Reshape equipment policies
A decade ago, the BYOD movement brought personal equipment into the formal work processes, and a slew of mobile management technologies followed to support that. Under the hybrid office, computers, networks, and phone services join the party, with workers often using their own equipment for at least some of those.
In the past, remote work was an exception at many companies, so equipment policies were nonexistent or specific to particular departments, Hewitt says. That needs to change. “You need more universal policies on equipment,” says IDC’s Rowan.
Companies could decide to provision all equipment used at workers’ homes, providing or reimbursing authorized computers, routers, phones, and related peripherals like headsets and monitors, perhaps even chairs and desks or tables to ensure safe ergonomic work environments. But even that strategy ends up using shared networks — the internet connection that comes to the home and the network within the home — so there will be some personal equipment in the mix.
Many companies will be more flexible than that, either formally or informally, such as by issuing laptops to employees but letting them use their own (possibly subsidized) peripherals and perhaps their own computers as well. Still, policies will be needed to establish what equipment employees must have to do their work and what employees may add to the mix on their own.
That policy effort also provides an opportunity for the business to rethink its disposal of retired equipment, Rowan says — such as allowing lower-paid employees to purchase such equipment for personal and family use or donating it to schools, charities, and other organizations to help poor people participate in the even more digital world that has emerged after the pandemic.
Regardless of who owns the equipment, the remote worker’s computing environment will be largely provisioned through cloud services and secured by a range of tools and services: access management tools like Microsoft Authenticator or Okta; cloud storage and backup services; unified endpoint management (UEM) tools; remote support tools; antimalware tools; and the like. The potential mix of corporate and personal devices has implications for software licensing and costs that IT needs to ensure it understands.
A related issue is paying for internet access, which some companies do and others do not. You could argue that internet access is a normal personal expense, like electricity or heat, that the employee should pay for. But many lower paid employees forgo broadband internet access at home and instead rely on their cellphones, due to the often high cost of broadband. Or they get the cheapest plans, which don’t support videoconferencing and other work needs well. As a result, “IT needs to consider improving employee infrastructure like internet, even though it is an additional expense,” says IDC’s Becker.
Reshape access schedules for corporate systems
With the need for many employees to time-slice work hours and personal hours as they interleave work with personal and family issues throughout the extended day, IT has to consider how to support that reality.
At the beginning of the BYOD movement, recalls Gartner’s Adnams, “we went through a phase when cell phones became common, with people emailing on the weekend and others feeling they needed to respond.” As a result, some companies restricted access to corporate systems to specific hours with good intentions. “We’re in a different world now, where we need to give employees the control and respect to manage their own time,” she says.
Thus, IT should enable anytime access to corporate systems where they are now unnecessarily restricted by time of day, and provide tech support over a greater portion of the day. Organizations should also monitor access and data flow over that longer day to find possible intrusion patterns under these changed access patterns.
Help HR help users for the long term
The change in the work environment has brought IT and HR closer together, both in strategic and tactical areas. IT can help HR in several ways to help the users they both support.
A high priority should be to help HR head off bad management practices and instead encourage good ones. For example, some managers don’t trust their employees and want to monitor them in unhealthy ways, such as tracking the number of keystrokes or hours they are active. These are “managers who don’t have enough experience and are used to top-down directive forms of management, as opposed to supportive forms of management where they are trying to help get to a desired outcome,” says Forrester’s Hewitt.
While some jobs’ work outcomes can be measured in minutes of activity or actions per hour, many cannot — and companies should not fall into that trap, concurs Gartner’s Adnams. Furthermore, employees have shown they can be trusted, says IDC’s Rowan, which is why productivity gains have remained nearly a year after the pandemic hit.
“Productivity actually increased for companies that took employee satisfaction seriously. Retention increased, and there was reduced absenteeism,” adds IDC’s Becker, stressing the phrase “for companies that took employee satisfaction seriously.”
Rather than enable unhealthy Big Brother tracking, which will only frustrate productive employees and risk driving them away when the economy recovers, Forrester’s Hewitt suggests that IT help HR implement constructive monitoring instead, such as user experience management tools, which try to get better telemetry data on what users are experiencing.
“They collect info on the app, network, and device to try to optimize the experience for the user,” he says. The good news, he says: “We see HR leaders coming to IT teams asking for the data to help inform how they understand the user experience.”
Some of what may be useful to monitor may not be so obvious. For example, Hewitt says, “People are fatigued by 10 hours of day of videoconferencing. For a manager-employee one-on-one, say yes to video. But for a team call with 20 people, it’s less likely the right medium.” Knowing how much time people use various collaboration channels may help identify where one, like videoconferencing, is overused — that data combined with user training could result in a healthier balance of tool usage.
Where burnout is a concern, IT could use activity tracking tools to identify individuals who may be working too much — not too little — to let managers and HR know where there’s a risk. “People are working longer hours and working harder, and that is not sustainable,” Hewitt says.
Fortunately, says Gartner’s Adnams, after the immediate crisis caused by the lockdowns settled down, many employees started to work more rational hours, using techniques like time blocking to avoid burnout. “Most people are pretty self-sufficient and self-monitoring,” adds IDC’s Rowan. So IT needn’t overreact to the fear of burnout, but instead help HR and managers identify those who do struggle with overwork.
Fine-tune your security
Security concerns dominated IT attention in the early days of the work-from-home shift, and rightfully so. Organizations that already supported mobile workers and home-based workers were in a good position during the lockdowns, while others had to catch up to what today should be considered standard security practices.
First, IT should review the security changes made at the beginning of the pandemic to make sure they are still valid and optimal, and to correct errors or weak settings done in the rush as the first COVID lockdowns occurred in spring 2020.
Then, notes Forrester analyst Hewitt, there are some new security issues to address. One is that more data is coming out of the data center than in the past. “I wouldn’t say remote working is less secure fundamentally, but you need to contend with more data to be protected.” So, IT must make sure its security scanners and other tools can handle the increased volume of data flow into and out of its networks.
At the same time, IT should be careful to not over-restrict users, such as by limiting access to corporate systems to artificial working hours or disallowing access to corporate systems from personal equipment, says IDC’s Rowan. “It’s smarter for a data security strategy to allow that because a lot of people will otherwise transfer stuff to their home equipment, which often is not secured” so they can more easily work at their convenience.
Hewitt also suggests that IT look beyond VPNs to secure data traffic, because VPNs weren’t designed for hybrid work scenarios. If the VPN takes all traffic from computers used by employees for both business and personal purposes, all personal traffic has to go through it, not just corporate traffic. That causes a huge increase for the VPN and corporate network to handle. And if the VPN only handles traffic to corporate apps — the typical deployment approach — then there is no protection on personal data connections. (Only one VPN can run at a time, so you can’t have both a corporate VPN and personal VPN in use.)
Those unsecured personal data connections could become malware vectors that infect the user’s computer and then risk the malware getting into the corporate network. This is why IT organizations have long disliked mixing personal and corporate connections on the same devices.
The limitations of VPNs have given rise to zero trust networking and privileged access management tools, which Hewitt advises be explored.
IT should also help people ensure the security of their home routers, such as by educating them on minimal security standards to use, such as WPA2 for wireless encryption and the use of built-in firewalls. Hewitt suggests that, for lower-paid employees, companies consider buying or paying for recent routers whose security settings meet corporate standards when what is in the worker’s home does not.
Phishing attacks have risen during the pandemic, with criminals taking advantage of more isolated, less supported, and more frazzled work-from-home employees. IT should be more aggressive where possible in identifying such attacks, and training (or refreshing) users on how to detect them more easily. If antiphishing tools aren’t in place, they should be.
Continue the shift to cloud computing
The shift away from data center staffing and increased use of cloud services during the pandemic show that IT already knows that the future is in the cloud. Microsoft 365/Office 365 and Google Workplace (formerly G Suite) have gained usage, as have cloud-based collaboration tools like Slack, Zoom, and Teams. So has cloud-based security.
With the initial pandemic shock over and the immediate needs addressed, IT should step back a bit and make sure it has a cohesive cloud strategy across the board.
Make mobile enablement the default
It may seem strange that mobile support should be on IT’s agenda for the new reality, but many software tools and web services, whether homegrown or vendor-supplied, still aren’t designed for use on smartphones. They may not support mobile operating systems or smaller screens and touch interfaces, or they may use too much bandwidth for cellular connections.
Organizations that haven’t yet delivered on this strategic need, or have done so only partially, need to finish the job. Mobile is no longer exotic or new, but a core part of how employees and customers alike engage with the digital world.
“IT can help on the deliverables side, making things available through mobile,” advises IDC’s Becker. “Raise the priority. Many people live in homes where Wi-Fi isn’t sufficient,” so they use their phones instead.
And remember: The need for mobile enablement of apps and services is even more critical for customer-facing technology.
The digital transformation that affects us all
There’s a lot of talk in the IT industry about digital transformation, ranging from feel-good vagaries to specific technology deployments. The COVID-19 pandemic’s move to remote work forced a real digital transformation on companies — affecting technology, business processes, customer engagement, and priorities across so many industries globally.
It is a shared digital transformation that won’t stop as the pandemic ultimately recedes. The Herculean efforts made in 2020 aren’t the end of the journey. To do it right, IT needs to think differently about employee involvement, support, and needs, partnering with HR, business management, and the employees themselves. The immediate pandemic response shows that such a transformation is possible. Now we just need to make it a part of our new normal.