Covid-19 - Adapting to new normal
Challenges in the work-from-home era
At the onset of the COVID-19 pandemic, Zoho Corp issued a work-from-home policy long before nationwide lockdowns. When you think about a global crisis that has a major impact on organizations, it goes without saying that you need to prioritize—and fast. Where do you start? Your first goal should be to protect the welfare of your employees. This one's a no-brainer. We knew we had to ensure their safety before we moved forward. By early March, 8,000 people working in one office quickly turned into 8,000 offices. While there has been a considerable increase in productivity, the transition was not seamless. Remote work came with a unique set of challenges.
Our second priority was business continuity. We need to be able to deliver the products that customers need to run their businesses. How can all the departments work together with customers and ensure there is no disruption in services? Employees need to have access to information. They need to be able to communicate regardless of their location. How do we enable that? When employees are working from the comfort of their home, they often use their own Wi-Fi or mobile data, which is often unprotected or at least not as protected as an enterprise VPN. This becomes an issue when handling sensitive data. How do we ensure the security of company information?
We can't rely solely on endpoint management, especially during the pandemic when employee devices aren't on the corporate network. By using VPN, productivity is boosted since access to corporate resources can be granted to the employees working from anywhere without having to compromise on data security. Idle session timeout, session expiration, and mandatory two-factor authentication for our VPN login further strengthened our cybersecurity. We have further opted to provide end users with a self-service portal to install licensed software required for day-to-day operations.
In a poll assessing the impact of COVID-19, over 47 percent of InfoSec and IT professionals admitted to facing new challenges due to the sudden shift to remote work.
Before the pandemic, we relied extensively on our on-premises endpoint management tool to manage employee data. Since the shift to remote work, we've started managing everything through a cloud-based system. The cloud version of our UEM product was launched in August 2020. Although we faced multiple hurdles in a short span, our excellent Sysadmin team was able to find a work-around quickly and help employees find a balance between productivity and security.
Zoho's CEO Sridhar Vembu has often talked about rural revival—empowering the rural community by providing work opportunities. True to his vision, he launched the “hub and spoke” model offices in the lesser known parts of South India. As of 2020, we have 12 spoke offices and more coming soon. COVID-19 has made it difficult for large corporations to function, but our spoke offices with limited capacity have turned out to be a viable solution in uncertain times. If anything, the pandemic helped us accelerate their opening.
For instance, our Puthucode office was inaugurated in October 2020. It is situated 18 miles from Palakkad (370 miles from Zoho Corp’s Chennai office) and only has 21 employees. Employees working at a spoke office raise a device issue request to the administrative team back at the Chennai branch (our Indian headquarters). The admin team reviews and approves the request. The required gadgets are sent over by post within two weeks. It's that easy! Moving to a cloud-based system has made it simpler for the Sysadmin team. They can now process these requests in a hassle-free manner, regardless of where the employee is. Whether we're three or three hundred miles away, providing devices is no longer an issue.
As the saying goes, the show must go on. Remote work has not stopped ManageEngine's growth. We continue to hire on an ad hoc basis. Onboarding employees turned out to be a big hurdle. Normally employees would complete their onboarding process in person (read: get their pictures taken) and get their devices immediately. This is better for the employee as well as the company because it's important to carry out official work on a protected device. With the lockdown, we were unable to provide devices right away. Here, we had no choice but to provide flexibility. Employees used personal devices for a short while. OneAuth, our in-house multi-factor authentication app, ensured that accounts could not be accessed by anyone other than the employee. They received their work-approved devices when the postal services resumed.
We have also upped our product game to find solutions to these unprecedented challenges. In April, we introduced two features to our applications. First, a Direct Download feature to our UEM system. This allows "roaming" agents who are working from home to download the required files directly over cloud rather than from the server. We also block removable storage devices, including USBs, on all laptops. Second, we added remote work tools for our internal communication channel. This includes a virtual check-in/check-out, "At Work/Away" status updates in real time, as well as meeting and call updates to see department members' availability.
Our main focus was to create tools that help organizations build multiple layers of security to enable remote access to critical systems. One such remote access product facilitated access to user desktops for providing technical assistance and servers inside the corporate network for regular operations. The access management tool, on the other hand, enabled remote connections to critical business systems like servers, applications, and network devices.
Once again, ITSM saves the day. Device control is only half the picture; you still need to deal with risk mitigation, which is where ITSM plays a significant role. Traditionally, business and IT have always been viewed as two separate entities. The pandemic has helped businesses understand that IT isn't just a supporting element but the backbone of the organization’s success. ITSM turned out to be the need of the hour. It has worked just as efficiently, if not more, during the pandemic, emphasizing its importance in the workplace. ManageEngine's The State of ITSM in the COVID-19 Pandemic survey report showed that over 72 percent of participants responded positively to the effectiveness of ITSM in remote scenarios.
We faced multiple hurdles as we transitioned from different types of endpoint management over the years, and it's likely that you will too. Expect hiccups when switching to a new device management plan, especially if you're incorporating remote work in your organization. You might experience a sudden influx of tickets or VPN issues, but if you've done your homework and picked a tailored plan, the system should fall in place in no time, allowing you to deliver meaningful customer and employee experiences.
Challenges with endpoint security
(and best practices to overcome them)
Challenge #1: Cost
A solution that actually works won't be free. Implementing UEM in the workplace comes with implementation and renewal costs, not to mention the costs involved in buying hardware and software. Devices, licenses, antivirus, apps—it can definitely burn a hole in your pocket! Luckily, there are a few penny-pinching hacks to make sure you spend only on the necessities.
Best practice: Automate and evaluate
Automate processes to reduce overhead costs. Think of automation as an investment rather than an expense. Your admin team shouldn't be on defense mode all the time. If you're busy solving minor issues, some significant issues might slip through the cracks. Automation can free sysadmins from the shackles of redundancy and let them work proactively. For optimized resource utilization, automate your processes. You can identify unused hardware and software, reassign unused devices, and remove malicious apps. Plus, security features are embedded in automated workflows. Embedded security capabilities provide remote management and control of endpoints and guarantee that all employee devices are enrolled and deployed with the latest security updates. Automated patch management, application management, and policy deployments are some of the key focus points where we implemented automation.
Unleash your inner Marie Kondo and take a good look at your devices’ utility. Far too often companies shell out thousands on unnecessary licenses and apps. Spend only on what you need and get rid of the rest. Companies often overlook some of the features no longer in use. Most of the products in use at ManageEngine are in-house products, so that's a big saver for us. We conduct periodic evaluations of various products and third-party applications based on the latest technology. If the product features meet our requirements, we buy those products and integrate them with our own. The legal team evaluates licenses. Based on their input, we make the necessary investments.
Challenge #2: Too many devices and types
Regardless of the industry, policies, and security framework, monitoring the number of devices and implementing a plan that is suitable for every type has been a constant headache. It's even tougher with BYOD! Upgrading phones is no longer based on needs, it's a trend. And every time there's a new device, you need to start all over with the authentication. How do you keep up with the sheer volume?
Best practice: Invest and inventory
Your plan needs to be versatile. Invest in a solution that allows a wide variety of devices and supports platforms like Windows, macOS, Android, and iOS. UEM is a holistic approach to enterprise device management. A cross-platform visualization of all endpoints is a must-have. Manage from a single console. Manage your entire IT infrastructure from a single pane of glass using agent-based or agentless support.
Tip: Integrate with other ITSM tools to stay on top of your IT game. To maximize its potential, we've integrated our UEM system with our in-house products:
- Help desk software to ensure smooth communication between employees and the Sysadmin team and respond to tickets raised
- Enterprise security manager to secure browsers across networks
- Asset management software to keep track of our assets across all branches of Zoho Corp
- Analytics software to study data and create insightful reports and dashboards for informed decision-making
Challenge #3: Security
With the dawn of the 5G era comes a new wave of security threats. Distribution of responsibilities among manufacturers, network operators, and service providers increases the number of parties involved in providing the 5G service. This may cause risks in data processing and ambiguity in sharing responsibilities. As if endpoint management wasn't complex enough already! For every benefit, there's a potential threat. Downloading large amounts of data in a fraction of a second? Great! What if it contains malicious data? Not so great.
As 5G becomes a dominant presence, there will be a significant increase in deployment of Internet of Things (IoT) devices. Experts predict that this will be the perfect gateway for distributed denial-of-service attacks. Even if you don't choose to adopt 5G technology right away, you should keep up and ensure you're not at risk.
Best practice: Rules and regulations
Complying with regulations is a full-time job. Lay down the law! Employees should be made aware of what they can do and what is beyond limits. Accessing confidential information and performing any other tasks involving the organization must be carried out over a VPN. Make sure people have a way to report security issues, especially in a remote work scenario. Employees don't have the privilege of showing up at work for a quick solution, so it's up to you to find a way to make it work.
We have in-house products to facilitate communication between employees and sysadmins. Our help desk tool is a platform for raising requests to the Sysadmin team. Employees can monitor the ticket status and alert the team in case of urgent issues like theft or a security breach. Our communication tool allows employees to stay in contact with the rest of the organization remotely and at work. It helps to know who is available at any given point in time to assist employees with their device-related troubles.
Zero Trust framework
A Zero Trust framework, as the name suggests, is a data security protocol that implies that all devices and entities within or outside of a network boundary are not to be trusted unless thoroughly verified by the system administrator. Zero Trust relies on multi-factor authentication, analytics, encryption, and file-system-level permissions; it includes dynamic enforcement of access rules, not only for a user's identity but also for their device and the context in which they're attempting access. Simply put, nobody enters or makes a move inside the network without your permission. You have full control over your organization's network and can cut off system access should any action fall outside of the predetermined range of allowed activities. The result is that users are given the minimum amount of access to accomplish a specific task.
Mobile devices are at the core of Zero Trust security. Traditional cybersecurity follows a “trust but verify” model that isn't exactly suitable for modern technology. Working on the assumption that everyone inside a network can be trusted may result in insider attacks. A continuously monitored real-time security framework is a protective shield, especially in organizations that have BYOD in place. A great example is Microsoft's Zero Trust framework.
Challenge #4: Complexity
Time is money! You could lose out on thousands of dollars if employees don't understand the system. If your system is too complex, employees may spend more time trying to figure out how they can submit a device request or access information than actually getting work done. If employees are not satisfied with the endpoint solution, they may avoid using those devices for work, completely defeating the purpose of investing in such a tool. How do you balance protecting information and boosting productivity?
Best practice:
Choose a user-oriented solution
Users first. To quote Steve Jobs, "Start with the customer experience and work backward to the technology." It's important to protect corporate data, but it shouldn't be at the cost of your employees' productivity. Choose a solution that works best for your employees and your brand and work around it. Employees are at the core of our plan. Employee experience is just as valuable as customer experience.
Assess your needs and test out different solutions before you pick “the one.” Do you want an in-house solution, or will you outsource your ITSM operations? What do you aim to achieve by implementing endpoint management? What are your organization’s pillars of security?
The future of mobility
Endpoint management is not a one-time process. It's constantly evolving—and that's a good thing! You cannot stick to the status quo and expect your brand to grow. You should be able to control your endpoints at any point in time no matter the size of your organization. Be prepared to go with the flow and scale up as needed. Update your systems. If your organization has a machine or device running outdated software without the latest patches installed, your risk of experiencing a security threat increases significantly.
Before you implement a plan, ask yourself whether it ensures protection. Does it provide a cohesive user experience? Investing in a plan that checks all your boxes right from the start will strengthen your cyber resilience, and you'll reap its unparalleled benefits in the long run.
The 5G era
The future of mobility will be revolutionized by the introduction of 5G technology. Despite its challenges, the benefits of 5G outweigh the cons. What's in it for you?
Better device connectivity:
Ever faced trouble with spotty service in a crowded place? Or in the middle of nowhere? Not anymore! Connectivity in hard-to-reach places is critical now that remote work has become the norm. 5G also allows organizations to implement virtual networks and create subnets. Network slicing provides connectivity more tailored to organization-specific needs. Improved device connectivity is a blessing in the workplace, facilitating calls and presentations in real time without network problems. You no longer have to spend the first five minutes of your Zoom call saying "Can you hear me?"
Maximum speed:
The 5G experience promises speeds of 1Gbps to 10Gbps, which is a significant shift from 4G LTE, maxing out at 1Gbps. While some claim 5G could theoretically reach 20Gbps, it's too early to predict real-world performance. Nevertheless, this makes downloading information and communication with cloud platforms faster and easier. This in turn will improve productivity, saving time and money. It would take you longer to tie your shoes than it would to download a movie!
Improved device capacity:
5G is expected to enable mass connectivity. We're talking millions. One million devices per cell. People from every corner of the planet connected in an instant. It also helps that 5G is an addition to our existing system rather than a complete replacement. When a 5G connection is established, the device will connect to both the 4G network to provide the control signaling and to the 5G network to help provide the fast data connection by adding to the existing 4G capacity.
Lower latency:
With 5G, latency (time taken for a device to carry out a task) could drop from 50 milliseconds to just one millisecond. Deutsche Telekom achieved a latency of three milliseconds with the first practical 5G trials in Germany. This means there's virtually no delay in sending and receiving emails, Googling information, or downloading files.
Experts predict that loT will account for a quarter of the 41 million global 5G connections in 2024.
IoT boom: Machine-to-machine communication will revolutionize every field. IoT is the cherry on top in the smart world. Smart cities rely extensively on 5G and IoT to create immersive experiences. Businesses can expect an increase in wearables like smart watches and even drones. Next-gen tech will make room for innovative products and services and improve our way of life, similar to the rise of cloud services.
Increased bandwidth: For businesses, using 5G provides deeper insight on their customer base. More connections, more information. A large portion of digital businesses rely on data. Big data analytics can help turn volumes of data into actionable knowledge. You can benefit from a vast wealth of information and transform your business like never before. They don't say data is the new oil for nothing!
Every sector you can think of stands to gain with the widespread introduction of 5G. While it may take a couple of years to see its full potential (and perils), that shouldn't stop you from stepping up your endpoint strategy now.
Final thoughts
Through this book, we've uncovered ManageEngine's long but fruitful journey in device management. We've had our ups and downs. We've faced struggles and gained so much in the process, and that's the purpose of this book. We want to share our knowledge in hopes that others can grow from it. The most important takeaway from this book is that there is no such thing as one right policy or approach. We have many options to choose from, so make the best of it! The future of mobility is full of promises. Although we can't predict what's in store to a T, one can be cautiously optimistic about the exciting road ahead. We hope this book inspires you to take charge, to lead the change in your field and become a pioneer of innovation in your own way.