, or what that data is. Data sprawl is also real and dangerous. Data is mobile and everywhere. This leads to significant challenges protecting it."
Please read: The key to understanding data? Seeing it properly
Chris Hallenbeck, CISO for the Americas at Tanium, an endpoint protection platform company, agrees. He says part of the difficulty, though, is less about the explosion of remote data and more about IT organizations trying to adapt old-school tools to a modern, pandemic-era problem.
"Many were still on-premises tools that were built with the assumption that most employees would still be on-site and you could easily query and manage their devices," he says. "All that went out the window with COVID-19 and people working from home. A lot of organizations are still reeling from that shift, especially on the operations side, and haven't yet adjusted."
Tips for managing remote data
While getting a grip on remote data is not easy, there are steps organizations can take, experts say.
Robertson and Hallenbeck both recommend taking a platform, as opposed to a best-of-breed, approach to endpoint device management. They say that while it's often tempting to invest in every feature possible, it's more efficient to start with a basic management foundation and add applications to it on an as-needed basis.
"Best of breed is a lot like buying the top-of-the-line trim for an automobile," says Hallenbeck. "You have all the options available to you, but chances are you're probably not going to use all those gee-whiz features. Meantime, you've overpaid, created complexity, and increased chances of misconfiguration."
In addition to taking a platform approach, Robertson suggests limiting the types of online sites employees can use while connected to the corporate network. The company intranet? Fine. Access to Hulu, Netflix, TikTok or other questionable and bandwidth-hungry web pages? Forget about it.
Please read: Securing the data-first enterprise
Employee devices should also be preconfigured with maximum security in mind and give IT staffers complete control if they are ever lost, he says. For example, HPE encrypts the hard drives of all 88,000 remote HPE employees and contractors. So, if a device is stolen, thieves are prevented from logging in to see or steal data, and they can't even remove the hard drive to access it from a different system.
"At that point in time, it's essentially a paperweight," Robertson says.
Similarly, his team loads software on all remote devices so IT can disable a device in the event it's reported lost or stolen.
"Whoever ends up with it isn't going to be able to get at the valuable data on it," Robertson says. "They can take it apart, pawn it, or even re-image it. But the data will not be accessible."
Never trust remote devices
Robertson also advocates that IT organizations adopt a zero trust model, where any person or device that tries to log onto a network from any device is treated as a potential threat. This means that if an IoT application tries to access network services or data, it must first authenticate itself, regardless of whether it's already on the network. The assumption is that any IoT apps requesting access to assets may contain malicious code. So those devices are isolated, or segmented, in digital waiting rooms and aren't allowed to move on without credentials.
Zero trust is built around the concept of least privilege, meaning that if someone doesn't need access to parts of the network, they are never given rights to it. This can be particularly useful for reducing potential threats posed by remote devices being left open and vulnerable in public places. Virtual private networks (VPNs) have been the go-to model for granting network access to remote users. But with so many organizations moving to remote work, the zero trust model is starting to overtake VPNs. In fact, 60 percent of enterprises in a Pulse Secure survey reportedly say the pandemic and remote work are speeding up their zero trust strategy.
Please read: What is zero trust?
For mobile device management, Robertson also recommends requiring the installation of an application or cloud-based service, such as Microsoft Intune, on any employee smartphone accessing the network. This allows the IT organization to control all mobile devices, including phones, tablets, and laptops. It also makes it possible to remotely configure specific policies to control installed applications.
In the end, experts say it's critical to combine a platform approach to remote device management with sensible cyber-hygiene practices and procedures.
"It won't happen overnight because there is no single solution offering everything you need," says Robertson. "But if you're smart in the way you purchase and deploy remote device management capabilities, you'll have a better handle and more control over your data landscape before long."
"The dirty secret of enterprise IT is that nobody really knows where all that data is, or what that data is."
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.