New Articles

New to Working from Home Full-Time? Here’s How to Stay Productive.

working from home

New to Working from Home Full-Time? Here’s How to Stay Productive.

As the coronavirus pandemic threatens public health and the U.S. economy, more people are working from home on a regular basis. The move follows social distancing guidelines as an attempt to slow the outbreak, but keeping scattered workforces connected and productive can be challenging for managers and employees.

“This is new terrain for all involved, but employees and their companies can come out of this stronger by learning how to work together even better while they’re physically apart,” says Dr. Jim Guilkey (www.jimguilkey.com), author of M-Pact Learning: The New Competitive Advantage — What All Executives Need To Know.

Optimally, working remotely can sharpen the skills you have and open new avenues of training that broaden skill-sets and increase results. But technology alone can’t smooth the transition to remote working, and both employees and business leaders must learn how to implement new structures and some new or tweaked processes.”

Dr. Guilkey offers tips for both managers and associates to make working from home work out well for their companies:

For employees:

Get started early. “When going to the office, you normally get up and out the door early,” Dr. Guilkey says. “At home, this is more difficult. Get up, take a shower, and get started.”

Create a dedicated work space. People who haven’t worked remotely may need to experiment with different approaches to find what setting works best for them. “Just because you’re not going to the office doesn’t mean you can’t have an office. Dedicate a specific room or surface in your home to work,” Dr. Guilkey says“You should associate your home office with your actual office. This creates the correct mindset for being productive.”

Structure your day like you would in the office. Workers need to adopt exceptional conscientiousness when it comes to dividing their day into intensive work, communications, personal time and family life,” Dr. Guilkey says. “Have an agenda. Schedule meetings and project time and stay on schedule.”

For managers:

Set expectations.“It is vital that employees know what is expected of them,” Dr. Guilkey says. “When will you be available? How long will it take to get back to someone?”

Create a cadence of communication. Without daily face-to-face interaction, there’s more importance on communication. “A rhythm of communication is vital – daily check-ins, weekly one-on-ones, weekly team meetings, etc. ” Dr. Guilkey says.

Take a video-first approach. “Video, with all the current technology, is the most effective means of remote communication,” Dr. Guilkey says. “Invest in reliable tools.”

Maintain company social bonds. One drawback of working remotely is the potential breaking of social bonds that are necessary for productive teamwork. “Video conferencing or a quick Google chat with a colleague is vital to keep relationships strong,” Dr. Guilkey says. “Employees miss face-to-face banter and impromptu discussions in the physical office, so seeing faces on the screen daily is optimal for morale and a sense of normalcy.”

“Employees and employers can take this unprecedented time as a time to improve individually and as a company,” Dr. Guilkey says. “Working from home and working well together can go hand-in-hand when everyone is pulling even harder in the same direction.”

_______________________________________________________________

Jim Guilkey, PhD (http://www.jimguilkey.com) is the author of M-Pact Learning: The New Competitive Advantage — What All Executives Need To Know. He is the president of S4 NetQuest and a nationally recognized expert in instructional design and learning strategy, with extensive experience in leading the design, development, and implementation of innovative, highly effective learning solutions.

Under his leadership, S4 NetQuest has transformed the learning programs for numerous corporations, including Johnson & Johnson, McDonald’s, Merck, Nationwide, Chase Bank, BMW, Cardinal Health, Domino’s, GE Medical, Kaiser Permanente, Yum! Brands, and others. Guilkey is a frequent speaker at national conferences and corporate training meetings. Before co-founding S4 NetQuest, Guilkey served as the assistant director of flight education at The Ohio State University. He received a BS in aviation and an MA and PhD in instructional design and technology from Ohio State.

maintaining

Maintaining Business-as-Usual When Nothing is Usual

As we watch the evolving global response to the COVID-19 pandemic, it is abundantly clear that organizations are facing a business continuity challenge for which most had not precisely prepared. With little to no strategic planning for it, organizations are being forced to shift from an on-premises employee base to a remote distributed workforce. The choice is clear, shift or shut down, and those trying to shift have significant hurdles to overcome. Enterprises need to protect their employees and ensure business operation continuity by making this immediate pivot to a remote workforce.

The aforementioned hurdles are numerous, indeed. A few key ones fall around maintaining compliance, ensuring security with developmental practices and keys, and maintaining visibility into risk when monitoring tools are overwhelmed with signals.

Uncompromised Compliance

Meeting compliance rules in a diverse IT ecosystem is arduous on the best of days but can be overwhelming for organizations dealing with the unanticipated tide of remote workers, non-controlled devices, and unmanaged locations. Yet without access to the business-critical and sensitive information required to perform job responsibilities, productivity would grind to a halt.  Organizations meet the competing priorities of employee access and regulatory compliance in spite of an ongoing pandemic. Compliance frameworks such as SOX, HIPAA, HITECH, and PCI, require implementing and monitoring a large number of controls to ensure compliance, even with remote workers. This is a herculean task, especially across multiple clouds, sites, and external work locations.

In order to establish compliance, many compliance frameworks require organizations to begin with a risk-based assessment of the ecosystem. The information gathered from this assessment determines what controls are necessary and how they can best be configured to integrate with the environment. For organizations needing to move swiftly, it is absolutely essential to utilize automated tools to manage this process and ensure that no controls are left out or partially implemented. Even after implementation, the ecosystem should be reviewed and monitored in order to maintain continual compliance.

Remote Development

Developers working from home come with the challenge of ensuring the codebase that they are working on is secure and that it can safely be moved through the development lifecycle. Fortunately, developers have already been moving down this path with the development lifecycle in the cloud using a CI/CD pipeline to streamline and automate the process from development to production. However, this requires the issuance of high-privileged keys to developers to move code between environments and execute the code. Protecting these privileged keys is challenging and can leave individuals with excessive rights that violate the principle of least privilege. In the worst scenario, a bad actor could insert malicious code, self-promote the code all the way into production, and have the code execute with a permanently issued privileged key, all without any checks along the way.

The best way to ensure that the CI/CD pipeline remains secure is to ensure there are zero standing privileges when they are not directly needed to perform functions in the environment. To aid in this effort, storing privileged keys and using a system to programmatically check them out at the time of code execution allows them to be available when needed but otherwise keeps them inaccessible. This can further be improved upon by using scoped keys that have an expiration built into them so that even if a high-privilege key was compromised, its ability to be utilized by bad actors is limited.

In order to maintain compliance, it’s also important for a solution to see and control when a developer may have a risky or toxic combination of access, such as the capability of both writing code and performing QA on that code. Keeping these duties separate is key to preventing poor code hygiene, and it also reduces the risk of a backdoor being written in and pushed into production.

Pinpointing Anomalous Behavior

When dealing with multiple external workers and the sudden change in traffic, the vast amount of real-time activity and behavior data coming in from different areas can complicate visibility into anomalous behavior. An IT ecosystem that ranges from on-premises assets to multiple clouds generates a huge volume of log data, and SIEM tools and vulnerability scans only add to the total. Each of these is generally contained in its own environment and has separate interfaces for reviewing and monitoring, and there is limited correlation to find anomalies that might not be readily apparent from any given individual interface.

While managing a strong remote work environment, an organization is going to need to double down on monitoring. In order to understand holistic risk and keep from missing trends only visible when broader data is analyzed, organizations should seek ways to integrate the data from these disparate systems to attain visibility not possible from looking at each as a silo. A quick response can make the difference between a bad actor being stopped cold and walking off with the keys to the kingdom.

When Business IS Usual

Whether adapting to a pandemic or evolving to follow the trend of offering remote work to attract top talent, ensuring your organization’s data is secure is top priority. Even when the IT landscape of your organization changes, you need to maintain business continuity with solutions that include automated response to risk while documenting continual compliance. Whether securing file access or enabling software development, ensuring only the right people have the right access to the right digital resources at the right time should be more than a clever catchphrase. It should be business as usual.

___________________________________________________________

Diana Volere is a strategist, architect, and communicator on digital identity, governance and security, with a passion for organizational digital transformation. She has designed solutions for and driven sales at Fortune 500 companies around the world and has an emphasis on healthcare and financial verticals.  In her role as Saviynt’s Chief Evangelist, she delivers Saviynt’s vision to the community, partners, and customers, addressing how to solve present and future business challenges around identity.  Her past twenty years have been spent in product and services organizations in the IAM space. Outside of work, she enjoys travel, gastronomy, sci-fi, and most other activities associated with being a geek.