“So, it’s a useful and important part of hybrid work to audit your calendar and make sure it’s an accurate reflection of your priorities, but also that you’re protecting a portion of your unscheduled time for individual work, deep thought and ad hoc conversations that need to happen outside of scheduled meetings.”
What are the biggest tech challenges related to hybrid and remote work? “Cybersecurity is always a concern. People are now mostly accessing work resources across networks that are not part of our corporate network.... One of the things we’ve done is created a Cisco worker bundle kit, which is essentially a branch office in a box. It comes with some Cisco hardware, security software, and some services that allow the employees to benefit from the same tools that large corporations and governments use to protect their assets. It creates a sort of umbrella shield around their entire home and everything in it.
“I think it is a complex security problem to solve, and it requires some different approaches to being thoughtful about what are the things that we really have to protect and how do we shore up those trust boundaries in a much more highly distributed environment?
“I’d also say the network needs to be able to support people working in a different way. For years, we were focused on a hub-and-spoke environment...where the expectation was that all or most people would be in the office. Now, that’s inverted and most people aren’t in the office on any given day. And so that requires a different approach to your network backbone, the way you handle traffic, your peering strategy, your SD-WAN strategy, your SaaS strategy.
“We read about in the beginning of the pandemic, some places sent people home and then their [corporate] network was overwhelmed with people watching video games and doing other things. That’s a byproduct of a network that’s not designed for that kind of traffic flow. So having things like split VPN and zero trust, a private peering strategy — those things were always important, but they became existential requirements and immediate imperatives during hybrid work.
“I do think collaboration is an important part of hybrid work, and having a high-quality remote work experience is really important to get right. And being able to understand there will be people working in shared spaces where maybe they don’t have a dedicated room they can set aside as a home office — they’re in a kitchen, maybe there’s a child in the background. You have to be thoughtful about these issues and equip people the right way so that it doesn’t become stressful for people or that they don’t have the same career opportunities as a result....”
What do organizations need to do differently now in light of video games or smart home devices using the same networks as the business? “From a security perspective, I think you need to understand what your adversary landscape looks like. Are you getting internet drive-by shootings, or do you have apex predator, advanced persistent-threat, nation-state type threats going on all the time, and those things require different responses. All that comes down to an exercise in understanding your network and the underlying systems better than your adversary who is trying to break in. Make sure logging is turned on. Make sure you have an accurate inventory of what is in your network. When a new exploit is discovered, how quickly can you close the gap between when a known vulnerability is discovered and patching and resolving it.
"Well-run networks really do make the life of an adversary much more difficult. Observe the principles of least privilege. The smallest number of people possible should have the keys to the castle. Segment off sensitive portions of the network.... Do red teaming and penetration testing. Red is easier than blue. Generally, those exercises will yield good insights into the blast radius of a potential threat.
"Deploy multi-factor authentication. Obviously, at Cisco we use duo, but those things really are an easy way to improve security that doesn’t impact the employee experience negatively. Invest in network automation. Generally speaking most intrusions today come down to an email through which someone clicks on a something they shouldn’t have, visiting a site that executes something that shouldn’t be running on your device, or inserting removable media that’s contaminated with something.
"I’d also say deploy endpoint protection and response solutions — EDR software. Antivirus is no longer sufficient. We obviously use Cisco’s own solutio,n but some kind of EDR software is really important, especially in hybrid work environments....
"There’s a certain amount of training for employees on cyber security. That’s something we do on an annual basis — trying to do the best as possible to try to detect phishing, spear phishing, and email attacks....
"And you’d think in 2023 we wouldn’t still be talking about patching, but the simplest thing I can do to secure the overall security posture of Cisco is take advantage of software updates as quickly as possible. Keeping software up to date is still an important part of the job....
"Application-level scanning when we write software — looking for secrets in code, looking for memory leaks, looking for known exploits — that’s important for any custom software we build. And...upleveling the overall security posture of the entire household benefits everyone in the household. That’s part of the benefit of our hybrid-worker bundle: the water level rises for all devices in the home if it’s protected by our Cisco equipment and security software."
What are other ways to solve hybrid tech problems, both for IT and end-users? “I think really leading with the experience is important. There was a time when people had an expectation when they went to work in a large corporation; things were complicated and the experience just wasn’t going to be great, but that’s the nature of the beast in a big enterprise.
“People now coming to work have a very different set of expectations. You know who I am. You know what my job is. And you have billions of dollars to solve this problem. My experience at work should be better than my personal consumer experience. And so, I think we have to take seriously our obligation to prioritize the user experience, lead with design and user experience, and engineer from the experience in instead of the IT department out. We need to understand that IT is a servant role.
“We’re in the business of meeting unmet demands, or unmet needs. To do that you have to have the mechanisms in place to collect feedback, understand where friction points are, what is the overall friction index of your employee trying to complete tasks everyone needs to complete… and how do we get after improving those things and prioritizing that – whether it’s an expense report or looking up another employee or sales and marketing activities. To really understand what the experience is for those employees and how can we make it better — that’s a big focus for me. It’s one of the first changes I made when I became CIO — creating a design and experience function that reports directly to me. I act as the product owner against that team’s backlog and prioritize what projects they should spend their time on. It’s the only function I hold centrally....
“The design and research and experience team is separate because it’s a scarce resource and I have to make decisions around how that team’s time is most effectively spent.”
How has your physical office space changed? “The Cisco offices are being transformed to be more flexible, collaborative spaces. There is still space for individual work, because you’re still going to need that, but much more of the office is dedicated to open environments and collaborative spaces. And then we have a whole smart building initiative that leverages a lot of Cisco technology to get telemetry from the collaboration devices, the wireless access points, the power-over-ethernet in the building, and HVAC systems. We bring all that together to have an intelligent, real-time view of air quality, occupancy, where is a particular conference room, and being able to see all that in real time and visualized in front of you.
“That helps ensure office is more energy efficient, but also more people efficient in terms of where they may need to go and...when I’m exceeding the recommended capacity of this room. All this information you can get from the telemetry of devices we have in our offices.”
What benefits have you seen from power over Ethernet? “The power efficiency of power over Ethernet is really interesting. We can power much more than just network devices. And you can do interesting things like send a certain amount of power to certain ports and turn others off based on the occupancy of the building and do a lot of really interesting things for power efficiency.
“When you can have per device, per port control over how much power and when, you can save a lot of energy versus all the power either being on or not.”