By the time you read these lines, it will be about ten months since you set foot in the office. The vast majority of workers now carry out their professional activity at home, whether it is in their personal office, living room or even the corner of a bedroom. Still, the job is done and, aside from areas where direct interactions are essential, businesses are surviving.
Achieving such results has not been easy. Regardless of their size and industry, all companies have strived to find a suitable technological infrastructure in order to maintain the productivity of their employees. There have been failures, complacency and compromises to get to where we are today. And many companies are still not ready to make telecommuting a viable long-term solution.
But before addressing the current situation, let’s dive back into 2019 to understand the choices made by companies as part of their transformation and their impact on the difficulties encountered this year.
The impact of technological investments in 2019 on 2020
In 2019, ignoring what to expect, companies pursued two goals in IT infrastructure. First, to migrate applications to the Cloud in order to take advantage of the economic and competitive advantages of this transformation. Second, generally simplify their IT environment, most often by investing in SD-WAN projects.
At the time, it was a wise choice. But when the lockdown came into effect in March, their business continuity plan was effectively lapsed. The employees returned home, so that these sites, now deserted and connected via SD-WAN, began to collect dust.
The focus suddenly shifted to resource allocation and connectivity. How do you get people to stay connected and do their jobs? The answer to this question has evolved over time.
March: shortage phase
With no infrastructure capable of absorbing large-scale teleworking, the early days of containment were marked by a shortage as companies scrambled to ensure connectivity and business continuity. This shortage has manifested itself at two levels: network connections and devices.
On the connection side, employees suddenly converted to teleworking had to connect to the datacenter via a VPN to access the Internet. This solution had generally been designed to support 20 to 30% of teleworkers, in the assumption that they would not all connect at the same time. Since connections are unreliable at best, virtually all employees have simultaneous access to the VPN infrastructure slowed down productivity.
Some companies also lacked laptops for all of their employees. Others had enough, but were unable to get it to them. Result: some have started to divide the workforce into teams, with a shift between teleworkers and on-site employees.
The introduction of teleworking was a difficult period. Under increasing pressure for productivity and profitability, companies have sought every means to ensure the connectivity of their workforce.
April and May: bypass phase
In the spring, connectivity became an essential resource for the business continuity of all market players. They therefore relied on their IT teams to facilitate this connectivity. But in the absence of an infrastructure capable of responding quickly to this need, some companies have had to make sacrifices, which most often resulted in bypassing security controls.
Those facing a hardware shortage even allowed employees to take their workstations home and connect it to their home network. IT teams have also developed inexpensive remote desktop solutions that allow employees to access the corporate network from their personal computers or home tablets. Normally, this type of access would have been prohibited by security policies.
June: heroism of IT teams and stability
In June, companies were able to catch their breath thanks to the hard work and ingenuity of the IT teams. At this stage of the pandemic, the solutions deployed in April and May were operational, and business productivity stabilized.
This success in the face of the crisis marked a real turning point for IT teams. Information technology was, for once, recognized as an essential function of the company and occupied a more important place at the negotiating table. The IT teams have been rightly congratulated for the work accomplished.
This stability, however, has been temporary, and limited to access and connectivity at the expense of security. Vulnerabilities would soon emerge at the end of the summer.
August to November: cracks start to appear
In mid-October, the NSA, the US national security agency, released a list of the top 25 security vulnerabilities actively exploited by Chinese hackers to steal intellectual property, as well as economic, political and military. It’s no coincidence that many of the vulnerabilities in this list relate to remote desktop connections and VPN. Ransomware targeting multinationals has also increased in recent months.
Attacks since the end of summer are the inevitable consequence of abandoning basic security principles, such as change control and patch management, in favor of connectivity.
The 2021 challenge: resetting the counters
The improvised remote access solutions during the early stages of the pandemic were a necessary evil for many IT teams. Not all businesses have faced these remote access issues. For those that have, the next step will be to meet performance needs without sacrificing safety.
In 2021, many companies will have the advantage of being open to change. Businesses, particularly large multinationals, are sometimes reluctant to change. This attitude creates risks, costs money and is a waste of time.
Almost all businesses have been forced to change, however, and will continue to do so in 2021. Most will naturally start by providing secure access to their user base. It will also be an opportunity for them to look at the entire ecosystem, whether it is applications, servers or the Cloud. 2020 will have been a year rich in lessons for many companies. In the future, the distinction between access within the premises and remote access will no longer apply. In a modern working environment, access to critical applications must benefit from the same level of security regardless of where employees work. The large-scale application of this principle will therefore require a change in corporate mentality.