Identity Governance Blog

The Business Risk of Changing to Remote Workplaces

By Morten Boel Sigurdsson, Founder of Omada

April 21, 2020

The global spread of COVID19 is impacting the way we do business and collaborate.

What used to be only for certain professions, or for the few as a “perk” has become the norm for all. The transition from typical daily office work to remote working has been thrust upon business around the world without due warning or time for preparation.

Some of the benefits from the change:

  • Organizations will make significant savings from reduced operational costs in their facilities
  • Employees will save hundreds of hours yearly on unproductive commuting time that can be spent creating value for the company and improving their work / life balance.
  • Societies will save money on maintenance, traffic accidents, pollution and CO2 emissions
  • The green transition is obvious in a way that no one could have imagined – now we are avoiding queuing on polluted highways.

While the above represents potential future gains from mass remote work, these gains can only be truly recognized if the business itself can fully leverage them. The reality is, that many businesses are struggling to adapt to the new conditions.

The challenges of ‘the new normal’

The challenge for business leaders today is how to enable the business to achieve its goals and objectives when the business model has been totally disrupted overnight. Those able to adapt to ‘the new normal’ will benefit, while those that cannot, will suffer and even some fail.

While business is focused on transitioning as quickly as possible to remote work and supporting their employees to do so, other groups such as hackers are focused on exploiting this disruption. Transitioning an entire company from an apparent safe office environment to become a decentralized home working company puts immense stress and pressure on any organization and can expose an enormous amount of risk.

Adaption and mitigation to the new world mandates that people skills and habits, business processes, controls and technologies also adapt. Adoption of new norms and practices pose the question, ‘at what pace’? and ‘at which risk’? The answer to the first question is ‘fast’ and the answer to the second question is often that ‘we really don’t know”.

Most C-level/Executive Managers are aware they are taking on more risk than they normally would in order to secure continuity of their business. However, it is doubtful if they fully understand how much risk they are taking. The risks of being a victim of hackers or internal data theft potentially leading to business downtime, monetary losses and reputational damage has dramatically increased under the new normal. A data breach and failure to comply with GDPR and other regulatory obligations could constitute the difference between success and failure for the entire company.

Vulnerable to cyberattacks

A decentralized workforce is much more vulnerable to cyberattacks, espionage and insider theft. Corporations have more than ever before a high risk of a cyberattack like those that happened to A.P Moller Maersk, Target, ISS and many more. For any organization, it would be a catastrophe on top of a catastrophe to be hit by an attack in the current crisis. Nevertheless, in the rush for getting workers productive, millions of outdated laptops with back level operating systems, and software full of vulnerabilities are being granted remote access from open home networks into previously secure corporate networks to enable business continuity.

Under normal circumstances, such unsecured laptops and networks would never have been admitted remote access to the corporate networks critical IT systems. The IT departments are painfully aware that their current access entitlement setup is predominantly designed to deal with access for secure endpoints and systems from all within the confines of the firewall. Their access entitlement setup is not designed to support remote access to the corporate network.

Although the transition to remote working needs to happen fast, it must happen in a controlled way that affords management full control and insight into the organization in real time, keeping risk at an acceptable level. Working remote requires new habits and a new degree of employee awareness and IT control.

Identity governance is the new perimeter

On the technology side, an identity and access governance solution is an important element in securing the kingdom. With the new way of remote working, more than ever is it true that the ‘Identity is the last line of defense’ to the corporate data. In other words: You must secure your identities and their access to secure your business.

To start lowering your risk immediately I recommend that you review all consultant- and employee IT entitlements in the light of the new normal to determine your access risk exposure.

Learn more

Find out much more about how identity management and access governance processes match evolving business needs for governance and compliance or get in touch with us to learn more about how we have helped organizations like yours.

Let's Get

Let us show you how Omada can enable your business.