Given the circumstances of the recent global pandemic, organisations did the best they could to initially respond with the resources and technologies they had available. As organisations now start to turn the corner on the initial ‘Respond’ phase, it’s time to reflect on what worked, what didn’t, and how to plan for the future.
So, let’s take a look at five lessons we learned when a majority of the office-bound workforce suddenly shifted to a distributed one …
Lesson 1: Doubling Down on VPN? You Can Do Better
A common way for organisations to provide their users secure access to the corporate network is through a virtual private network (VPN). Many organisations opted to expand their VPN to accommodate larger numbers of employees working from home, but VPNs were never designed to handle the complexity of the way we work and architect our data centres today.
Security is a primary issue with a VPN. Threats often piggyback on connections from unsecure or unmanaged endpoints and, once able to penetrate the corporate network, they get unfettered access.
In addition, a VPN is difficult to manage. Increasingly complex architectures and distributed networks require more and more VPN appliances, each of which must be configured and managed. Keeping track of everything on the network and the corresponding network and security policies can quickly become complicated and even unmanageable.
The complexity of the VPN network also will likely lead to a poor user experience. With organisations hosting applications and data across various sites and clouds, end users have to connect and disconnect to these different servers – a tedious, time-consuming process made even worse by network latency. When a VPN is the path between users and the corporate resources they need to get their work done, any issues are going to lead to urgent help desk requests.
There are alternatives to a VPN that more easily adapt to modern data centre architectures.
VMware Future Ready Workforce Solutions include VMware Workspace ONE, a powerful digital workspace platform that provides secure and conditional access to the digital workspace, easily accessible by end users through single sign-on (SSO). Workspace ONE has an intrinsic approach to security with access to identity, device, location and behavioural data that is synthesised in real time and used to make decisions about access to corporate resources. Known as Zero Trust Network Access, this intelligent conditional access technology greatly reduces risk and simplifies management.
Many other organisations have chosen to bypass VPN by virtualising their desktops and applications with VMware Horizon, part of the Workspace ONE platform. Virtualising desktops and applications in the data centre enables end users to access their desktops and all their corporate-assigned resources through a web browser or client on their endpoint. Horizon provides end users with easy access to their desktop and corporate resources through SSO that is reinforced by multi-factor authentication methods, including SAML, RSA, smartcards and many more.
Lesson 2: Take Advantage of Cloud Resources to Quickly Burst Capacity
When the pandemic hit, organisations wanted to build or expand their existing virtual desktop and application environments quickly because they knew those environments would be a secure and manageable way to deliver corporate resources to additional end users and use cases. The challenge was getting enough capacity to virtualise hundreds, if not thousands, of virtual desktops quickly. The ability to quickly burst into the cloud – or even multiple clouds – adds a whole new dimension of available capacity.
VMware Horizon has several deployment options that enable organisations to deploy on-premise, through hybrid cloud or in a wide variety of public cloud options. Organisations can leverage VMware Cloud™ on AWS or deploy Horizon on Dell EMC, Microsoft Azure, Google Cloud VMware Engine, IBM Cloud and many more partner clouds. Key hybrid use cases such as burst and Business Continuity and Disaster Recovery (BC/DR) are enabled by Horizon capabilities. These include the ability to create brand-new desktops on demand, in seconds, and to create a global entitlement across pods, sites and clouds. Many organisations were able to easily expand their existing Horizon environments in days and, with Horizon Cloud providing desktop as a service, organisations could take advantage of offloading management to vendors and hyperscale cloud providers.
Lesson 3: Provide Flexibility to Support All Device Types
One day end users were coming into the office and the next day they were working from home. If an employee doesn’t have a corporate-owned device, how are they going to securely access corporate resources? Organisations that wanted to purchase endpoints for their users were met with long lead times due to high demand and limited supply. Some allowed end users to use unmanaged personal devices, even though these devices pose a security threat if they are used to access the corporate network.
It’s best to have a strategy in place so you can easily support a wide array of device types and operating systems. There are a couple of ways to tackle this.
One way is to provide the end user with a virtual desktop or virtual apps. Because end users are using their endpoint only to render the virtual desktop or virtual app, IT doesn’t have to worry about securing or managing the endpoint. A virtual desktop or app solution also abstracts away the complexity of managing a wide variety of device types, operating systems and versions.
A complementary strategy is to leverage VMware Workspace ONE UEM, which allows admins to manage and secure a wide variety of endpoints, including mobile, desktop, rugged and IoT devices. Workspace ONE in turn helps deliver a consistent experience that gives end users access to all their SaaS, web and native apps from a single pane of glass.
Lesson 4: Don’t Forget to Support All User Types
As workers were forced to work from home during the pandemic, some organisations found themselves scrambling to get certain groups of users the resources they needed. For example, power users like designers and developers require high-powered workstations with graphics processing units (GPU).
A more agile approach is to provide power users with access to vGPU computing power through a virtual desktop, such as the virtual desktops offered through collaboration between VMware and partners such as NVIDIA, Intel and AMD. In addition to enabling these users to work from any device, this approach enhances the security posture of the organisation by keeping the IP in the corporate data centre and off the user’s endpoint. It also allows end users to easily spin up multiple desktop VMs, which can be very useful if they need access to different operating systems as part of their test environment. VMware Horizon has powerful, centralised management tools that make it easy to assign images, apps and resources to end users.
Lesson 5: Prioritise Exceptional User Experience, Manageability and Security to Quickly Scale
When the pandemic hit, many organisations asked, “What resources do we have available now and how can we best put them to work?”
Without a long-term plan in place, organisations were often limited to doing more of the same: expanding their VPN to accommodate more users or extending their virtual desktop environment.
Assessing their situations after the ‘Respond’ phase, many organisations are now realising that they have gaps in security, manageability and user experience and asking themselves, “How can we better position ourselves to respond in the future?”
An end-to-end approach with VMware technologies can enhance user experience, manageability and security across virtual desktop and app deployments. VMware SD-WAN by VeloCloud accelerates and ensures great virtual desktop and app performance by prioritising network traffic and providing insights into app delivery across the WAN. VMware NSX® Advanced Load Balancer (Avi Networks) provides multi-cloud load balancing, web application firewall, application analytics and container ingress services across on-premise data centres and clouds where Horizon virtual desktops and apps are hosted. These are just two of the many enhancements VMware technologies bring to Horizon deployments.
Move into the Second Phase of Recovery. It’s Time to Adapt.
As we’ve all witnessed, there’s nothing like a major global crisis to help organisations realise what’s important. In addition to learning very quickly how essential it is to secure a remote workforce, organisations are also gaining valuable lessons in the virtues of business continuity and resilience.
Now is the time to take advantage of the opportunity that the moment has offered to review, assess and enhance your business continuity plans.
Read below for six tips for updating your business continuity plan in 2020 to prepare for the future.
1: Assess risks and their impacts
Expand your aperture beyond the immediate moment. Whether it’s a natural event (such as a hurricane, fire or flood) or an operational one involving a myriad of possibilities (espionage, fraud, operational or procedural failure, cyber attack, liability or supply-chain issue), evaluate their impacts on your organisation’s bottom line.
For each risk scenario, evaluate the estimated costs associated with each impact, as well as consequences that aren’t as easy to quantify yet remain important, such as brand reputation, employee loyalty and consumer trust. Identify areas of weakness for each scenario or risk category and create an action plan to mitigate these risks.
Document your team’s ability to address each risk scenario by listing and evaluating the effectiveness of any tools, technologies and processes in place to prevent the scenario or minimise its impacts.
2: Clarify and communicate team roles and responsibilities
Knowing who needs to do what, when and where is fundamental, especially during an emergency. Assess your current business continuity plans and procedures to determine if there are well-defined roles and responsibilities, or if clarification is required. Clear lines of command are essential during emergencies, so educate staff on who to listen to, how to implement emergency procedures, where to go for more help and what is required of them and why.
Communicate clearly and on a consistent basis to customers, employees, suppliers and partners. Make sure that employees remain vigilant and are aware that scammers will often show up during critical moments to take advantage of their distraction.
3: Secure, scale and stabilise access to systems-of-record applications
During any crisis, business leaders need reliable access to the data that will help them make the right decisions. This data is housed in systems-of-record applications that need to be securely accessed from anywhere, at any time. Additionally, business leaders use a variety of devices to access these apps, so it’s essential to extend the scope of what IT secures and manages to include corporate-owned and personal devices. Finally, consider how to stabilise network quality of service for remote employees, particularly those in IT who secure and maintain the infrastructure.
4: Modernise applications and embrace cloud-based flexibility
The hybrid cloud computing model can offer your organisation the ability to accelerate application delivery and enable you to share service delivery responsibility with your infrastructure partners. Consider shifting to an ‘as-a-service’ model to help your organisation remain nimble during any event that impacts operations.
5: Practice response plans to improve resilience
Improve your team’s business resilience by running through various risk scenarios with structured run-throughs, table-top exercises and other business continuity practice tools. Document any hiccups or other lessons learned during practice exercises, so you can tweak action plans as needed. Practice sessions not only improve an individual team member’s skill, they can also build team cohesion, coordination and connection.
6: Consider establishing remote work programmes
Every emergency presents an opportunity to rethink how business gets done. Yesterday’s lesson learned may become tomorrow’s standard operating procedure. Consider if an intentional remote workforce strategy makes sense for your organisation.