eweekchat

The Home as Enterprise Branch
JOIN US: This is a chat-based conversation about COVID-mandated changes in the workplace, including security, networking, collaboration tools--and working far too much using Zoom and Webex.
   3 months ago
#eweekchatNext-Gen Health Care ITJOIN US: This is a chat-based conversation about advancements in next-generation health-care IT, including new collaboration tools, AI and telemedicine.
   20 days ago
#eweekchatNext-Gen NetworkingJOIN US: This is a chat-based conversation about new advances in networking at all levels and what upcoming products and services admins should expect to see in the next 12 to 24 months.
Chris Preimesberger
This is going by fast, as usual:
Q4: Device security: How does this change--or does it?--when somebody moves a company laptop or phone to work at home or at Starbucks for an extended period of time? What does the user generally have to be aware of?
Gorka Sadowski
A4 -- watch out!!
Vineet Jain
A4. For the business worker who is using mobile for business, make sure IT is using MDM technology so that they have better control over a device that is stolen. My colleague and our CSO, @GovernanceGuru, stated 37% of employees use personal devices to access company data...
David Gewirtz
A4: You can take this in a bunch of directions, but one I find is "nobody cares what I do" as an excuse for poor security. Training is a big necessity and can be an even bigger win.
Vineet Jain
A4. ...and only 35% have password requirements for personal devices. So what happens to lost and stolen devices is a real concern.
Vineet Jain
A4. Employees should use a password manager as a first step for general security hygiene
Gorka Sadowski
A4 -- usually for "sanctioned" devices that IT is giving their employees, there is usually some time of local software running to help with minimal security. However when corporate resources are accessed using a personal device, that doesn't hold true anymore.
Gorka Sadowski
A4 -- people should also use their common sense and not access critical, secret data from their iPhone connected to the local unprotected Starbucks wifi for example
Vineet Jain
A4. Audit your apps. Even if you’re not logged into your apps, they’re notorious for tracking where you go and what you do. Delete the apps that you aren’t using regularly and pay attention to the default location and security settings within each app.
David Gewirtz
A4: Considerations change based on location. VPNs are necessary for connection to public Wi-Fi, but not necessarily at home (unless you have non-benign roommates or a non-benign ISP).
Gorka Sadowski
A4 -- because the organization cannot always control well what is running on the endpoint, and where the endpoint is connected from, it is important to have back-end solutions that will perform some form of detection, investigation and response for it/when the user gets hacked
David Gewirtz
A4: SSO (single sign on) can be helpful. Folks get MFA fatigue and then just leave things relatively open. It's scary.
Gorka Sadowski
A4 -- even more important in case the user -is- the attacker, aka "insider threat"
David Gewirtz
A4: Let's also not lose track of the fact that this is SUCH a moving target. So while it's hard for IT folks and so-called power users to keep up, regular "muggle" users have a much harder time -- but still can risk the company big-time.
Gorka Sadowski
A4 @DavidGewirtz -- true, all users need to be in scope, regardless of their role, their access privilege, their employment status (full time/part time) etc
Vineet Jain
A4. Away from the office, nearly a third of employees are accessing corporate files through unsecured WiFi networks and on personal devices with no password requirements. This is a big problem because a large portion of these files contain sensitive information
David Gewirtz
A4 At home, it's challenging because the enterprise often needs to be sure the home environment is secure, but there can be pushback from family members, issues of too much intrusion, etc. It's a very careful dance.
Gorka Sadowski
A4 - @CloudNotEnough -- yes this is what we have observed also. So back-end, detection, investigation and response solutions are critical to ensure a better security posture.
Gorka Sadowski
A4 -- @DavidGewirtz there are solutions that not too intrusive for those use cases... Others are borderline big-brotherish and are essentially session DVR's, with recording of every single mouse click, what is typed etc. can be a bit much...
Chris Preimesberger
Tossup for everyone:
Q1: Where do you see the most progress in development of current WFH software, hardware and services?
Gorka Sadowski
A1 - That's a great question. I think the current WFH situation is really a forcing point for everyone to understand 1) how to measure work productivity, and 2) how to secure people as an attack channel.
Vineet Jain
A1. Remote work is driving more data sprawl than ever before – we heard from our customers - 67% of IT executives are concerned about unstructured data sprawl, and more than half say remote work is the main culprit.
David Gewirtz
(moving this into the thread) A1: You know, I'd actually say it's something else: acceptance of working from home. WFH has always been a bit of a fringe activity, but now with COVID, acceptance has gone through the roof.
Daniel Graves
A1: I think the most progress has come from a new workplace philosophy. WFH used to be for a subset of work - some workers, some projects, some tasks. Now, companies need to enable all employees, partners, and customers to do everything online.
David Gewirtz
But Gorka is right, the security issue is also a big concern.
Gorka Sadowski
A1 - There has always been -some- WFH, bu the sheer scale of that today, and how organizations have to embrace it is really the difference. Along with the Cloud, it is really the final nail in the coffin of the "security perimeter" as an architectural approach to security.
Vineet Jain
A1. To have more control, data goverance policies getting enforced without getting "in the way" is key. Further, getting the content management architecture right is key. examples files sitting on unsecured devices, data loss, and mismanaged permissions.
David Gewirtz
A1: As for the big tech winner, that has to be video conferencing, and Zoom in particular.

(edited)

David Gewirtz
A1: It used to be that getting an exec to do a video interview required long discussion of how to hook up a webcam and get enough bandwidth. Now, webcam use and conferencing is a basic required skill. And that's just in the last 12 months.

(edited)

Daniel Graves
A1b: And so the enterprise approach has shifted from a technical approach to enabling remote *workers* (VPN etc.), to a digital approach to enable remote *work* for all parties. A lot more energy on workflow, automation, and overall efficiency.
Vineet Jain
A1. The attack surface has grown exponentially, so even basic things like hardening your routers, keeping anti-virus upto date, centralizing content in one "logically unified" silo are some of the means to meet the security challenges
David Gewirtz
A1: Inside the firewall threat has grown as well. WFH means working with roommates and family, and some of them may not be benign presences on the home network.
Gorka Sadowski
A1 -- Zoom because a verb during Covid, and that is despite all the incumbents and alternatives, Webex, Skype, FaceTime etc etc. Maybe because of the UX?
Chris Preimesberger
Good point, Gorka. When a product becomes a verb, you know you're probably on the right track ... ;-)
Gorka Sadowski
A1 -- it's funny how people and organizations started preferring a relatively unknown vendor (Zoom) with unknown security to more established vendors... just for the name of convenience, some cool backgrounds and filters, and a generally better use experience.
Chris Preimesberger
@db_graves Sidebar for you, Daniel: How can Delphix's DataOps approach be used in this office-to-home desk new world? Is this something the company is working on?
David Gewirtz
Glad to be here. I've got a full cup of coffee and I'm excited to see what folks have to say. I also have a puppy on my lap (working from home has its benefits)
Chris Preimesberger
heheh. Maybe the pup can offer some insights!
Chris Preimesberger
Hello all on land, and to all ships at sea! Welcome to #eWEEKchat No. 97, "The Home as Enterprise Branch."
Gorka Sadowski
Good morning everyone!!
David Gewirtz
Good morning, folks!
Chris Preimesberger
@CloudNotEnough Great to see you in virtuality, Vineet!
Chris Preimesberger
@DavidGewirtz Welcome David! Thanks for coming!
Chris Preimesberger
@gorkasadowski Gorka, thanks and glad you're with us!
Chris Preimesberger
Next #eWEEKchat:
May 11: What's Up with DevOps & Agile Development
Thanks, everybody, especially to our expert guests--and be careful out there!
Chris Preimesberger
This has been another excellent eWEEKchat. Great to see this monthly community-type gathering so we can learn from each other.
David Gewirtz
Thanks, Chris. Thanks everyone!
Daniel Graves
Thanks everyone, very interesting perspectives!
Daniel Graves
I enjoy how you bring together people with different backgrounds to create a better conversation.
Chris Preimesberger
If anybody has any closing thoughts, hit us with them now, because we have 4 mins left!
Vineet Jain
Thanks so much for the invite!
Gorka Sadowski
WFH is awesome, let's embrace it and empower the users to be most efficient!!