#eweekchat - CrowdChat

The Home as Enterprise Branch

JOIN US: This is a chat-based conversation about COVID-mandated changes in the workplace, including security, networking, collaboration tools--and working far too much using Zoom and Webex.

#eweekchat @editingwhiz @davidgewirtz @cloudnotenough @gorkasadowski @db_graves

LeaderBoard

#eweekchatNext-Gen Health Care ITJOIN US: This is a chat-based conversation about advancements in next-generation health-care IT, including new collaboration tools, AI and telemedicine.

#eweekchatNext-Gen NetworkingJOIN US: This is a chat-based conversation about new advances in networking at all levels and what upcoming products and services admins should expect to see in the next 12 to 24 months.

Stream Ended

Establishing a secure connection

Chris Preimesberger0

Q5: For each of our guest experts today: What single piece of advice would you give to an administrator who has been told he needs to distribute IT connectivity and resources to 500 or more employees on the corporate network within the next 30 days? This happened often in 2020.

[+] Show Hidden Comments

A5. Standardize - standardize. Pre-defined configs, policies, helpdesk workflows... key to being able to do this consistently and effectively in 30 days

(edited)

A5: Let's skip the huge logistical challenge for a moment and look at the human factor. Breathe. Get sleep. Don't panic. Be nice. Remember that folks will be freaked out. Keep your cool. No matter what, keep your cool. To do that, care for your own sanity.

(edited)

A5 -- Expect Murphy's law to strike right where it hurts!! :) Plan, test, and execute flawlessly. And don't forget security!! Security doesn't have to be an impediment to the business, on the contrary. Security can be a business enabler, allowing people to WFH is an example

A5 -- Crawl, walk, run. Rethink security architecture, "identity is the new perimeter".

A5 I spoke to a major retailer COO who told me he had to do 10 years of digital transformation in 10 weeks. The only way he could do that was to ruthlessly prioritize and be flexible. So, prioritize and be flexible.

A5 Oh, and coffee and chocolate are your friends.

A5 -- and finally, expect that with so many attacks plus with a feeling of impunity, and an expanding attack surface, you will be attacked more, much more.

A5 +1 on the coffee and chocolate!! :)

A5 -- Approach it from a DevOps mentality and focus on continuous improvement. You need an MVP in 30 days, but that's not the last 'release'. Iterate and improve.

(edited)

Very cool everyone, thanks for the opportunity!!

Chris Preimesberger0

Q5, last one, coming up ...

[+] Show Hidden Comments

Chris Preimesberger0

[An aside to all of you following along on Twitter that we cannot see here in the chat, and there probably are a number of you--please, if you have a question for one of our expert guests, ask it!]

[+] Show Hidden Comments

Chris Preimesberger6

This is going by fast, as usual:
Q4: Device security: How does this change--or does it?--when somebody moves a company laptop or phone to work at home or at Starbucks for an extended period of time? What does the user generally have to be aware of?

[+] Show Hidden Comments

A4 -- watch out!!

A4. For the business worker who is using mobile for business, make sure IT is using MDM technology so that they have better control over a device that is stolen. My colleague and our CSO, @GovernanceGuru, stated 37% of employees use personal devices to access company data...

A4: You can take this in a bunch of directions, but one I find is "nobody cares what I do" as an excuse for poor security. Training is a big necessity and can be an even bigger win.

A4. ...and only 35% have password requirements for personal devices. So what happens to lost and stolen devices is a real concern.

A4. Employees should use a password manager as a first step for general security hygiene

A4 -- usually for "sanctioned" devices that IT is giving their employees, there is usually some time of local software running to help with minimal security. However when corporate resources are accessed using a personal device, that doesn't hold true anymore.

A4 -- people should also use their common sense and not access critical, secret data from their iPhone connected to the local unprotected Starbucks wifi for example

A4. Audit your apps. Even if you’re not logged into your apps, they’re notorious for tracking where you go and what you do. Delete the apps that you aren’t using regularly and pay attention to the default location and security settings within each app.

A4: Considerations change based on location. VPNs are necessary for connection to public Wi-Fi, but not necessarily at home (unless you have non-benign roommates or a non-benign ISP).

A4 -- because the organization cannot always control well what is running on the endpoint, and where the endpoint is connected from, it is important to have back-end solutions that will perform some form of detection, investigation and response for it/when the user gets hacked

A4: SSO (single sign on) can be helpful. Folks get MFA fatigue and then just leave things relatively open. It's scary.

A4 -- even more important in case the user -is- the attacker, aka "insider threat"

@DavidGewirtz Agree!

A4: Let's also not lose track of the fact that this is SUCH a moving target. So while it's hard for IT folks and so-called power users to keep up, regular "muggle" users have a much harder time -- but still can risk the company big-time.

A4 @DavidGewirtz -- true, all users need to be in scope, regardless of their role, their access privilege, their employment status (full time/part time) etc

A4. Away from the office, nearly a third of employees are accessing corporate files through unsecured WiFi networks and on personal devices with no password requirements. This is a big problem because a large portion of these files contain sensitive information

A4 At home, it's challenging because the enterprise often needs to be sure the home environment is secure, but there can be pushback from family members, issues of too much intrusion, etc. It's a very careful dance.

A4 - @CloudNotEnough -- yes this is what we have observed also. So back-end, detection, investigation and response solutions are critical to ensure a better security posture.

A4 -- @DavidGewirtz there are solutions that not too intrusive for those use cases... Others are borderline big-brotherish and are essentially session DVR's, with recording of every single mouse click, what is typed etc. can be a bit much...

A3. Perhaps stating the obvious, does the employer mail every new (or even existing) employee a secure PC/Mac and other AV equipment, and provide reimbursement for internet and mobile usage? They should.

[+] Show Hidden Comments

A3. How many people live in that house, how many will be on zoom, what is everyone tolerance for noise from another conversation, and the most important that while wi-fi might be solid, do you have a great cell connection in case you need a hot spot!

[+] Show Hidden Comments

Chris Preimesberger0

Q3: Are there considerations you should be aware of when moving into a new home or apartment that factor in the home-as-enterprise concept?

[+] Show Hidden Comments

A3: Definitely. Keep in mind that when you WFH, you're generally doing it full time as your main income...

Get a fast Internet and a "zoom room" (lol another variation of "zoom" :))

A3: … it used to be that the company invested in the infrastructure to buy your cube or office gear. But when you work from home, it's a factory, warehouse, lab, studio, and office.

A3: Bandwidth is key. When I bought this house, as part of the diligence process, I put in broadband and tested it. If it had failed, I would not have moved forward with this property.

A3 -- and talk to your boss to make sure he/she is comfortable managing a remote employee. And talk to HR to understand if the org can help you with special expenses. And talk to IT to make sure that tools will support you at home. And talk to security ...

A3: But there's also the need to identify spaces in your home (or potential home) that work with your work needs. Do you need a desk? Or do you need a full testing lab and a studio, as I do? That impacts your purchase or rental decision, too.

A3b - /and talk to security to make sure that you understand the parameters that you need to abide by. Do you need to access work resources from a sanctioned device, can you use your own personal iPhone, or not, etc.

A3: What about internal bandwidth? Do you run cables through the wall for Ethernet or just Wi-Fi? Or a mesh? All of that has to be considered. What about the condition of the power lines? Are they reliable, solid, or ancient?

A3: The biggest challenges I hear are enough separate space for all the people. Two parents and 2 kids all working and learning from home. An apartment in SF with 5 renters all on zoom meetings. Not an easy problem to solve, and it is driving some movement to lower cost geos.

(edited)

A3: We bought our house pre-pandemic so explaining our working from home needs baffled the real estate agents. Today, that would be easier.

At @Exabeam we did a survey last year where it came out that 49% of all respondents said "most challenging psychological shift when working from home for security teams working remotely" was "distractions in the home making individuals more prone to mistakes"

A3. Every company should allow as many meetings without camera turned on and also have at least one day of no meetings IMO

A3: Because I do so many online videos and webcasts, we actually cobbled together a light system that indicates whether or not quiet in the house is required. It works, but it's weird. Fortunately, my family understands my odd life.

A3: Well, except for the puppy. He doesn't care about work.

A3. Since I live in the Bay Area (temperate weather), sitting in the backyard as much as possible leaves me with more energy at the end of the day, as compared to being inside a room,

@DavidGewirtz We were contemplated something similar, like the red light 'recording' by the door in music studios :)

A3: One thing that's been harder was that a key component of my WFH strategy was writing in coffee shops. It was good when I just needed a change of scenery. Then...2020.

@DavidGewirtz I think a lot of people need to work in multiple spaces to stay sane and be productive. So a mix of home, coffee shops, parks, sitting in your car, on a walk etc. are required.

(edited)

A3 -- re: scenery, sometimes changing settings helps with "thinking outside the box", other times it can be a distraction. Depends on the task at hand...

A3: which means it's not just about enabling WFH, it's about enabling WFA with productivity, privacy and security.

Chris Preimesberger0

Q3: on the way ...

[+] Show Hidden Comments

A2. Adding to what David says, the cloud apps if done well, have obfuscated the divide that existed between on-prem or cloud, its seamless access to content, or whatever the user is trying to right from their laptop or mobile device

[+] Show Hidden Comments

A2. Further, the amount of content fragmentation even in the cloud - multiple clouds has mushroomed. There are massive "incidental repositories" like docusign, LOB apps etc - having one unified security/policy framework applied to them without affecting users productivity is key

[+] Show Hidden Comments