Hybrid working – where employees work partly from an office and partly from home or another remote location – is fast becoming the preferred working practice in the UK. The COVID-19 pandemic and government guidance to ‘work from home if you can’ have changed employee expectations irreversibly, with 57% of British workers now wanting to continue to work from home some or all of the time, according to a recent YouGov survey.
There are many well-documented benefits of pursuing a hybrid working policy. Chief amongst these is improved staff wellbeing, as reported by the UK’s Office for National Statistics. Other incentives like reduced expenditure on office space, increased employee productivity and easier recruitment of skilled employees are also playing a part and encouraging more organisations to allow hybrid working indefinitely.
Hybrid working is, however, not without its risks. For organisations that want to facilitate home-based and remote working for larger numbers of employees on an ongoing basis, there are some significant challenges that need to be overcome, particularly in the area of device management.
Risk 1: Security
Corporate desktops will have anti-virus solutions, data loss protection (DLP) software and lots of controls to prevent employees from inadvertently exposing the company to security risks. If employees are using their own desktop computers or laptops at home, they may not have up-to-date security software, maybe using an unsecured Internet connection and will undoubtedly not have the locks and protections to prevent them from accidentally downloading malicious software and apps. Even if employees are using company-owned laptops, if these devices are not regularly accessing the corporate network for maintenance and operating system updates, security software can become out-of-date, and protection can be weakened.
Risk 2: Productivity
I’m not talking here about the risk of employees secretly streaming box sets, entertaining kids and walking the dog during office hours. I’m talking more specifically about the risk that they cannot work productively, because their laptops or home computers don’t have the required specification and performance to run the apps needed for their jobs. Employees that have been issued with corporate laptops will generally have the required CPU, hard drive and memory needed, while employees using their own devices may take ten times longer to load applications due to having aging or entry-level computers. The simple answer is to supply all employees with high-spec laptops, but, in reality, it will be incredibly difficult for most medium to large organisations to find the level of investment needed, as well as manage and support all the new devices.
Risk 3: Compliance
General data protection regulation (GDPR) and other compliance regulations is critical if you don’t want to run the risk of eye-watering fines. Just last year, British Airways was fined £20 million after its systems were compromised and hackers gained access to customer details and payment card information. When organisations don’t have the right controls in place to ensure remote-working employees are complying with corporate GDPR policies – as well as other industry-specific regulations – data leakage can be massive. Compliance breaches can happen so easily. It only takes an employee to cut and paste a customer’s personal data onto their own laptop or email it to themselves on a private email address. The vast majority of data breaches stem from mistakes made by humans, so having automated IT controls on all devices, wherever they are used, is essential.
So, how can you reduce the risks of hybrid working?
One tried and tested approach is for organisations to move to cloud services and optimise the use of their cloud management plane. For example, Microsoft 365 solutions such as Microsoft EndPoint Manager and Microsoft Intune have been engineered specifically to enable organisations to improve their management of remote and mobile devices, as well as remotely-used apps. These management tools allow organisations to add a layer of policies and security measures on top of applications, regardless of whether the device is a corporate one or a user’s own personal one. Organisations can also improve compliance by using Microsoft 365 and SharePoint Online data to establish controls and enforce procedures for sharing and accessing sensitive data.
The cloud-based Microsoft 365 suite also includes tools for monitoring employee productivity. By taking advantage of Microsoft Productivity Score, organisations can more easily see which employees are struggling with their devices and then prioritise the roll-out of corporate laptops to those who need them most, to improve their productivity. Nine times out of ten organisations are already using Microsoft 365 and have the licensing for it, so might as well make the best use of all of the available management tools to improve security, productivity and compliance. A real-life example of full utilisation of the solution is Rotherham NHS Foundation Trust, which has invested in Microsoft 365 but typically as a Public Sector organisation wanted to make more use of their investment and enabled additional automation and collaboration solutions natively available within Microsoft 365.
Another effective approach to the challenges of managing devices in a hybrid working environment is to adopt virtualised desktops in the cloud. Organisations can, for example, use Microsoft Azure Virtual Desktop to give users access to the services they need to do their jobs while ensuring that all the data and apps reside securely within the corporate network. Using virtualised desktops also addresses the risk of poor user productivity. Whereas SAP, Autodesk and other resource-intensive applications, will drain the resources of an employee’s own computer if downloaded, SAP apps can work efficiently on virtualised desktops, providing a far better user experience.
There is an almost endless list of tools and products that are marketed for managing devices in hybrid working environments. Many of these are very good – but too many of them will be very bad. Organisations can easily make the mistake of over-complicating their IT environments, making it harder, not easier, for their IT teams to manage remote devices. In my experience, a solution stack from a single vendor is more logical, more affordable and more powerful than buying lots and lots of multi-vendor solutions. So while security, productivity and compliance are the first three risks in hybrid working environments, a scattergun approach to addressing them is undoubtedly the fourth.