Covid-19 IT Network Security Strategy
Your company has a workforce of 500 people who all need to work remotely due to Covid-19. As an IT leader, how do you build your Covid-19 IT network and security strategy?
Many companies offer some form of remote working capabilities, especially for those employees who may travel for work and are not touching heavy loads of critical data. But with Covid-19, everyone is forced to work from home or not at all. Most companies are not scaled to do that, especially overnight.
As an IT leader, your responsibility is to optimize the overall performance of the network that spans across multiple locations from branch offices to employee homes and their favorite coffee shops (at least when these businesses start opening to the public again).
From a security standpoint, there’s the expectation that everything will be secured regardless of the platform. At the end of the day, you’re trying to reduce security breaches and the number of network performance issues.
The questions that probably first come to mind include:
- How are we going to get our employees the fast, consistent, and secure access that’s required to work out-of-office? We don’t have three months to finally let them start working again.
- How much do I want to spend to allow people to work from home during Covid-19? Is it worth the cost?
- What if mandatory work-from-home happens again?
- Should I plan for this to be the new normal?
How to Approach Covid-19 Network & Security Strategy
This answer is not a one-fits-all strategy. For example, it doesn’t always make sense to push everything to the cloud because this can be expensive, time-consuming, and maybe not the best strategy for certain data and long-term goals in general. It might make more sense for 100 of your 500 people workforce to use a VPN tunnel where everyone else is fine with SSL VPN access, and then move more of the non-critical data to the cloud.
Internal conversations are needed on how to send people home to work and why to do it.
Here are some questions we recommend you consider as you build your strategy.
Who needs access to which applications and data?
Everyone needs access to different data based on their roles. People in finance are going to require different applications and security than those working in marketing or IT.
Based on the different needs of these employees, you can send people working from home and remote in different ways.
For example, it might make more sense to set up your technical analysts and engineers or VP of Finance with a direct VPN tunnel, download a client onto that laptop or device, and have them work only from that specific device. Why? Because these people are working with heavy, critical data loads and multiple applications that require high security. You don’t want that data running over the web or in the cloud.
What do you want them to be able to do remotely?
What is necessary for workers to access remotely? Is it every application and data set they would have access to inside the office?
You may decide that you want certain employees to only have access to data when they are on location, whether it’s during Covid-19 or not. Maybe you can send them home with access to some applications and data that keep them working on some projects, but other data sets will have to wait until they can be back in the office.
We’ve seen some companies stagger how employees come into work during Covid-19. Take accounting, for example. Some of the director’s of finance team members may still go onsite two days a week because it was decided to not let them have complete access from home.
Do you want them to be able to access applications from any device, any time?
There’s a lot more to think about than just the VPN, SSL, and cloud. Take for example mobile device management. Are you going to manage iPhones, Androids, Macs, and so on remotely?
Some employees may best be set up with SSL VPN where they log into the web browser from any device. Add in two-factor authentication and other security measures so even if one device is lost or stolen, it shouldn’t put the company at risk.
You can send a firewall to someone’s home and many companies choose to do that. But if that employee will be traveling or back in office full time after Covid-19, that may not be beneficial long term and also not worth the cost for just a couple of months.
From a security standpoint, how much of the device traffic (per employee) do you need to see?
Do you want to let people use those devices to go straight to the internet through their homes, Starbucks, or wherever they are during and after the pandemic?
Let’s say the web is out of the question and you need a VPN. Do you want to send all user traffic through the VPN tunnel, or just what they need from the company? If you send everything the employee does on the device through the corporate network, then you’re probably also going to get all their Netflix, gaming, or whatever else they may do. You’re going to have to consider if you want to take on the bandwidth and security cost.
Should I plan for this to be the new normal?
If you know three months from now that some or most employees will be back to the office, do you want to spend what could be tens of thousands of dollars on a deployment mechanism that may not be needed after this pandemic? Maybe you want to enable remote working as the new normal. Many companies are choosing to do this.
Covid-19 came as a surprise to everyone. Unfortunately, we can’t always know if this will happen again. All we can do is plan.
These are just a few of many questions you need to consider when building your network performance and security strategy across multiple locations and users.
Your team is busy managing a range of IT responsibilities. Let us help save you time and stress by and discussing what strategies and technologies can benefit your goals, operations, and budget.
Reach out today to start a conversation. Call us at 817-953-2750 or submit the contact form.