The last year has seen all businesses facing a major shift as employees have been forced to work from home.
Government agencies have been no exception to this, but they have specific issues relating to handling sensitive data. Last month the US Department of Agriculture (USDA) announced a plan to expand remote work options and other agencies are expected to follow suit.
We spoke to Devin Redmond co-founder and CEO Theta Lake — specialist in security and compliance for collaboration platforms — to discuss how the public sector can adapt and ensure its collaboration technology and remote work practices comply with federal and state laws.
BN: Why has the public sector faced particular challenges in shifting to remote working?
DR: The move to collaboration first work environments has created a tremendous shift for most organizations, but also a tremendous opportunity. Whether you’re in financial services, whether you’re in government, the opportunity to allow employees to work from anywhere gives them a lot of flexibility. It also gives organizations a lot of flexibility in terms of how they think about their real estate, how they think about the talent pool that they have access to, how they can reduce their expenses from a travel perspective and from a commuting perspective.
Government which has traditionally been a proverbial bricks and mortar environment where a lot of the security procedures, a lot of the safety of the employees and the folks working in that environment is premised on them being in secure facilities. And now when you say, “Hey, I’m going to move more and more of the employees to work remotely,” the need for them to be able to collaborate and share information becomes paramount to their ability to be successful. That ultimately is a pretty big shift in how they think about security compliance, how they think about exchanging information and who has access to what, that really transcends a lot of the tools that they’ve previously had in place.
Even if you’re not dealing with a big geographic spread you have more flexibility in how often or how frequently employees come into the office and you have employees that are on different schedules, meaning that on certain days some employees are in the office and their peers and counterparts are not. And they’re constantly swapping so it means they’re going to be living in collaboration tools, whether it’s the Team’s chat screen that’s open or it’s a Zoom meeting or it’s WebEx, living inside of that is going to be a critical part of their workplace itself, and it also means that is where the bulk of information can be shared across those groups. So traditionally there are a lot of things that have been locked out in those physical locations that now have to be more open or accessible for those people.
BN: Organizations have had to adapt in a hurry, has this led to problems with things like mis-configuration?
DR: For sure and I think that’s one of the other things that we’ve seen, which is everybody needed to turn these capabilities on in order to keep doing business, there was no way to avoid that. As we’re coming to a more vaccinated place, as people are settling into this work from anywhere environment, what we’re seeing is the reconciliation of all of those capabilities and figuring out, okay, what is the best practice procedure and policy that I want to publish what is the new set of technologies that I need to put in place? There’s a need to ensure that there isn’t a risk of oversharing sensitive data.
Organizations have to make sure what happens in those remote meetings is safe for the employees and safe for the data that they might be using. The challenge of understanding and explaining that is particularly hard for these organizations, the trade-offs that they make often are because they’re not comfortable doing deeper supervision and surveillance of what’s happening in the meetings. So they tend to disable the capabilities of the meetings themselves. For example often in highly regulated organizations they don’t have something in place to deal with video and what can be shared inside a video, and so they tend to disable the features. Which can mean that you can’t share a screen and turn on your camera and you can’t use the chat function inside of the meeting to exchange chat back and forth, which sounds counter-intuitive to what you want to do with the collaboration platform but it’s the only way to ensure that the wrong thing doesn’t get shared.
What we’ve enabled is the ability to selectively turn things on, so for example, maybe I’m not ready for fully monitored video screen sharing so I will still disable sharing inside of those meetings and I won’t capture it either, but I may want to turn on chat, and at least satisfy that part of the need to collaborate better on these calls. We can do selective archiving, allowing the customer to turn on Zoom meeting chat and the Q&A features inside of that, so that they can have that on for their users, but it’s fully captured and supervised and something that they can keep in their archives for record keeping and compliance purposes.
BN: Have more heavily regulated sectors like finance and government taken a more cautious approach from the start?
DR: Yes, we found several organizations where they didn’t have visibility into what was happening in, say, chat. So on their new chat channels whether RingCentral or Microsoft Teams, they would put our capabilities in place and they would find a surprising amount of information being shared appropriately but they just didn’t realize that this was a new path where more and more things were going to be exchanged.
Email is the primary way that we communicate and share things but it wasn’t really built for a collaboration-first workplace, or frankly a cloud-first workplace, where you have access to many cloud based apps and repositories of information that live in file shares that may be in the cloud and that can be equally open and shared inside of a meeting.
BN: The consensus seems to be that remote working is going to be here to stay, so how do businesses cope with that and adopt best practices to move forward?
DR: That’s a really important thing because I think there was some debate about what would happen to remote work and I really think that transitioned to the capability to be able to work from anywhere but that being more of a norm. Being able to support smaller office deployments flexible schedules talent pools more distributed teams all of those just make a tonne of sense and it’s one of those things where the pandemic created a forcing function — unprecedented and not necessarily one that anybody would have wanted — but gives us an opportunity for organizations to rethink how we work in a modern environment where all of these things have improved and become possible in terms of how we can collaborate.
But what that also means is they need to develop best practices around how they’re going to think about security and compliance, not just the data, the things that they need to protect, but also how the new workplace will operate.