Videos

Work From Home Report – TechStrong TV Interview

Read Transcript

Charlene O'Hanlon:

Hey, welcome back everybody to TechStrong TV. I am Charlene O'Hanlon Managing Editor at MediaOps and I'm here now with Scott Gordon, who is the Chief Marketing Officer at Pulse Secure. Hey Scott, how are you? Thanks for joining me today.

Scott Gordon:

Good. Thanks for the invite.

Charlene O'Hanlon:

So I know Pulse Secure just recently came out with a survey that measured folks kind of attitudes or thoughts on working from home in wake of the COVID-19 crisis and then kind of moving forward what organizations had in mind regarding work-from-home. Tell me just a little bit of background about the survey, how you guys got started, who you talked to, things like that?

Scott Gordon:

Terrific. Yeah. So, we had seen a lot of... Well, first of all, we experienced what everybody experienced in shifting our workforce. So we're about 650 employees with a global presence. Obviously we're square in the secure access market, that's what we sell. So for us, we already had a degree of work-from-home flexibility, but like everybody else, we did a massive shift and like everybody else, we experienced some interesting times and work environments. But we had a lot of firsthand view of large corporations and even medium enterprises contact us to extend licenses, to learn more about our capabilities.

Scott Gordon:

And when we saw other reports coming out about work-from-home, it certainly had some good guidance, but there was nothing that we saw that was very, very specific to the security practitioner and organizations, the IT organizations that we're dealing with this. So we partnered with Cybersecurity Insiders, which is an independent online group that does research among other things, and they surveyed over 400 IT security decision makers with a really good cross section of industries and sizes to really get down to the nitty gritty of what people were experiencing, what was their concerns, where do they feel things were heading in their investments. So, a lot of the news or things that you would assume, but there was a good amount of information that really was practical and sometimes even surprising. So we were happy to share the results.

Charlene O'Hanlon:

Great. Great. So yeah, tell us some of the findings that did surprise you.

Scott Gordon:

Well, folks in the security industry especially that are doing secure access like us, we did experience a really big business surge, not surprising collaboration tools as well, and so what we saw typically, and this would be prior to January of 2020, anywhere from 20 to 25% was a typical coverage for companies for remote workers, at least for medium to large enterprise. They did not expect such a massive and quick surge and so it went from less than 25% in a matter of three months to upwards between 75 and 99% work-from-home. So that's a massive shift.

Scott Gordon:

And so there's a bunch of findings in the report, but some of the findings that were interesting, that we found interesting was, IT folks were very quick and able to get bandwidth and work with their service providers to get bandwidth. It was more about the applications and the user training that was some of the challenge. So they were able to get bandwidth and some tools up in as fast as 15 to 30 days to meet that need. Certainly there were larger companies that had different challenges. We saw at least from our install base offshore and Asia Pacific manufacturing companies that needed quickly to get things going.

Scott Gordon:

So with that massive surge, it was interesting that the survey findings showed that almost a third, or a little more than a third, I think it was about 38% where it felt that they were ill prepared. And again, I think that was more about tools and it was also more about user awareness. So, nearly 60% felt that the user awareness for how to work-from-home best practices that was not fully there, and that presented a risk. Yeah. Sorry.

Charlene O'Hanlon:

I was just going to say, I wonder if some of that is because so many companies, there still had been a fair number of companies that really don't like the whole idea of their employees working from home. So, I wonder if obviously those companies that kind of did embrace a work-from-home policy at least on a part time basis were better prepared for something like this. Certainly not from a technology standpoint, but maybe just from a cultural mindset standpoint.

Scott Gordon:

You're absolutely right. And it was interesting in the numbers and we're seeing this trend in the Bay Area, we've had number of companies announce that they're moving to more work-from-home flexibility or moving to some permanent work-from-home Twitter, Nationwide Insurance, a bunch of cross section of companies, not just tech companies. And so we saw that also in the survey. So a good number of companies saw, I think it was about 38%, they saw increased productivity and other benefits. And a lot of those companies did not have a mindset of allowing work-from-home, even financial services companies like Morgan Stanley, all these companies have made announcements that now that they're seeing the productivity gains, they're seeing the operational and cost benefits, and they're also have taken on this infrastructure that now maybe a time to actually move towards and change the work environment to a more mobile workforce for work-from-home flexibility environment. 84%, 84%, said that that's what they would anticipate moving forward beyond COVID. And that's a pretty huge number.

Charlene O'Hanlon:

That is significant for sure. Actually I wanted to ask you about that 38% number that you were talking about, those that actually experienced the massive productivity gains, at least in the first early days of this crisis. I've heard that from a number of organizations that their business had never been better basically during this time and I wonder, do you think that's just kind of a blip? Maybe a byproduct of everybody kind of working in this new normal and just being in survival mode if you will or do you think that this is actually something that could be achieved longterm in this new working-from-home paradigm where organizations are a lot more open to the idea even post COVID-19?

Scott Gordon:

That's a great question. I think we are seeing that at least in the interactions. We do have some of the largest companies in the world that use our solutions and one interesting trend, I think this was also seen by other companies that are providing essential services is, secure access in general was given, some of the technology is more mature than others, and so it was less strategic because it was just felt, "Hey, we have this covered."

Scott Gordon:

Now with this focus on business continuity, and then for some expansion, it made the area or the category more strategic. In those engagements, what we're getting feedback is that people are actually looking at making moves and changes towards work-from-home, and they are realizing the productivity gains, but they also are seeing a lot of increased stress levels for their workers that have not had to deal with some of these things, and so that's going to be a balance. Even in our company, we had a, for example, let me ask the CEO anything with our entire management team, we used to do that on a monthly basis, just for transparency and communications. Now we're doing it on a weekly basis, and we're also doing it not only for the U.S. but we're switching our times every week so we have international coverage as well.

Scott Gordon:

And we have a lot more engagement than we had to and we have a company, what we call a company culture, culture talent, they are way more engaged in doing very innovative things that they normally would have to do or would do physically, that now they're having to do remote. So I think it's definitely a different work shift, but again in this study was very focused on some of the technology and what they were finding. In fact, we have this feedback, generally speaking a lot of folks, depending on their risk adversity, secure access tools on this release is zero trust, which is verify before you grant access.

Scott Gordon:

A lot of folks would have very basic security requirements for people accessing remotely. And so endpoint compliance was not as strict for some companies, certainly for financial services or for some healthcare and some manufacturing definitely for government, they were stricter than others, but the feedback we received and actually this is also reflected in the report. They saw an increase in attack factors, 72% for malware, a high number for phishing, almost 60% for unauthorized user or device access. And more than a quarter, 44% for unpatched systems. A lot of this relates to endpoint security, that's your first issue. What we found in this survey was that, I think it was upwards of 65%.

Scott Gordon:

So nearly three quarters of organizations now allowed the use of personal and unmanaged devices to access the resources. And they had to do this for business resiliency purposes, but that definitely has an impact for security, for compliance. We saw a very big increase in phishing and with endpoint compliance technology that's built into secure access tools. We can ensure that not only identity is who they say they are using multifactor authentication, but we can assure, "Hey, are they using our corporate device or personal device?"

Scott Gordon:

And we can further adjust policy conditionally based on that, where are they located? What's the configuration? Are they running antivirus and anti-malware software that's been issued? Are they running personal firewall? So we can ensure the security hygiene of that device before they access it. And then the other thing that we saw... So that's, a trend that we're seeing, is people are going to start ramping up that end point compliance capability. And then the second thing is all about user experience. So various tools offer different things. Some tools allow for on-demand or you actually invoke for example, VPN technology as you need it.

Scott Gordon:

We saw a lot of our customers switch to always on VPN. So as soon as someone turns on their computer, it's locked down and making sure that all data transmissions are secure and going through the proper networks. So those are some of the trends that we have seen and reflected in the report.

Charlene O'Hanlon:

So, going back to the compliance issue for just a second, there was a statistic in the report that said something like 63% said that this whole new working-from-home regime and maybe just the speed at which they had to get their employees set up to work-from-home is going to impact their compliance mandates. So, do you think that this is going to be something that is going to be kind of a longterm issue? And what do you think that the new reality is going to be for companies with when we're talking about compliance and working-from-home?

Scott Gordon:

Sure. I think with... And again, it depends on the organization and every organization has to deal with both internal and regulatory compliance mandates, whether it's GDPR or PCI, or GLBA. And it's also different classes of users or roles that actually access that which is no news to your audience. But I think having the tools now, it allows companies to have... They always have to have a balance for productivity and security. We always say secure access is more about productivity than protection. Because without one, you don't have a need for the other, you can't be an impeding solution, you have to be an enabling solution.

Scott Gordon:

So, I think for work-from-home, you're going to see more zero trust or conditional access being invoked. So it's going to depend on your role, where you are, what device are you using, what application you're going to, and it shouldn't matter whether it's on premise or whether it's in the cloud, it's really going to be a subset of all those things that make up a policy. But I think you will see stronger policies, and then at the same time I think you're going to see a concerned effort, not only for security awareness training, but also to have a lot more self service remediation or auto remediation capabilities that you probably didn't see before because [inaudible 00:15:00] need before, because you didn't have a strong of a end point security and access security control.

Charlene O'Hanlon:

So, one other quick question and then we'll go ahead and wrap it up. One of the things the report kind of pointed out was the fact that more than half of companies, I think it was like 54% said that this whole pandemic and the move to work-from-home accelerated their shift to migrate to the cloud or cloud migration strategies. That number seems pretty high to me because I guess I thought that more companies were farther along the path in their cloud migration strategies, but judging from the report, it sounds like a lot of companies were still very much focused on premises of solutions or not really relying so much on the cloud. So what are your thoughts on that?

Scott Gordon:

So, at Pulse Secure we do have a diverse clientele, and you have organizations in manufacturing, even in healthcare, financial services, they have applications, and massive investment in legacy applications, runoff data centers, or more particular private cloud and so certain of these applications, maybe in some stage of migration, some of those are just not migrating because of maybe data protection obligations or maybe the nature of complexity of those tools.

Scott Gordon:

And then other applications, it's a mix, other applications in terms of Salesforce automation or IT HR services, or certainly collaboration tools or file sharing. Those certainly are being more moved or sourced from the cloud, and this calls for hybrid IT. So in secure access, we see a trend that says, if you're a medium to very large enterprise, most likely it's not everything goes to the cloud, it's going to be a fairly long migration process. You need a flexibility in terms of tool sets. And actually companies are moving to platforms to get that interoperability and that integration.

Scott Gordon:

We sell suites as well, but they're really doing that because they need to have one set of policy, a unified policy that can apply not only to the user types and their devices, but also to support the applications that may exist in a private cloud, in a data center, in the public cloud. And so that means that you need solutions that, if you go to one extreme and say, "Okay, I only want application access and I only want layer seven." The reality is, most IT folks know that you need layer three, layer four. You may have to have specialized emergency access to the underlying system. You may need to support virtual desktop and actually a lot of these companies had workers that physically were on premise, that are moved off premise, and need to act as if they're back on premise.

Scott Gordon:

So it's this type of flexibility that we're seeing. So in terms of the data, we certainly seeing a massive, bigger accelerated pickup, but the majority of companies today are hybrid IT oriented. I think the one surprising thing that we saw is that, we definitely saw a surge in business like other companies that were supporting essential services and secure access in particular. What was interesting is that, and this goes to the trend of companies moving towards more work-from-home, remote access or permanent remote access demand that, 55% anticipated an increased budget and work-from-home security, and this is post the pandemic. So that number is based on people looking beyond Man and so, again, those things relate if you have folks that are positive about moving the transition and see the economic and productivity benefits, it's no surprise that they're also seeing higher security risks and so they're going to need to beef up that security.

Charlene O'Hanlon:

Excellent. Excellent. So, if folks want to get a copy of the survey, where would they go?

Scott Gordon:

So, if companies want to get the full report, they can go to www.pulsesecure.net. And it's a great read. It's a quick download. There's also an infographic, and it has some really good practical information to get peer insights, what are your peers doing?

Charlene O'Hanlon:

Excellent. Excellent. Well, Scott, thank you so much for taking the time and walking me through the report, I really do appreciate it. Lots of really interesting statistics in it. So, thanks again.

Scott Gordon:

Thank you.

Charlene O'Hanlon:

Yeah. All right guys, stick around, we've got lots more TechStrong TV coming up, so stay tuned.