By Rob Malkin, VP of APAC Sales, Lifesize
As trends surrounding remote work and flexible schedules proliferate, so too does the multitude of tools that enable teams to connect and collaborate wherever they are. Video conferencing, which has been around in some (now seemingly archaic) form or fashion for the majority of the current generation’s professional careers, plays an increasingly pivotal role in making those connections more personal and that collaboration more productive. In fact, according to a recent survey we conducted of more than 1300 full-time professionals, 43% use video conferencing to work remotely or from home and an equivalent 43% use video to improve team productivity when in different locations. Those numbers will only increase as more remote and flexible work occurs.
In parallel, another trend that will see rapid acceleration is the use of personal mobile devices for remote participation in that video communication. All those employees, devices and communication tools radiating out to all corners of the globe may be a boon for the workers themselves, but it can produce a nightmare management scenario for IT organizations.
Especially when distributed teams are left to their own devices (figuratively, this time) to figure out the best way to meet and collaborate, they end up making decisions and procuring tools that are well outside of IT’s field of view, potentially opening up the organization to a host of security implications, uncertainties and concerns. As my colleague Michael Helmbrecht astutely observed, “In many respects, communication services represent the ‘last mile’ in information security.”
In this freemium “land-and-expand” era, where employees download or purchase their own communications tools, it’s rare that IT teams still have the opportunity evaluate, approve and manage every single communications service, app or SaaS tool that makes its way into the business. Still, they should be able to have the same peace of mind when it comes to the security layer underpinning those tools as they do when deciding on a more traditional front-door IT purchase.
The list of security requirements should not change just because an individual, team or line of business decides to subscribe to, provision and pay for a service using a credit card that keeps the communication tool off of IT’s management radar. Here are some simple questions anyone (not just IT) can and should consider when acquiring the communication tools that enable remote work and distributed teams:
- Where do the solution’s security mechanisms end and where is our company expected (or obligated) to pick up and provide our own mitigation of security threats?
- Are security best practices like two-factor authentication, integrations with single sign-on (SSO) platforms and keeping services behind established firewalls being followed or circumvented?
- Is all media, signaling and stored content within my communications encrypted? Is that automatic or is it left to us to discover and enable manually?
- Is the product or service built on top of WebRTC so it can run natively in popular browsers –both on mobile and desktop devices – and does it adhere to those browsers’ security controls?
- How does the provider of this tool ensure that bugs and vulnerabilities are addressed through software updates? Are apps updated automatically to be sure that they’re on the latest version, or do we have to discover that an update is available and install it ourselves?
- If the latter, can it be deployed centrally (aka should we engage IT for air cover) or are we expected to manually update apps ourselves?
To be clear, enabling remote and flexible work arrangements is a good thing – it’s one of the chief ways that companies are effectively attracting talent from the younger generations now driving our workforce. The communication tools that underpin that future of work by making connection and collaboration more seamless are fundamentally good as well. However, we can’t afford to be lulled into a false sense of security and not take a critical eye toward the secure foundation, features and functionality that ought to be protecting us as we use them.
