Covid-19 is forcing major changes in the cybersecurity community of Fortune 500 companies.
In May, for the Global Cyber Innovation Summit, I hosted a digital discussion with three chief information security officers (CISOs) to hear how they were coping with this unprecedented pandemic situation in their companies.
Phil Venables, CISO of Goldman Sachs; Jim Routh, CISO of Mass Mutual; and Rick Howard, CSO of the CyberWire, joined me to discuss the pandemic’s challenges and its impact. The highlights of our discussion fall below, but without name and company attribution.
What was intriguing to me was one unanimous reaction: the covid-19 pandemic has forced a massive experiment in the work environment due to the work-from-home challenge. But it is not insurmountable by any stretch. Quite the opposite. The CISOs and employees are dealing well with it. Issues are getting resolved. In fact, it is working well.
Fundamentally, they are finding that work-from-home at scale works. Business leaders have figured out that we can all work from home, and that we can be productive doing so. In fact, several big enterprises, embracing their success, are in the process of materially reducing their office space as they figure people will continue to work from home.
Transition to work-from-home happened in a reasonably straightforward way. There were some problems with video infrastructure, but it was scaled up without too much trouble.
Some of the participants had some fixable glitches in the transition to work-at-home at scale. They believed their employees would have fast internet connections, but that just wasn’t the case. So, they rectified the situation.
All of the security officers felt compelled to use Zoom videoconferencing technology. But Zoom had some challenges. Since Zoom is an enterprise company, they recognize that enterprise customers want security and won’t use an enterprise solution without it. Zoom is now investing in redoing its architecture to accommodate the security needs of their enterprise customers.
The human factor
Among the most common themes discussed was the human factor of prolonged work-from-home at scale. The security officers spent a lot of time thinking about the pressure on employees. Employees have been strongly encouraged to speak up when things are not right, when they’re feeling under pressure or when they feel their attention to detail is slipping because of their new work environment.
One of the security officers added daily standups, with the teams checking in on risk factors and the need to take regular breaks. Another of the security officers emphasized that employees shouldn’t feel they have to work their normal hours.
Heightened employee flexibility was essential, especially to take care of one’s health. Regular pre-work gym workouts, now unavailable, are replaced with regular walks or other exercise on a schedule.
While all the participants agreed that a permanently bigger work-from-home model has huge potential, some cautioned that it clearly wouldn’t work for everyone. Not everybody can work remotely, and some employees simply don’t like working from home. Most likely, those employees will move back to an office in a newly configured format. However, it was predicted by the group that at least 50 percent of the workforce will eventually work mostly from home, but in most cases, not every day.
CISOs can hear regular digital discussions hosted by the Global Cyber Innovation Summit. If interested, contact firstname.lastname@example.org.
Robert R Ackerman Jr is the founder and managing director of AllegisCyber, a venture capital firm specializing in cybersecurity, and the co-founder and executive at DataTribe, a cybersecurity start-up foundry located in Maryland which focuses on launching start-ups based on cyber domain expertise out of the intelligence community and national laboratories.