Introduction: New challenges to end-user computing environments
With the adoption of more hybrid and remote work policies, employees are testing corporate boundaries and policies by redefining the corporate workspace, from the physical location to the devices, apps, and toolsthey use to do their jobs. They are also depending on employers to provide secure access to the data, applications, and colleagues that are essential for getting their work done.Key discussions on enterprise transformation
Many organizations were forced to accelerate digital transformation effortsjust to enable workers in these new environments. This involved intensifying their focus on securing both devices and data to the clouds and networks that support them while also maintaining privacy and compliance controls.
As increasingly distributed and hybrid teams come to define modern ways of working, security will remain a primary priority. It is an essential prerequisite to enabling employees to access the key resources they need —and yet the challenge ahead is to embed security measures as much as possible while moving away from today's friction-filled user experiences.
The global lockdowns early in the pandemic exposed existing security issues around supporting remote work at scale. These issues included the need to accelerate migration to the cloud for organizations that had delayed doing so, VPN access, and access to essential devices and hardware in the face of supply chain disruption. People sent home without laptops or mobile devices picked up what was available from outside retailers and logged into productivity, communications, and collaboration platforms — some that were approved/managed by IT, and others that were not. IT organizations are familiar with the cat-and-mouse game of assessing, managing, and allowing/denying the type of personal/consumer computing technology that workers are using.
Nonetheless, from a device standpoint, teams have had to deal with a large influx and infusion of bring-your-own-device (BYOD) smartphones and PCs coming online and accessing corporate data and apps. From a PC perspective, this has led to more diversity of device types. For example, sales of Apple Mac PCs surged in 2020.U.S. IT organizations say that as much as 23% of their PCfleet is now represented by this traditionally noncorporate desktop OS, which many Microsoft-centric support organizations are not trained or equipped to handle.
Behavioral enablement is sometimes mistaken for productivity enhancement because both focus first on minimizing context switching and then gathering required digital and physical resources to achieve an end. But productivity focuses on the creation of a specified output (e.g., a report, a process document, or a manufactured good), while behavioral enablement focuses on organizing information into patterns and connecting people with similar interests to work toward successful outcomes.
Expanding Access, Attack Surface, and Risk
The approaches to defending devices and data in this new paradigm have introduced other risks for IT. Many firms have had to extend VPNs into workers' homesto ensure secure computing activity. This blending of environments itself introduces new risks. Unmanaged or unknown endpoint devices and insecure home Wi-Finetworks can affect both corporate IT and the organization's security posture. IT teams have also had to apply principles that were once relevant only to a specific segment of themobileworkforce— frequently traveling employees, or "road warriors"—to a much broader swath of the worker population. IT security teams nowmust account for lost/stolen devices at a greater scale as well as more frequent network access and activity from multiple locations. While risks such as airport or public space Wi-Fi may diminish, home Wi-Fi or even adjacent neighborhood networks have become a larger part of the threat model. Historically, IT could easily manage the occasional employee request for access to data, files, and computing resources from an asset left at home while working in the office (or vice versa).Given the shift in working patterns, IT teams need newapproaches and thinking about how to scale these types of requests in massively hybrid organizations. Returning to office environments, either full time or part time in a hybrid scenario, requires tight coordination between IT security and the teamsthat handle physical security, office management, and building operations. Management of facilities to ensure a safe return to work includes a wide range of considerations and responsibilities, such as ensuring surfaces and common areas are regularly cleaned and disinfected. Teams must also consider physical distancing and new space/layout requirements for offices and desks as well as use of shared resources. This planning and implementation activity intersects with IT and information security in several areas. Less obvious but also important are the security requirements forInternet of Things(IoT)devices or those fixtures enabled with IoT capabilities that have potential to expose network vulnerabilities.
As if these challenges were not enough, they have been paired in turn with network integrity issues, an increase in cyberattacks (especially phishing), and the potentially negative impact of these factors on brand integrity.Customer and employee data privacy has been and continues to be a key concern as customer-facing workers and HR professionals work from home (WFH). Data and infrastructure security has also been a key part of the security equation. For example, users are increasingly blending personal and corporate cloud storage, email, and collaboration platforms to make WFH work properly. Remote and hybrid users may use noncompliant cloud storage or sharing technologies while trying to get their day-to-day work done. And while employees with personal devices or storage accounts may trust these consumer services, enterprise IT willhave specific policies that restrict usage of nonauthorized content sharing or storage applications.
Mobile, PC, and other endpoint management and activities are converging around a singular end-user computing management function. Any part of IT that touches the end user (devices, system infrastructure software, and apps) should incorporate the concepts of the intelligent digital workspace.
About the analyst
Phil Hochmuth is the Program Vice President on IDC's Enterprise Mobility team. His research provides insights into how enterprises deploy mobile devices and applications as well as management and security platforms. Key markets he covers include enterprise mobility management (EMM) and enterprise mobile security, including mobile data and threat protection and mobile device security technologies.
Explore DXC's Modern Workplace services
DXC provides a full spectrum of Modern Workplace solutions to help empower your employees to connect, collaborate and work seamlessly and securely on any device, anywhere, thereby accommodating today's hybrid work environments. Learn more about DXC's Modern Workplace services.