Recently I participated in a webinar with Toks Oladuti (Netskope customer, and senior IT security manager at the international law firm Herbert Smith Freehills), and my colleague Neil Thacker (Netskope’s CISO EMEA). The conversation was hosted by Janet Day, a long-time technology consultant to the legal industry. During the webinar, we touched on a lot of topics and I was particularly interested to hear Toks’ stories of HSF’s journey to the cloud. But the discussion started, as many do at the moment, with thoughts around 2020’s unique demands on IT infrastructures, as whole organisations moved to remote working, and I wanted to share three of the points I took away from the discussion.
- The unique conditions of lockdown have hugely accelerated transformations that many had already planned to undertake (at a slower pace).
Toks told us that ahead of lockdown, HSF already had in place the remote working capabilities and necessary collaboration tools, but even with this head start, there was work to be done as the company was in the process of shifting from Skype for Business to Microsoft Teams. Before lockdown, collaboration platforms had been considered as supplementary to continued face-to-face practices, but with that no longer possible, the data sharing and collaboration elements of these tools quickly became critical. The HSF IT Security team had to fast track its plans for securing these collaboration tools.
Neil Thacker believes that the crisis has accelerated the onboarding of new applications that were originally planned for late 2020 or 2021, and cloud has been the saving grace for many organisations, allowing them to continue day-to-day operations with minimal disruption.
- 2020 has provided the opportunity to “rip the plaster off” old fashioned behaviours and technologies that businesses have been hanging on to.
We talked about the legal industry’s affinity for “wet signatures”—something that is just not practical when everyone is working from home. Remote working during lockdown has expedited a move to tools such as DocuSign and AdobeSign and given a headwind to the behaviour change that is unlikely to revert to previous practices after lockdown. Toks believes that internal and client user bases have gotten used to the new tools quickly and without anywhere near as much of a change in process or “hearts and minds” buy-in programme as would normally be employed.
Neil added VPNs to the list of older technologies that were failing to keep up with the demands of 2020, telling stories of organisations that were experiencing 12-week delays in the acquisition of any new VPN appliances they needed to manage the load. In this scenario, the speed with which a cloud-based remote access solution can be implemented was a huge advantage. Obviously, alongside this implementation agility, organisations also reaped the user experience benefits of moving away from the nonsensical routing of cloud traffic through on-premises security appliances.
This questioning of the old ways brings up really interesting discussions for Neil, such as why are we still relying on broad IP-based access when connecting remote workers back to networks rather than focusing on access to just their authorised applications?
- Pragmatism and realism have been unavoidable, and security needs to be able to cope with a certain liberalism in the IT environment.
Toks told us that HSF had chosen Microsoft Teams as its collaboration tool (migrating during lockdown from Skype for Business), but acknowledged that it wasn’t as simple as choosing one application and dictating its use. All businesses are making their own decisions and this meant that partners and clients all had their own preferred tools of choice (as well as multiple instances of personal/private accounts among users). During this period many of us experienced the need to share corporate devices with children for homeschooling and non-corporate Zoom calls. For Toks this unavoidable behaviour meant HSF needed baseline data and threat protection regardless of whether the platform in use had corporate endorsement or not (of course, he was in luck because Netskope makes protection for both data at rest and in motion easy). Toks described how the Netskope Cloud Security Platform has extended HSF’s “security umbrella” beyond authorised cloud, to include shadow cloud apps and web traffic.
Visibility and control were mentioned a lot as key requirements for extending this “security umbrella” (to steal Toks’ phrase). We agreed that for organisations that were not already on a cloud journey when lockdown began it seemed like the only issue was remote access. With some lockdown miles under our belts now, it has become evident that it is visibility and control of our “work from anywhere” employees that are key to ensuring productivity and security.
There was plenty more that was discussed during the webinar, so if you want to listen in, you can catch the whole thing here. If you’d like to learn more about how we help customers like Herbert Smith Freehills, Omnicom Group, and Sainsbury’s keep their data safe please book a meeting with us.