On Friday we wrote a blog post that talked about remote work and security from a workers perspective. We included a checklist. In this post, we want to develop that idea and talk about it more generally from a company and IT strategy perspective. We’ll start with some pictures to illustrate some of the issues.
The content of this post is also in this google slides presentation.
Consider a basic network for a classic “small” company.
When the laptop or phone at the bottom come out (as when work is not on premise), everything falls apart. Identity won’t work. Access to files won’t work. Access to internal systems won’t work. In short, in a classic pre-cloud IT model without an explicit VPN strategy, many things don’t work.
Most companies have more of a hybrid network.
In this network:
Some tools we put in place for security, simply will not work the same way without adaptation.
Building a VPN now to restore connectivity to specific internal systems may solve certain problems. It will come with oversight and will not get you back to where you started in terms of the corp network and full connectivity.
Its a little late to start talking about business continuity strategy, but anywhere that it is possible to leverage cloud based services using a shared identify (SSO) system is going to be the most resilient to specific cloud or network issues.
Therefore, we advocate that companies bite the bullet and use cloud based resources wherever possible.
It is time to quickly embrace the cloud and SaaS based services.
Use a risk based approach to prioritize.