Businesses are beginning to accept that our current operating environment, defined by distance, is not a fleeting affair. The seemingly immutable practices that defined the way businesses interacted with each other and their employees have been upheaved on a global scale, creating new behavioral and structural precedents such as recruitment beyond proximity that bear ongoing commercial significance.
The reflexive, near-instinctive steps that businesses took to enable remote workplaces following the onset of the COVID-19 pandemic are falling under heavy scrutiny as the longevity of these practices and the value they yield becomes apparent.
Enterprises reflecting on the lasting business case for remote work are confronting the redundancy of legacy perimeter defence methods as the parameters for effective cyber-security recentre around identity. Security threats are compounded by behavioural and processes challenges that stand in the way of employees reaching their full potential under a mandatory remote work regime.
In response to these challenges, OKTA recently arranged for leading digital professionals from all sectors of the national economy to virtually interface on the current state of work. Their conversation illuminated shared challenges around securing remote workplaces and revealed strategies for empowering a truly flexible workforce. This is what they had to say.
SECURITY CHALLENGES: IDENTITY AND ZERO TRUST
The context for work has evolved as companies become physically dislocated from their employees. The firm’s digital footprint has ventured outside familiar perimeters to lay tracks in new territory, and security vulnerabilities are the corollary for this mobility.
The parameters for secure work are fundamentally shifting: attack vectors are being remapped to directly target home environments; employees risk becoming apathetic towards, or at the least unsure of, expectations around data handling and remote information exchange; and the danger of disenfranchised individuals becoming antagonists of security breaches is amplified by reduced visibility across remote work locations.
The sheer scale and speed at which businesses adopted blanket remote work policies, while necessary, has amplified these threats considerably. To operate with confidence in this new commercial landscape, businesses must ensure that information is being viewed by relevant parties in unquantifiable locations and across unseen devices. This is an imposing but surmountable challenge, provided businesses can recognise the vital role identity plays in ensuring that workforces do not introduce vulnerability to the workplace.
Identity empowers businesses to abandon perimeter defense methods in favour of zero trust principles. By bringing the strongest representation of security to the user, wherever they may be, businesses can allow the right people with the right access to the right resources in the right context. The effectiveness of identity as the foundation for an enforceable security policy hinges on the fact that cyber-security antagonists only succeed when they compromise identities – every attack is levelled through some form of compromised identity.
Businesses will only succeed as defenders and build their security posture in meaningful ways when they drive past passwords to secure identities. Identity is the child of context – by continually assessing location and actively managing devices, businesses can generate a unique profile of characteristic behavior. These profiles can then be leveraged to make immediate and informed decisions around when and how certain applications are being accessed.
BUSINESS CHALLENGES: A BROADER PERSPECTIVE ON FLEXIBILITY
Flexibility has been subject to many varying corporate interpretations. In too many business cases, flexibility has become synonymous with remote work policies that enable employees to engage with the company on personalised terms. While this definition carried some weight prepandemic, it is of little differential utility now that entire industries have been forced to abandon their offices and routines. Instead, it may be helpful for businesses to think of flexibility as the practice of empowering people to realise the full value of their skills.
It is important to recognise that remote work on the scale we are currently witnessing poses several behavioural and processes challenges that can inhibit employees from realising their full potential in line with this broader painting of flexibility. Businesses that apply a service design lens to their actions to counter these challenges will be in a stronger position to compete when our operating environment corrects, and employee choice once again becomes a factor in remote work practices.
Beyond software requirements and hardware limitations, one of the most immediate challenges tied to remote work has also proved to be the most obstinate: being remote first makes it incredibly difficult to be present. Physical separation always threatens to fester into isolation, not only from colleagues and friends but from the company’s mission that serves to connect, inspire, and motivate action.
When combined with any number of external market pressures threatening job security, it becomes very difficult for employees to sustain performance let alone generate momentum for new initiatives under the spectre of disconnection. This mindset affecting relatability is not sustainable from an individual or business perspective, and stems from the fact that the rituals of a physical workspace do not naturally translate to virtual environments.
Constant, two-way dialogue an interactive experiences have emerged as favourable remedies for stagnation from separation, with many businesses reporting a spike in virtual team events that serve to channel information up and down the corporate hierarchy. When well executed, digital engagements are an effective vehicle for both incentivising action back to core values as well as aligning employees behind a shared mission. Constant dialogue is not without its own dangers, including the erosion of the line between professional and private life.
For some businesses, the fact that the boundary between work life and private life is collapsing is being celebrated an opportunity for greater authenticity, connection, and representation, particularly as employee generated video content gathers momentum as an effective vehicle for both communication and development. It is thereforecritical that leaders reassess the communication strategies and business processes that surround remote work to better support, connect, and enable employees.
The swift transition to remote work practices has had a sweeping impact on the security posture of Australian businesses. The inefficacy of legacy perimeter defense methods is being cast into stark relief as businesses move to enable a set of technologies built on identity that aspire to a flexible workforce. But the challenges of supporting a remote workforce extend beyond security.
To empower a truly flexible workforce, businesses have had to reengineer processes and adopt new modes of communication to connect and inspire otherwise disparate employees. It is fair to say that our current businesses climate is defined by a crisis of identity, in terms of both security and wellbeing. The ability of businesses to defend the identity of their employees in this wholistic sense will prove consequential for success in the uncertain times that lie ahead.