Absolute Software presents
The Future of Work
Work has changed for good. The bizarre and unprecedented events of 2020 inspired ten years of digital transformation in just ten months. Priorities of the CIO were accelerated, abandoned and adjusted. Questions cycled from ‘how will we rapidly enable remote working?’ to ‘what will the return to work be like?’. With an initiative list turned on its head, many IT and security leaders are still scrambling to manage the competing priorities of cloud migrations, implementation of SASE and zero trust, adoption of Microsoft365, upgraded security investments and more – while also trying to ensure the best possible user experience for remote workers..
The future is hybrid
Historically most organizations operated on a primarily fixed basis. Sat behind a desk, working on company-assigned devices and connected to IT-managed networks. Tools to facilitate remote working were broadly seen as necessary but not critical. A VPN could be used for the rare instances an employee needed to work from home, for example. Concerns about misconfigured or lost devices were outliers and one-offs. As the workplace changed, however, these make-do solutions began to show signs of inadequacy. Even pre-COVID, the number of employees working outside the office was growing fast. That extends beyond gradually more liberal work-from-home policies; the train, the airport and the café have also increasingly featured as a venue for work in recent years. If anything can be drawn from the past two years it is that predicting the future is almost impossible. It’s hard to anticipate exactly what the work environment will look like in 2022 and beyond but one thing is certain: it will never be the same again.
In a bid to better understand the future of work, Absolute Software conducted a research study aimed at uncovering the sentiment, plans and perspectives of 400 IT and security leaders at organizations across the US and the UK. The September 2021 survey revealed a number of fascinating insights, including exactly how firms are preparing to return to work.
Survey: In 2022, how many days a week will employees spend in the office, on average?
none
1 or 2
3 or 4
every day
Findings from the study reveal that while the overwhelming majority of companies have shown comfort in dipping their toes into remote working, few are willing to jump in with both feet. Only 6.2% of organizations are planning to move to an entirely distributed working model. Though many notable software companies, such as Zapier, Buffer, Gitlab and DuckDuckGo, have all publicly evangelized the benefits of 100% remote working, it appears that they are the exception. Few businesses are embracing it entirely, possibly a reflection that it’s less suitable for other sectors. Results from the Absolute study point to professional services (legal, finance, consulting) as being more likely than any other sector to be considering a fully distributed working policy, with 8.3% of these firms claiming the number of days in the office will be 0 in 2022. For obvious reasons, no organizations in the education and heavy industries verticals are planning on switching to fully remote working next year.
Ultimately, almost two thirds of organizations (60.1%) are expecting employees to spend more time in the office next year than they spend remotely, yet only 13.7% are preparing to return to the office full time. Around 4 in 5 organizations are expecting to have some kind of hybrid working policy in 2022, meaning IT leaders must find intelligent ways to balance the two – ‘work from anywhere’ is the core principle behind most return to work plans. This consensus suggests that the ‘2.5 day week’ currently being evaluated at Salesforce, Google, Facebook and HSBC is likely to be widespread in the months to come.
This is good news for employees. An Irish study from September 2021 also revealed 81% of people want their employers to offer some kind of hybrid working, with respondents referencing huge time savings on their commute, as well as mental and physical health improvements among their reasoning.
What’s so great about the office?
Places of work can be expensive for the employer, factoring in rent, equipment, maintenance and other overheads. Why then would only a tiny fraction of organizations be willing to give up the office entirely? The Absolute study asked participants to share the primary benefit of office working, from the perspective of the IT department.
Survey: What is the primary benefit of working in the office?
42.9%
Employee collaboration
22.4%
Security maintenance
19.7%
Employee productivity
15.0%
Employee happiness
Responses paint a clear picture. There is seemingly an acceptance that employee wellbeing isn’t the driver behind getting workers back at their desks - just 15% of respondents listed employee happiness as the key benefit. Similarly, notions of improved productivity are not a major factor for IT leaders, with fewer than 1 in 5 (19.7%) stating productivity as the main positive of office working.
Almost a quarter of IT leaders (22.4%) expressed concerns about the risks associated with remote working. The incentive for those organizations in wanting employees to work from the office is to maintain a better corporate security posture, given the increased visibility and control that a fixed place of work provides.
Outranking all of these perks, however, is the allure of effective collaboration. It is human nature and thousands of years of evolutionary experience to communicate face-to-face. Conventional wisdom is that something in our ability to collaborate is lost when channeled through digital mediums. A phone call, Slack message or Teams video chat certainly each provide a new and welcome way to communicate, though perhaps cannot replace in-person collaboration altogether. The Absolute research findings reflect this idea. The ability to collaborate in a physical space is the number one benefit for returning to the office, with 42.9% of respondents revealing it as the primary motivator.
"If the primary purpose of an organization’s space is to accommodate specific moments of collaboration rather than individual work, for example, should 80 percent of the office be devoted to collaboration rooms?”
Brodie Boland Partner,
McKinsey & Company
If the office is the ideal place for collaboration, why are more organizations not preparing to return to the office permanently in 2022? While the office does offer a variety of benefits, it also comes with drawbacks that IT and HR leaders must consider when preparing their future of work plans.
The answer can be heard loudly in the results. Half of all IT leaders (49.4%) fear that employees are less happy when working from the office or have a worse work-life balance. Worries about morale are equal to security, productivity and collaboration concerns combined.
IT leaders are right to be thinking carefully about employee happiness, the work-life balance and how flexibility in working styles can be core to a business’s success. Flexibility can be many things. It can mean liberal working hours, granting parents the chance to work around child-rearing obligations or adjusting the 9-5 to meet changing expectations among millennials. It can also mean diversity in the place of work. As data has shown previously in this report, it’s clear that the future working environment will be some form of hybrid, blending the opportunity to work from home alongside the benefits that come from the traditional office. Firms that can provide flexibility will undoubtedly attract the best talent, marking a shift from an era where salary, office location and other perks shaped the competition for the most sought-after employees. IT is rarely the department making these decisions alone, however. It’s important to consider that flexibility is more than just the policies that come from HR. Flexibility also applies to working styles, collaboration and technology – areas that IT must take accountability for. That means creating a world-class experience for end users no matter when or where they work. Offering flexibility is absolutely integral to any business that wishes to compete, so getting the right blend of devices, software and infrastructure to support is similarly important.
Bonus chapter: The forecast is cloudy →
The appeal of distributed working
Survey: What is the primary benefit of remote working for your organization?
Employee happiness
Employee productivity
Cost savings
Employee collaboration
Remote working is, undoubtedly, wildly popular among many employees. Over half of organizations (58.6%) polled in the Absolute study listed employee morale as the main benefit of providing remote working options to workers.
Employee happiness carries significant weight to employers, and remote working is an appealing way to leverage it. Organizations in the education sector were the most likely to list employee morale as the primary benefit of remote working (75.9%), perhaps as teachers appreciate the comparative calm of a home office to the chaos of the classroom.
There are other benefits to distributed working, too, such as reduced overheads or productivity boosts. Cost-sensitive government bodies were the most likely of any other sector to cite financial savings (22.5%) while professional services were the most likely to list increased productivity (17.7%) as perks of remote working.
The office is unmistakably the best way to collaborate, however. Very few organizations feel as though remote working presents a better avenue for collaboration than the office. There may also be cultural components to consider, too: UK organizations (6.2%) were twice as likely as their American counterparts (3.1%) to consider collaboration as the main benefit of distributed working.
"As companies come to decisions on new working arrangements, they will be essentially making a basic trade-off: the expectation of greater creativity in new projects at the office, but greater productivity on existing tasks at home. And, as with most trade-offs, the right answer is not all or nothing – five days or zero days at home – but something in the middle.”
Nicholas Bloom, professor of economics
Stanford University
Why working from anywhere is hard
Employees are happier working remotely and flexibility of work is a differentiator for employers. It’s also more cost-effective and facilitates a more productive workforce. Collaboration aside, why would organizations have any reluctance to embrace distributed working more wholeheartedly?
The Absolute study asked IT leaders to share the biggest drawbacks of remote working. The data shows, unsurprisingly, that concerns about productivity and morale are negligible. Collaboration is again mentioned as a major deterrent, but the biggest obstacle facing IT teams is something else entirely. Respondents were worried about managing risk and compliance more than any other criteria (41.6%) and less than a third (30.7%) of IT leaders consider distributed workers to be exposed to less risk than office-based employees.
IT leaders in the UK were 33% more likely to be concerned about remote working risks
One reason behind this perceived increase in managing risk is that when employees work from their homes and elsewhere, IT no longer enjoys the same level of insight. When an employee is connected to the corporate network and sat behind a desk, administrators can see the sites, applications, activities and issues in real-time, boosting both productivity and security overall. This ‘blind spot’ for remote workers was previously accepted as an edge case in the relatively rare instance of those not able to work in the office. With hybrid working, that no longer becomes an acceptable level of risk.
Survey: What is the biggest drawback of remote working for your organization?
Managing risk
Employee collaboration
Employee productivity
Employee happiness
Understanding more about the threats and compliance risks facing distributed employees is important. With workers operating on a variety of unknown, unmanaged and often insecure networks, security teams have struggled to ensure the same level of risk in the new normal. Without the protection of secure web gateways, firewalls and other perimeter-based security, remote workers are exposed to far more risk than fixed workers. According to a 2020 study, almost half of IT leaders consider remote workers to be exposed to either high or extremely high risk. The overall picture is unmistakable – a full 97% believe that remote workers are exposed to greater risk than traditional office workers.
Security considerations for remote workers
Security event response is difficult without physical proximity
Challenging to identify ransomware and other malware attacks
High risk access requirements with legacy remote access
Devices are not always kept up-to-date and configured
Limited network security protections, wider attack surface
Reduced telemetry when diagnosing potential issues
Lost, misplaced and stolen devices difficult to recover
Mobile phishing attacks rampant (multiple form factors and devices)
What’s clear is that it’s unclear. There remains a large blind spot when it comes to the distributed workforce, with experience and security both major concerns. Technology must evolve to grant increased visibility into remote working, helping IT teams achieve parity across both employee experience and security, no matter where they work.
Managing risk: a matter of technology
"While some organizations may never return to the office, others will be welcoming staff back in the months to come - putting an intense spotlight on their long-term strategies for staff, infrastructure, processes and governance.”
Eleanor Dempsey, Director, Consulting & Competency
Auxillion
Research shows that meeting compliance and managing risk is harder for IT teams with distributed workers than office-based ones – but why? What are the specific challenges that organizations face when trying to secure the enterprise in a world where hybrid working is the norm?
According to the survey results, most IT leaders agree that the biggest challenge in managing risk is with technology – namely, having the right tools in place to mitigate it (54.1%). Getting the appropriate skills and personnel in place is less of a barrier, with only 18% of organizations struggling to establish a culture that supports hybrid working. Around a quarter (27.9%) of IT leaders instead point to processes and policies as an inhibitor to hybrid working success. Harmonizing security policies with HR protocols can pose problems, with shadow IT and rogue working practices often running rampant outside the traditional office.
Those working in healthcare and professional services are especially concerned about finding the right risk management tools, while those in the public sector are the most likely to be worried about personnel and culture, implying that government agencies face unique challenges with recruitment and talent retention.
Survey: What are the biggest challenges with managing risk and compliance with ‘work from anywhere’ company policies?
People and culture
Processes and policies
Tools and technologies
Bonus chapter: Alan Boswell case study →
We're managing risk in the dark
IT leaders face the reality that a large percentage of the workforce will remain distributed, and many of them are quickly realizing that they lack visibility into endpoints, connectivity and application performance – exposing their organizations to greater risk and bottlenecks, and in many cases leaving employees frustrated and underperforming. According to the Absolute study, only 37.9% of organizations have full visibility and control into how distributed devices are being used.
Most organizations today already enjoy a wealth of visibility into device usage, provided that each device remains inside the corporate network or when using on-premise applications. But very few of these organizations have the same level of visibility into their remote or distributed workforce. With more employees working remotely and depending on an increasing number of public cloud, SaaS and internet applications, it’s become harder to see, control and troubleshoot any issues that arise. While an organization may not ‘own’ the underlying infrastructure, it is still responsible for user experience.
With abundant dissatisfaction and many workers electing not to report issues to IT teams, it should come as no surprise that remote employees have embraced shadow IT even more so than they have in years past. A late 2020 NetMotion study found that 62% of remote workers are using applications unknown or unsanctioned by IT teams – with 25% using a significant number of unapproved tools outside of those that have been provisioned. Shadow IT, contrary to how it is viewed by some, is usually a result of workers seeking to be more productive; not less. The majority of people simply wish to get their jobs done. It is well documented that productivity can be linked to morale, and workers will turn to alternative tools if the ones provided are not good enough.
"Employees have been empowered to think about where and how they are most productive, while employers have been tasked with ensuring the devices they provide to their organizations are fit for today’s purpose.”
Howard Lewis, Surface Business Group Lead
Microsoft UK
Survey: How much visibility and control does your organization have over it's remote work devices?
Luke Irwin, a cybersecurity expert at IT Governance, offers guidance for those organizations concerned about the increased security risks that distributed working can pose. In his view, without the security protections that office systems typically provide – such as firewalls and blacklisted IP addresses – and increased reliance on technology, employees are far more vulnerable to cyberattacks. His advice to security leaders is to ensure that all work where possible should be done on a corporate laptop subject to remote access security controls. This should include, at the very least, two-factor authentication, which will mitigate the risk of a crook gaining access to an employee’s account.
Organizations should look to technologies like zero trust network access, experience monitoring, asset management, endpoint security, device lifecycle management and endpoint resilience to significantly reduce the risk exposure of hybrid working models.
"The positive impact on happiness caused by being based at home comes at the cost of visibility”
Owen Hughes Senior Reporter
ZDNet
Who owns what?
The transition to working from anywhere has potentially increased the chance of working from multiple devices. The proliferation of mobile, tablet and notebook working has extended the modern work environment to much further than the desk itself, significantly increasing the risk surface for organizations. Questions about the management and ownership of devices have been asked more frequently in the era of hybrid working, with BYOD firmly in the crosshairs at many organizations.
"There is a growing consensus that for many organizations, the concept of bring your own device is no longer fit for purpose. Problems include a marked lack of visibility into how employees are using their devices when compared to traditional computing, resulting in significantly increased exposure to legal liability, cybersecurity risks and mounting operational costs.”
Chris Preimesberger, cybersecurity journalist
eWeek
Survey: How would you describe your organization’s approach to device ownership?
All company owned
Mostly company owned
Mostly employee owned
All employee owned
Many IT leaders found employees were more likely to use their own devices to grant their credentials to, say, online dating apps, which were not monitored by the company. Further, major liability risks occurred when employees accessed third parties with malicious intent making them victims of phishing and security breach schemes. All of the above can lead to stolen customer information, stolen intellectual property, and security intrusions that can bring down an entire corporate network. Mitigating risk is a major force in the BYOD backtrack of recent years, which has also been accelerated by the implementation of GDPR in Europe, as it focuses on the information privacy rights of individuals. For example, in the US and UK companies may use contract workers who were allowed to use their own devices. IT was suddenly confronted with managing a multitude of dissimilar devices with different operating systems and OS versions – a significant challenge to manage. It’s of little surprise that the Absolute study found that most organizations are opting to have as much management as possible over the devices that employees use to work.
Summary
Pandora’s box has been opened. Even as more organizations prepare for a return to the office, few are still operating with the idea that work will ever return to 2019-like conditions. The overwhelming majority will manage some kind of blend between distributed and fixed working, embracing the concept of ‘work from anywhere’ and hybrid working. Although the consensus is broadly that collaboration is more difficult, remaining remote in some capacity does offer huge advantages in terms of both cost and employee happiness, which in turn can be a competitive advantage for employers that can channel the positive outcomes of this most effectively. It also brings with it significant new challenges, especially when it comes to managing risk and securing workers. With reduced visibility and control, it can be extremely hard to prevent shadow IT, protect against an evolving threat landscape and retain control of devices in the field. Technologies from Absolute Software can help remedy some of these concerns.
- Get a crystal-clear inventory of all your assets, then manage them safely, remotely, and at scale. So you and your end users can worry less about the details and focus more on the big picture.
- It’s impossible to keep a CMDB or inventory up-to-date when endpoints go dark or require physical access. Absolute makes it possible with always-on visibility and peerless endpoint control.
- Rooting out shadow IT, finding unused software licenses, and reinstalling necessary apps are all costly time-sinks. Absolute helps consolidate your software in a fraction of the time.
- Many organizations struggle to bridge the gap between their desired security posture and the reality of day-to-day security. Get to the finish line faster with automation and remote controls.
- A device leaves an unauthorized area. An employee disables their encryption. Sensitive data ends up on a cloud-connected device. Absolute surfaces these warning signs so you can intervene.
- Keep workers connected, even in rapidly-changing or poor network conditions by making sessions unbreakable.
- Get full visibility of both the endpoint and the network, helping diagnose problems and potential acceptable usage violations.
- Powerful controls to keep devices and workers compliant, allowing IT teams to enforce the policies required to reduce risk.
- Employ zero trust principles to provide access to corporate applications in a way that significantly reduces the attack surface.
- Get sophisticated and context-aware content filtering controls, regardless of which network a work-assigned device is connected to.
Absolute Software presents
The Future of Work
Work has changed for good. The bizarre and unprecedented events of 2020 inspired ten years of digital transformation in just ten months. Priorities of the CIO were accelerated, abandoned and adjusted. Questions cycled from ‘how will we rapidly enable remote working?’ to ‘what will the return to work be like?’. With an initiative list turned on its head, many IT and security leaders are still scrambling to manage the competing priorities of cloud migrations, implementation of SASE and zero trust, adoption of Microsoft365, upgraded security investments and more – while also trying to ensure the best possible user experience for remote workers..
Please note: we highly recommend you read the desktop version of this report! Some features of the report may be limited or disabled on mobile.
The future is hybrid
Historically most organizations operated on a primarily fixed basis. Sat behind a desk, working on company-assigned devices and connected to IT-managed networks. Tools to facilitate remote working were broadly seen as necessary but not critical. A VPN could be used for the rare instances an employee needed to work from home, for example. Concerns about misconfigured or lost devices were outliers and one-offs. As the workplace changed, however, these make-do solutions began to show signs of inadequacy. Even pre-COVID, the number of employees working outside the office was growing fast. That extends beyond gradually more liberal work-from-home policies; the train, the airport and the café have also increasingly featured as a venue for work in recent years. If anything can be drawn from the past two years it is that predicting the future is almost impossible. It’s hard to anticipate exactly what the work environment will look like in 2022 and beyond but one thing is certain: it will never be the same again.
In a bid to better understand the future of work, Absolute Software conducted a research study aimed at uncovering the sentiment, plans and perspectives of 400 IT and security leaders at organizations across the US and the UK. The September 2021 survey revealed a number of fascinating insights, including exactly how firms are preparing to return to work.
Survey: In 2022, how many days a week will employees spend in the office, on average?
Findings from the study reveal that while the overwhelming majority of companies have shown comfort in dipping their toes into remote working, few are willing to jump in with both feet. Only 6.2% of organizations are planning to move to an entirely distributed working model. Though many notable software companies, such as Zapier, Buffer, Gitlab and DuckDuckGo, have all publicly evangelized the benefits of 100% remote working, it appears that they are the exception. Few businesses are embracing it entirely, possibly a reflection that it’s less suitable for other sectors. Results from the Absolute study point to professional services (legal, finance, consulting) as being more likely than any other sector to be considering a fully distributed working policy, with 8.3% of these firms claiming the number of days in the office will be 0 in 2022. For obvious reasons, no organizations in the education and heavy industries verticals are planning on switching to fully remote working next year.
Ultimately, almost two thirds of organizations (60.1%) are expecting employees to spend more time in the office next year than they spend remotely, yet only 13.7% are preparing to return to the office full time. Around 4 in 5 organizations are expecting to have some kind of hybrid working policy in 2022, meaning IT leaders must find intelligent ways to balance the two – ‘work from anywhere’ is the core principle behind most return to work plans. This consensus suggests that the ‘2.5 day week’ currently being evaluated at Salesforce, Google, Facebook and HSBC is likely to be widespread in the months to come.
This is good news for employees. An Irish study from September 2021 also revealed 81% of people want their employers to offer some kind of hybrid working, with respondents referencing huge time savings on their commute, as well as mental and physical health improvements among their reasoning.
What’s so great about the office?
Places of work can be expensive for the employer, factoring in rent, equipment, maintenance and other overheads. Why then would only a tiny fraction of organizations be willing to give up the office entirely? The Absolute study asked participants to share the primary benefit of office working, from the perspective of the IT department.
Survey: What is the primary benefit of working in the office?
42.9%
Employee collaboration
22.4%
Security maintenance
19.7%
Employee productivity
15.0%
Employee happiness
Responses paint a clear picture. There is seemingly an acceptance that employee wellbeing isn’t the driver behind getting workers back at their desks - just 15% of respondents listed employee happiness as the key benefit. Similarly, notions of improved productivity are not a major factor for IT leaders, with fewer than 1 in 5 (19.7%) stating productivity as the main positive of office working.
Almost a quarter of IT leaders (22.4%) expressed concerns about the risks associated with remote working. The incentive for those organizations in wanting employees to work from the office is to maintain a better corporate security posture, given the increased visibility and control that a fixed place of work provides.
Outranking all of these perks, however, is the allure of effective collaboration. It is human nature and thousands of years of evolutionary experience to communicate face-to-face. Conventional wisdom is that something in our ability to collaborate is lost when channeled through digital mediums. A phone call, Slack message or Teams video chat certainly each provide a new and welcome way to communicate, though perhaps cannot replace in-person collaboration altogether. The Absolute research findings reflect this idea. The ability to collaborate in a physical space is the number one benefit for returning to the office, with 42.9% of respondents revealing it as the primary motivator.
"If the primary purpose of an organization’s space is to accommodate specific moments of collaboration rather than individual work, for example, should 80 percent of the office be devoted to collaboration rooms?”
Brodie Boland Partner,
McKinsey & Company
If the office is the ideal place for collaboration, why are more organizations not preparing to return to the office permanently in 2022? While the office does offer a variety of benefits, it also comes with drawbacks that IT and HR leaders must consider when preparing their future of work plans.
The answer can be heard loudly in the results. Half of all IT leaders (49.4%) fear that employees are less happy when working from the office or have a worse work-life balance. Worries about morale are equal to security, productivity and collaboration concerns combined.
IT leaders are right to be thinking carefully about employee happiness, the work-life balance and how flexibility in working styles can be core to a business’s success. Flexibility can be many things. It can mean liberal working hours, granting parents the chance to work around child-rearing obligations or adjusting the 9-5 to meet changing expectations among millennials. It can also mean diversity in the place of work. As data has shown previously in this report, it’s clear that the future working environment will be some form of hybrid, blending the opportunity to work from home alongside the benefits that come from the traditional office. Firms that can provide flexibility will undoubtedly attract the best talent, marking a shift from an era where salary, office location and other perks shaped the competition for the most sought-after employees. IT is rarely the department making these decisions alone, however. It’s important to consider that flexibility is more than just the policies that come from HR. Flexibility also applies to working styles, collaboration and technology – areas that IT must take accountability for. That means creating a world-class experience for end users no matter when or where they work. Offering flexibility is absolutely integral to any business that wishes to compete, so getting the right blend of devices, software and infrastructure to support is similarly important.
Bonus chapter: The forecast is cloudy →
The appeal of distributed working
Survey: What is the primary benefit of remote working for your organization?
Remote working is, undoubtedly, wildly popular among many employees. Over half of organizations (58.6%) polled in the Absolute study listed employee morale as the main benefit of providing remote working options to workers.
Employee happiness carries significant weight to employers, and remote working is an appealing way to leverage it. Organizations in the education sector were the most likely to list employee morale as the primary benefit of remote working (75.9%), perhaps as teachers appreciate the comparative calm of a home office to the chaos of the classroom.
There are other benefits to distributed working, too, such as reduced overheads or productivity boosts. Cost-sensitive government bodies were the most likely of any other sector to cite financial savings (22.5%) while professional services were the most likely to list increased productivity (17.7%) as perks of remote working.
The office is unmistakably the best way to collaborate, however. Very few organizations feel as though remote working presents a better avenue for collaboration than the office. There may also be cultural components to consider, too: UK organizations (6.2%) were twice as likely as their American counterparts (3.1%) to consider collaboration as the main benefit of distributed working.
"As companies come to decisions on new working arrangements, they will be essentially making a basic trade-off: the expectation of greater creativity in new projects at the office, but greater productivity on existing tasks at home. And, as with most trade-offs, the right answer is not all or nothing – five days or zero days at home – but something in the middle.”
Nicholas Bloom, professor of economics
Stanford University
Survey: What is the biggest drawback of remote working for your organization?
Why working from anywhere is hard
.Employees are happier working remotely and flexibility of work is a differentiator for employers. It’s also more cost-effective and facilitates a more productive workforce. Collaboration aside, why would organizations have any reluctance to embrace distributed working more wholeheartedly?
The Absolute study asked IT leaders to share the biggest drawbacks of remote working. The data shows, unsurprisingly, that concerns about productivity and morale are negligible. Collaboration is again mentioned as a major deterrent, but the biggest obstacle facing IT teams is something else entirely. Respondents were worried about managing risk and compliance more than any other criteria (41.6%) and less than a third (30.7%) of IT leaders consider distributed workers to be exposed to less risk than office-based employees. IT leaders in the UK were 33% more likely to be concerned about remote working risks.
One reason behind this perceived increase in managing risk is that when employees work from their homes and elsewhere, IT no longer enjoys the same level of insight. When an employee is connected to the corporate network and sat behind a desk, administrators can see the sites, applications, activities and issues in real-time, boosting both productivity and security overall. This ‘blind spot’ for remote workers was previously accepted as an edge case in the relatively rare instance of those not able to work in the office. With hybrid working, that no longer becomes an acceptable level of risk.
Understanding more about the threats and compliance risks facing distributed employees is important. With workers operating on a variety of unknown, unmanaged and often insecure networks, security teams have struggled to ensure the same level of risk in the new normal. Without the protection of secure web gateways, firewalls and other perimeter-based security, remote workers are exposed to far more risk than fixed workers. According to a 2020 study, almost half of IT leaders consider remote workers to be exposed to either high or extremely high risk. The overall picture is unmistakable – a full 97% believe that remote workers are exposed to greater risk than traditional office workers.
Security considerations for remote workers
What’s clear is that it’s unclear. There remains a large blind spot when it comes to the distributed workforce, with experience and security both major concerns. Technology must evolve to grant increased visibility into remote working, helping IT teams achieve parity across both employee experience and security, no matter where they work.
Challenging to identify ransomware and other malware attacks
Security event response is difficult without physical proximity
Limited network security protections, wider attack surface
Reduced telemetry when diagnosing potential issues
Lost, misplaced and stolen devices difficult to recover
Mobile phishing attacks rampant (multiple form factors and devices)
High risk access requirements with legacy remote access
Devices are not always kept up-to-date and configured
Managing risk: a matter of technology
"While some organizations may never return to the office, others will be welcoming staff back in the months to come - putting an intense spotlight on their long-term strategies for staff, infrastructure, processes and governance.”
Eleanor Dempsey, Director, Consulting & Competency
Auxillion
Research shows that meeting compliance and managing risk is harder for IT teams with distributed workers than office-based ones – but why? What are the specific challenges that organizations face when trying to secure the enterprise in a world where hybrid working is the norm?
According to the survey results, most IT leaders agree that the biggest challenge in managing risk is with technology – namely, having the right tools in place to mitigate it (54.1%). Getting the appropriate skills and personnel in place is less of a barrier, with only 18% of organizations struggling to establish a culture that supports hybrid working. Around a quarter (27.9%) of IT leaders instead point to processes and policies as an inhibitor to hybrid working success. Harmonizing security policies with HR protocols can pose problems, with shadow IT and rogue working practices often running rampant outside the traditional office.
Those working in healthcare and professional services are especially concerned about finding the right risk management tools, while those in the public sector are the most likely to be worried about personnel and culture, implying that government agencies face unique challenges with recruitment and talent retention.
Survey: What are the biggest challenges with managing risk and compliance with ‘work from anywhere’ company policies?
Bonus chapter: Alan Boswell case study →
We're managing risk in the dark
IT leaders face the reality that a large percentage of the workforce will remain distributed, and many of them are quickly realizing that they lack visibility into endpoints, connectivity and application performance – exposing their organizations to greater risk and bottlenecks, and in many cases leaving employees frustrated and underperforming. According to the Absolute study, only 37.9% of organizations have full visibility and control into how distributed devices are being used.
Most organizations today already enjoy a wealth of visibility into device usage, provided that each device remains inside the corporate network or when using on-premise applications. But very few of these organizations have the same level of visibility into their remote or distributed workforce. With more employees working remotely and depending on an increasing number of public cloud, SaaS and internet applications, it’s become harder to see, control and troubleshoot any issues that arise. While an organization may not ‘own’ the underlying infrastructure, it is still responsible for user experience.
With abundant dissatisfaction and many workers electing not to report issues to IT teams, it should come as no surprise that remote employees have embraced shadow IT even more so than they have in years past. A late 2020 NetMotion study found that 62% of remote workers are using applications unknown or unsanctioned by IT teams – with 25% using a significant number of unapproved tools outside of those that have been provisioned. Shadow IT, contrary to how it is viewed by some, is usually a result of workers seeking to be more productive; not less. The majority of people simply wish to get their jobs done. It is well documented that productivity can be linked to morale, and workers will turn to alternative tools if the ones provided are not good enough.
"Employees have been empowered to think about where and how they are most productive, while employers have been tasked with ensuring the devices they provide to their organizations are fit for today’s purpose.”
Howard Lewis, Surface Business Group Lead
Microsoft UK
Survey: How much visibility and control does your organization have over it's remote work devices?
Luke Irwin, a cybersecurity expert at IT Governance, offers guidance for those organizations concerned about the increased security risks that distributed working can pose. In his view, without the security protections that office systems typically provide – such as firewalls and blacklisted IP addresses – and increased reliance on technology, employees are far more vulnerable to cyberattacks. His advice to security leaders is to ensure that all work where possible should be done on a corporate laptop subject to remote access security controls. This should include, at the very least, two-factor authentication, which will mitigate the risk of a crook gaining access to an employee’s account.
Organizations should look to technologies like zero trust network access, experience monitoring, asset management, endpoint security, device lifecycle management and endpoint resilience to significantly reduce the risk exposure of hybrid working models.
"The positive impact on happiness caused by being based at home comes at the cost of visibility”
Owen Hughes Senior Reporter
ZDNet
Who owns what?
The transition to working from anywhere has potentially increased the chance of working from multiple devices. The proliferation of mobile, tablet and notebook working has extended the modern work environment to much further than the desk itself, significantly increasing the risk surface for organizations. Questions about the management and ownership of devices have been asked more frequently in the era of hybrid working, with BYOD firmly in the crosshairs at many organizations.
Survey: How would you describe your organization’s approach to device ownership?
Many IT leaders found employees were more likely to use their own devices to grant their credentials to, say, online dating apps, which were not monitored by the company. Further, major liability risks occurred when employees accessed third parties with malicious intent making them victims of phishing and security breach schemes. All of the above can lead to stolen customer information, stolen intellectual property, and security intrusions that can bring down an entire corporate network. Mitigating risk is a major force in the BYOD backtrack of recent years, which has also been accelerated by the implementation of GDPR in Europe, as it focuses on the information privacy rights of individuals. For example, in the US and UK companies may use contract workers who were allowed to use their own devices. IT was suddenly confronted with managing a multitude of dissimilar devices with different operating systems and OS versions – a significant challenge to manage. It’s of little surprise that the Absolute study found that most organizations are opting to have as much management as possible over the devices that employees use to work.
Summary
Pandora’s box has been opened. Even as more organizations prepare for a return to the office, few are still operating with the idea that work will ever return to 2019-like conditions. The overwhelming majority will manage some kind of blend between distributed and fixed working, embracing the concept of ‘work from anywhere’ and hybrid working. Although the consensus is broadly that collaboration is more difficult, remaining remote in some capacity does offer huge advantages in terms of both cost and employee happiness, which in turn can be a competitive advantage for employers that can channel the positive outcomes of this most effectively. It also brings with it significant new challenges, especially when it comes to managing risk and securing workers. With reduced visibility and control, it can be extremely hard to prevent shadow IT, protect against an evolving threat landscape and retain control of devices in the field. Technologies from Absolute Software can help remedy some of these concerns.
- Get a crystal-clear inventory of all your assets, then manage them safely, remotely, and at scale. So you and your end users can worry less about the details and focus more on the big picture.
- It’s impossible to keep a CMDB or inventory up-to-date when endpoints go dark or require physical access. Absolute makes it possible with always-on visibility and peerless endpoint control.
- Rooting out shadow IT, finding unused software licenses, and reinstalling necessary apps are all costly time-sinks. Absolute helps consolidate your software in a fraction of the time.
- Many organizations struggle to bridge the gap between their desired security posture and the reality of day-to-day security. Get to the finish line faster with automation and remote controls.
- A device leaves an unauthorized area. An employee disables their encryption. Sensitive data ends up on a cloud-connected device. Absolute surfaces these warning signs so you can intervene.
- Keep workers connected, even in rapidly-changing or poor network conditions by making sessions unbreakable.
- Get full visibility of both the endpoint and the network, helping diagnose problems and potential acceptable usage violations.
- Powerful controls to keep devices and workers compliant, allowing IT teams to enforce the policies required to reduce risk.
- Employ zero trust principles to provide access to corporate applications in a way that significantly reduces the attack surface.
- Get sophisticated and context-aware content filtering controls, regardless of which network a work-assigned device is connected to.