Sectigo has published its 2020 Work From Home report (registration required). It looks at the impact on IT professionals of work from home (WFH). They were responsible for getting users online as organisations made an almost overnight shift from office-based working to work from home (WFH). The report calls out security, compliance and managing digital identities as key challenges. However, one unexpected result is that IT professionals say productivity is up.
The survey, carried out by Wakefield Research, polled 500 IT professionals at companies with at least 1,000 employees in the US, Canada, Germany, France, Ireland, and the UK. Its goal was to understand the impact of the worldwide crisis on large businesses.
Sectigo CEO Bill Holtz commented in the press release: “As C-Level executives continue to embrace the increased productivity of a distributed workforce, they need to consider new approaches to security that rely on automation and secure digital identities.
“The reality is that the enterprise currently uses a mix of authentication tools that frequently include outdated or weak methods. This research indicates that with many employees remaining at home for the foreseeable future or even permanently, refining how we grant and manage digital access is more important than ever.”
Key talking points from the report
In a blog accompanying the report, Tim Callan, Senior Fellow, Sectigo calls out 10 top takeaways.
- Nearly 40% of IT professionals surveyed report that their companies delayed revenue-generating initiatives for one month (44% delayed cybersecurity projects) so that IT teams could prioritise remote work setup.
- 86% report challenges in managing the digital identity of users, devices, and processes.
- At least half use authentication technologies with widely known vulnerabilities, such as traditional username/password (65%) and hardware-token multi-factor authentication (50%).
- Among the strong authentication methods, user identity certificates (56%) are far more prevalent than biometrics (26%).
- Phishing (40%) and Wi-Fi (40%) trump Zoom Bombing (28%) and unsecured BYOD devices (28%) on the list of top security concerns.
- 71% don’t feel completely confident that their company can report on full compliance with industry and government standards on digital identity during remote work.
- Nearly 60% expect security for data and applications to increase when offices reopen, yet 75% believe their company is investing “the right amount” on cybersecurity, despite concerns.
- IT professionals expect to increase use of digital certificate-based authentication (38%) and digital document-signing solutions (35%) in the coming 12 months.
- 49% (63% of executives) feel employee productivity has increased since WFH began —with 35% saying productivity has stayed the same.
- 3 in 5 expect the number of remote workers will increase after their offices reopen.
Scaling up was always going to be a challenge
Security issues abound with the way organisations shifted from office-based to WFH. Mobile working has been on the rise across most organisations. It means they already had policies and processes in place. Despite this, many organisations (65%) lacked an extensive remote work infrastructure. It means that they were forced to adopt new solutions with no testing or verification around security.
The time taken to get systems up and running was also significant. 65% said that it took more than a week to set up remote systems while 11% said it took more than a month.
Cybersecurity initiatives were also impacted. Over 44% said that these were delayed by over a month. In highly regulated sectors such as banking, 56% of US respondents said remote working was prioritised over cybersecurity.
What isn’t clear from the report, press release or blog, is how many of these organisations were already using cloud-based systems. It would have been interesting to see what issues if any, they had scaling those solutions. After all, the ability to scale is one of the primary selling points of cloud.
Identity, data and device management exposed
The management of identity, data and devices has been brought into sharp focus by WFH. The security perimeter for organisations has now effectively disappeared. Unmanaged hardware through Bring Your Own Device (BYOD) is now no longer laptops, tablets and mobile phones. It extends to printers, routers, storage devices and home Wi-Fi that is used.
When users are accessing data, it is often cached on the local device. In many cases, where Internet connections are slow or poor, it gets copied to the local device or printed out. It creates several data management issues that are called out in the survey.
Encryption of local devices holding sensitive personal data is a compliance requirement that most people understand. But what about backups? 30% of respondents were concerned about data on personal devices not being backed up.
Compliance with corporate security protocols (37%), weak passwords (31%) and the security of home Wi-Fi (40%) are all areas where respondents are concerned.
The challenge, as WFH becomes entrenched in organisations, is how to reduce the risk. One answer may be company funded internet access with managed routers and VPNs. These would reduce the risk of data leakage and could provide enough speed to ensure devices are backed up. Another solution is greater management of BYOD or, at the very least, the use of a local VM where data and apps have to run locally.
An unexpected boost in productivity
Perhaps the biggest surprise from this survey is the boost in productivity that WFH has delivered. 49% of IT professionals believe they are more productive at home than in the office. There are reasons for this and things to watch for.
The lack of work distractions means that IT professionals can focus on their workload. Much of their day to day communication will be with other team members on collaboration software rather than answering phones to end-users. The lack of distraction means a greater ability to concentrate on solving problems and completing work.
However, there are some things to watch out for. 16% felt they were less productive due to WFH. The survey does not look into why this is the case. That’s a missed opportunity as there is much interest in what has worked and what has not worked.
Time management and mental health are areas where many organisations are sounding the alarm. It is easy to overwork when at home as employees shift their day around to cope with other issues such as childcare and homeschooling. Mental health issues are beginning to emerge, especially for those who struggle to work in isolation. Employers need to be cognisant of these but, again, the report missed an opportunity to examine these risks among IT professionals.
Top three technologies to improve security?
The report calls out three areas where organisations are likely to implement new solutions. All of these focus on improving security.
- Cloud-based storage (43%)
- Digital-certificate based authentication (38%)
- Digital document-signing solutions (35%)
All of these will help improve compliance, data security and user authentication. But to work, they also need organisations to review their architectures and processes. Cloud-based storage, for example, requires a review of compliance requirements and an understanding of where data is stored.
Biometrics (29%) is seen as improving user authentication. Whether this will be as part of a wider move towards multi-factor authentication is unclear. Many organisations still have not MFA solutions in place and would have to rethink some applications to make them work.
Enterprise Times: What does this mean
This is another report that adds more data points to the impact of WFH. It highlights serious shortcomings that have to be addressed on processes, policies and technology. Many of these are existing issues that are well known and well documented. However, they continue to persist due to the way organisations work.
To deal with these effectively, organisations are going to have to make more investment in their IT stack. At a time where money is in short supply, it is likely we will see compromises rather than solutions. If WFH is to be a long term thing, then compromise is more likely to mitigate rather than solve security and compliance issues.
The improvements in productivity will be welcomed and are likely to be seized upon by IT staff. They will point out that working from home, often denied to IT departments, delivers better value than sitting in an office. What the report doesn’t do is drill down into why some were much more productive and a few less productive. That needs to be evidenced before managers sign off on greater WFH initiatives for IT.
