As businesses wrestle with the everyday challenges brought on by the COVID19 pandemic, it's important to consider the role that technology is playing in keeping these organizations functional.
Under normal circumstances, Vin DiPippo's role as Chief Technology Officer at Brave River Solutions involves the oversight of current technologies and creation of relevant policy for Brave River and their clients. In a COVID19 world, these operations have shifted to support the acceleration of certain IT and technology efforts that are carrying these businesses through the current times.
Here are Vin's answers regarding how companies can use technology to help them navigate this new landscape.
The current health crisis has sent organizations across the world into a tailspin. What role does IT play during COVID19?
It’s interesting because it’s been said that we’ve had two years of digital transformation in two months. And when you talk about digital transformation, a lot of IT revolves around it. I think that this is where some of the words that we use in acronyms must be parsed out, because it is information technology, and there is a technological component.
I think the most prolific one that everybody has become aware of are things like Zoom and online meetings. I actually had a committee meeting for a not for profit, and we’ve been doing these online meetings for a while. Every time we did a committee meeting, it was always a comedy of errors to get everybody online. The very first time we did it, it was like we were in some sort of futuristic zone.
The last committee meeting we had, which was the first one since COVID started, we decided to do it on Zoom because everybody had been using it. Everyone was there on time, and everybody had the etiquette like backgrounds and such. This is the exact group of people that did not at all gel with the technology and were old hat. So that’s part of the digital transformation, is providing the technologies. And we’ve certainly seen a huge uptick in the cloud.
I think just explaining to people what the cloud is … it’s still a machine and servers and whatnot running, they’re just not yours, and they’re just not ones you have to take care of. You just consume the services they offer. But having people start using the cloud technologies and the online meeting collaboration technologies has been the IT component of COVID.
But the quarantine has also driven the business side of digital transformation with some interesting effects. It’s not just that we’ve had to adopt these technologies in the last several months, that would have otherwise taken several years, just on the calendar. It’s also that people were inspired to do it and required to do it.
Take Brave River for example. We’ve had a lot of office time, and that’s been our culture. We’ve allowed people to work from home, but we really wanted to step up and do the work from home as a program, to have it as part of the employee manual as to how we do work from home. We had been going through a lot of the different things that needed to happen to make that work. And when COVID started, we were all working from home. So, in our case, it was really good that we had the technology already done, because we had set ourselves on a path to be a full user of, say, Office 365.
So, several years ago, we set ourselves up on the course to become experts to eat our own dog food as they say. But just to use all of Office 365 – all the good stuff and all the bad stuff – you know, just try and use it as much as possible. We were already on that path. The technology part for us, because we’re a tech company, was second nature. But it does show you that even with the technology, there were a lot of employee practices that we were still working through to make our work from home splash, to make that a policy.
And that basically happened for us, right? It was forced on us, and we did it, and we were prepared with technology. But we weren’t all the way there with the process of policy. So, it’s funny that that’s what had to come together, and it has. You’ve seen two years of digital transformation in two months.
I think that a lot of companies have had some IT gaps to cover. They hadn’t been in the cloud, they hadn’t known how to use these tools and whatnot, so they had to cover that ground. But then I think everybody had to cover that ground. Okay, we’re doing this, we don’t have an office, we can’t get everyone together for this meeting, so we’re doing this. And that drove a lot of it as well.
It’s important to consider the long-term effects of the pandemic and what this “new normal” is going to look like. How can employers ensure that remote workers are equipped with these technologies and collaboration tools for reliable work?
So that’s a big topic right now, the new normal. You’re asking specifically about remote workers, but from an IT perspective, there’s a lot of technology that’s coming together to actually make the new normal.
When you think of a lot of our experiences that have to become normal again, there are things like retail shopping, there’s dining experiences, there’s get togethers, there’s large venues like movie theaters and concerts. So, there’s a technological role in that transformation to a new normal. In a way, the new normal intertwines all of that together, and there’s an IT component that’s important.
As far as the specific point you asked about the remote workers, it’s actually interesting because it overlaps a lot with the first answer I gave you. The idea of getting these cloud technologies and these online meeting technologies implemented is only half the story. Then, you have to really - not just train people on how to use them – but you also have to re-envision how your company’s workflows work.
So now you have the cloud. And you collaborate. And so how do you use these tools? How do you use Zoom? What do you put in the Zoom chats? You have a lot of different companies that are inviting you to Go To Meetings and whatnot. So when do you use different tools and where do you put stuff? What’s the workflow? That kind of thing.
Also just because of the differences in the technologies than the on-premise technology as it were in their closet. You know, the server that you had, you could store a lot of stuff on there and it was always present and always available and whatnot. And everybody just kind of knew how to get to it. So now, things are in the cloud, they might be segmented more there and might be available through different interfaces. You get a lot for it. Like you get it available on mobile devices, through web browsers anywhere you are, you can work on stuff and whatnot.
That’s great, but it needs to have process behind it. It needs to have people all working in the same direction, so that you don’t have this proliferation of information. Now it’s everywhere and no one can find anything. That’s an important thing, to make sure that the digital transformation doesn’t just involve technology, but it involves taking a step back.
You don’t really have a lot of time to do this or a lot of breathing room. But you really should be taking a step back and saying … okay, these technologies, how are they meant to be used? What’s the big paradigm shift that they enable? And how far do I want to go into that with this adoption of technology just to make it possible for us to work from home? I think doing one without the other is a mistake. And I also think it’s a mistake to try and completely reinvent a company.
Because of this, I think you need to find the balance. You need to implement the technologies that make it work. But you also need to transform a little bit about the way you work to get the most out of the technologies, and set you up for future iterations of that, where you will transform yourself more and more. So, I think that’s important.
I think the other thing that’s important for the new normal is to have governance over the work life balance, which is a really interesting thing that’s coming out of this. Most people are able to shut down at a certain time, and a lot of us would be on at night. But kind of go into work, you’d work and be busy, then you shut down.
Right now, just because of the physical location, most people are working from home and their lives intertwine. So, it was not often that someone would be working from home and you’d have some kid running around in the background and it was fun and it was cute and everybody understood.
But now, it’s everyone working from home. So, some of the meetings that you have things that happen in the background are just crazy. And that’s what gave rise to these new etiquette norms where you stay muted and that kind of stuff. You only show video when you’re presenting, or at the beginning, and all these different ways that people have come up with their meeting etiquette rules.
So that’s one part, but then also just working 24/7 or not respecting the workplace boundaries is something that companies have become aware of. A couple of our bigger customers have done studies actually using the metrics that they get from these tools and found that the work life balance is really skewed. And the companies that were concerned about that originally are very concerned about it now.
You can look at your Zoom account and see how many meetings happened, but you can also look at your Zoom account and do a bell curve of what times the meetings are happening. And if you see the bell curve getting a little but too big, like after 5 and before 8 in the morning, then you know either there’s a reason for it because of different time zones or you know people are not respecting boundaries. You can look at file dates and things like that. So, there’s all kinds of things that people are doing to make sure the new normal doesn’t become an unhealthy normal for sure.
As staff works remotely and apart from their typical IT infrastructure, there is an increase in cybersecurity threats. What are some of the most critical IT vulnerabilities experienced by companies during COVID19 and how can corporate networks protect themselves?
So, I think that the first thing people experienced was that some of the security measures, Zoom being the highest profile … but some of the security measure on Zoom were always there. They just weren’t in your face and they weren’t turned on by default, and now they are.
That’s not the whole story, of course. Zoom had some issues, some security gaps, and they redoubled their efforts and focused on it and closed some of those gaps and they continue to do so. But they’re a good case study to show that the value of the prize is directly proportional to the amount of people that are going to attack it.
And this is an older topic that comes up every now and then, and the example was a federal ID database. And there was a push several years ago to have, like a national ID card in the United States, and cybersecurity was one of the biggest concerns. There was a huge marketing effort by Oracle to say that, hey, the Oracle databases are secure, they’ve never really been hacked, we don’t have these security issues that Microsoft has, and it was because they wanted to get the business. They wanted it to be built on Oracle technology.
Of course, it never did get built, but the idea that they marketing that brought forth something very interesting. And that’s that no one cared about the data that was in Oracle. I mean, it was valuable data for corporate wise, but it wasn’t exposed like Microsoft’s data was. And as soon as the prospect came up that they would store a national ID card in Oracle, you can look at the history, there were articles upon articles of people who found like a bug a day, a security vulnerability a day. There was like, I think a list that was put out called the Hot 100, which was like 100 security vulnerabilities in Oracle.
So, none of that happened. It’s called security by obscurity, right, and so none of it came to the fore and that didn’t even happen. It was just the notion of having that kind of data stored in Oracle that brought all of this heat.
The reason that’s relevant is because that’s exactly what happened with Zoom. So Zoom security vulnerabilities, they were secure by obscurity, because no one kind of used Zoom the way they use it now. No one every thought that someone would want to Zoombomb a meeting, you know, and that kind of stuff. But then once it became this thing everybody started to use it became a huge target.
So those are the two things that you need. You need to look at that and then make a decision on where your infrastructure is. Of course, there’s always the cybersecurity risks that you had originally, but most of those were already publicly exposed. Things like websites and whatnot, especially websites that take credit cards, there’s the whole PCI compliance stuff that hasn’t changed. Nor has COVID changed it that much because, again, they were externally accessible before and they’re externally accessible now. The security surface area, as we call it, the attack surface area hasn’t really changed much for those.
When you look at the way COVID has transformed your business, you need to take a look at two things. First off, has anything now become much more visible than it used to be? And this happens more in bigger companies where you now have thousands of employees that have access to an online source, and they could get access to stuff they don’t normally have access too. Malicious actors and that kind of stuff. So basically, removing the obscurity layer, that’s one of the threats you have.
The second threat you have is, is the attack surface area now bigger? And a lot of times the answer is yes, especially if customers are interacting with people and those people were never really set up for remote, so they’re using their home computer.
A lot of smaller companies, even mid-sized companies, have had this problem because not everybody has a laptop. You know that laptops are like four to five times as expensive as an equivalent desktop. And also, there are a lot of technologies that companies have used that are even less expensive than that. Zero configurations, thin clients, that kind of stuff.
So now that people are working from home it’s very difficult for them to take that and go home with it so they’ve been using their home computer or they’ve been using their mobile devices and whatnot. Now your attack surface area has changed significantly. That’s the second thing to look for. Removing the obscurity component or drastically increasing your attack area.
And so what is the response to that? The response is the same as for the stuff you had to do before. You had to secure your website that was taking credit cards. So, the practices are well known, it’s just that the surface area is a lot bigger so it’s a bigger task.
We’ve seen a lot of uptick in that as well. You know, wanting to know, are we doing mobile device management? Most folks didn’t care about that before. Because the cell phone was not really installing apps, only a few people that already had pins on their cell phone and were relatively secure in their practices would be using the mobile apps to access stuff. But now you know the whole workforce is using the mobile apps to look at documents and join Zoom meetings and things like that.
So, this is where you can take baby steps and say everybody need to have a pin on their phone. And this is where you actually look at the technologies and you find that the facial recognition, the thumbprint recognition, and the pins all have different security characteristics. And they’re depending on the device and the security options available. You want to pick one that’s the most secure and enforce that.
And then customers are also looking at rolling out mobile device management, so the company has more control over what’s on the mobile devices, laptops, and phones, and that helps close the surface area. So, that’s the mobile device aspect of it. Companies have also been increasing their license count for things like anti malware and whatnot that they’ve used on their office PCs and laptops. They’ve been encouraging their employees to install it locally on the company’s dime.
That’s a huge thing to do because then you get the central control. Companies don’t have everybody go out and install McAfee or Symantec or Kaspersky or any of them. They have these enterprise deployments where they can see on a dashboard everybody’s status, that works well for an office. So, we see a lot of customers buying new licenses or making deals and deactivating licenses on computers that haven’t been used in a couple of months and having employees install them on their personal PCs.
So what that allows them to do is that it allows them to see the health of their now increased infrastructure, increased distributed infrastructure. That’s another thing that customers can do and it’s not very expensive. Usually it costs a few bucks in endpoint per month to do that, and if you can shift licenses or increase licenses temporarily, you can close that surface area.
By far the biggest one is using the cloud now to store stuff. This is where, I mean, we don’t set up people in, like Office 365 or Google G Suite, especially the administrators, we have an actual rule that says, unless the customer tells us no, and we document that they’ve declined this protection. We do not allow customer’s administrative access to any of the admin panels like in G Suite or Office 365 without an MFA.
MFA is multi factor authentication. And of course, you know this at Brave River because we actually have this enforced for everybody. The whole company has to use MFA. We would do conditional access it’s called, in both of them – saying G Suite and Office 365 – which basically means if you’re in the building, you don’t have to use it, if you’re out of the building, you do.
Every one of those rules kind of kicked in automatically when people started accessing stuff outside the building. But that’s a huge deal. You have to do something more than passwords. So, having another factor, which is usually the mobile app, we find that to be something that’s easy to use. And we also find it better than SMS, which is the text messages, because you can hijack that.
Anyway, that’s a huge deal right by the cloud. By the way – the mobile device management is also encryption of these devices. Most cell phones do that automatically with laptops, you have to turn that off. And we find that to be a huge deal because people are now working remotely, and you don’t have access to most of the equipment that’s being used.
So, if it gets stolen, that’s a huge deal, right? So, yeah, I think mostly the collaboration tools like Zoom. The same thing applies to your cloud accounts that everyone’s going to store files and collaborate and chat and everything. It’s the same thing as Zoom. Now that it’s where all your valuable stuff is, and now that it’s publicly accessible, that’s an increase to the surface area and you have to turn on all those measures.
COVID19 has lit a fire under technologies that keep businesses functional during quarantine. What are you seeing as the most in demand technologies for businesses?
I think we can probably call that answer from the dissertation that I just gave on the first… but, you know, anything that deals with collaboration and universal access. Maybe if I added a third to tie all three of these answers together, anything that’s collaboration, universal access, and security. Those are the technologies that are really important during this time.
Again, collaboration is just, how do we communicate? Like what we’re doing now. How do we communicate, how do we interact, how do we collaborate? The second thing is how do we get universal access to stuff so stuff isn’t locked up inside a building and you can only get there by going to the building.
Part of that, by the way, is VPN as well. So, some companies have chosen not to do things in the cloud, and still require people to use stuff on their local systems, but they require VPN access. A lot of companies have had a ramp up in their VPN licenses. And that’s a way of controlling the cloud surface area, but we’ve also had to kind of encourage some customers that even though they’re doing that, they need to enable the policies or push out the antivirus to that end user if they’re not using a corporate PC like I said.
Anything involving universal access which also includes VPN is important. And then the cybersecurity stuff, that technology is really important. We’ve had customers that have been using Webroot, which is one of the ones we recommend most, and they’ve been using Webroot for years. We’ve had kind of like the minimally invasive but secure on prem profiles enabled, and we encourage them to turn on the web browsing.
Anything involving universal access which also includes VPN is important. And then the cybersecurity stuff – that technology is really important. Turning things on to, like, we’ve had customers that have been using Webroot, which is one of the ones we recommend most, and they’ve been using Webroot for years and we’ve had, kind of like the minimally invasive but secure on prem profiles enabled. And we encourage them to turn on the web browsing, additional rule sets, we should turn on some other stuff that’s going to be a little bit more annoying to you, but it’s important now that you’re outside of the building.
So, I think those are the most in demand technologies, those are big buckets too. Security stuff, collaboration, universal access.
Is there any good, if any, that you see that could come out of all of this?
Well, I mean, obviously the whole crisis itself… You know, there’s some good that could come out of it, socially, but it has taken a pretty big toll, and this first and foremost of course is the human toll. And that can’t be understated.
It’s kind of profound when you take a step back and you look at the worldwide impact of it. Not just the loss of life, but the impact to life. And it also kind of serves to really bring us together I think, as human beings. Because for the first time you can honestly say that the same thing that you’re toiling with is something that’s happening in Europe, and Eastern Europe, and Asia, everywhere, Africa, name the continent, everybody’s going through the same thing. So it’s transcended language and race and country, geography, you know, so hopefully there’s some good that can come out of that.
Now from a technology standpoint, hopefully the good is that we’re living in a more connected world. The world was as connected as it could be before, except for rural areas which a lot of projects are seeking to remedy. But more than that, on a personal note, we had my daughter’s fourth birthday party last night. And we had the whole family on a Zoom call singing to her. So, you know, there were some times when people can’t be there but now, hopefully we have this idea that that doesn’t matter anymore.
So, we can use technology to be more connected. And we can use technology to stay connected. Now from another thing socially, I think, is that it’s caused everybody to kind of slow down. We’re spending more time with our families; we’re spending more time just doing stuff that doesn’t require going out.
Everyone has always complained about the busyness of schedules. This doesn’t mean that we’re not busy at work, but busy socially has been curtailed quite a bit by most people. Doing activities with the kids, for instance, there’s a lot less of that. Having people over, the social aspect. There’s a negative to that, but there’s also a positive that you focus on. You know, the core family. I think relationships have gotten stronger because of that.
There’s a negative side to that as well human wise, and I think people have reevaluated who they’re with. There was a meme going around that said, “if I had to pick one person to spend on a desert island for the rest of my life…” because the number of times I’ve heard that said, and just if I’d actually known I’d have to pick, and I would have chosen differently. So, you read into that what you want, but there’s definitely the human toll that’s been taken on this for people that are in the same unit but hadn’t really been quarantined together for a while.
So, hopefully, all those things come out for the better technology wise. I think that it’s, like I said, the adoption has really been the bigger story. I think some of the development stuff has been accelerated because of that, but I think all of this stuff was already on the roadmap. So, we haven’t seen any really groundbreaking new technologies come out that hasn’t been around for a long time. Their capabilities have increased, and everybody is raised to make sure that they kind of have all the same stuff.
Cloud has been around for years. But now everybody’s adopting it. Using technology to solve some of those problems that I said, about how movies are watched, and how concerts are attended, and how retail shopping happens, and those kinds of things.
You know there could be long-term effects that are the new normal that are positive. But overall, I just hope that it’s a good way to get us back to being more connected individually as people. Whatever role technology has to play in that I’m not sure, pre post, but if anything good can come out of this with the human toll would be a human benefit.