COVID-19 has had a massive impact around the globe. Businesses across the travel, tourism and hospitality sectors have been hit badly, while a few (such as those in the healthcare and government sectors) have for the most part come through relatively unscathed – at least at a financial level.

What all of these organisations do have in common, though, is having to define what that horrible term – a ‘new normal’ working environment means, when current lockdowns, furloughs and other government-imposed restrictions begin to lift.

What will likely result is a more decentralised workforce, with more employees having found that working from home is not as bad as they thought it would be, and in many cases a much better way to work. Organisations will then have to figure out how to manage workers using home-based equipment (much of it employee-owned), accessing corporate system over consumer-grade connections of dubious capabilities – and MSPs can help.

A decentralised workforce spells opportunity for MSPs

To begin with, managed security will be required. Virtual private networks (VPNs) are one area where organisations can help to ensure that they are meeting internal and external data security requirements. Managed anti-virus and anti-malware services can also be provided at a simple level.

One (major) step above this is the provision of virtual desktop infrastructure (VDI) – fully managed desktop systems served from the cloud. Such systems provide a means of sandboxing the corporate environment from the consumer one – enabling the organisation to enforce policies around areas such as cutting and pasting information between the two environments. Another benefit of VDI is better support for hot desking – which is where an employee uses a desk-bound access device for some of the time and then moves into their home-based environment and has access to the exact same desktop and content.

MSPs should also be looking at include enterprise file synchronisation and sharing (EFSS) among their offerings. Cloud-based document storage has come a long way, and the provision of systems that enable collaboration around documents, combined with fully audited and secure workflows, will enable teams to work effectively and efficiently.

Around such information flows, MSPs should also look at providing information security services such as data leak prevention (DLP), which prevents information from passing over certain borders based on defined policies. For example, whereas a manager may be able to access certain files while working from a hotel over a VPN, they may not be able to access the same information if attempting to access it from an unprotected public access point in a café.

Further, certain information may not be able to be moved outside of the complete control of the organisation’s own platform (which will, of course, include the platform you are managing for them to provide them with such services). And, home workers may not be able to print or forward emails, ensuring that audit trails are maintained as much as possible.

Auditing capabilities are a must

With such a decentralised workforce, organisations are going to become far more dependent on being able to forensically audit any problem that happens – particularly around data leakage. Therefore, MSPs should make sure that their portfolio is fully audited and that they can make such logs available in real time (or at the very least, within the timescales deemed necessary by the customer).

Another important part of information security, and one that is often overlooked by organisations, is digital rights management (DRM). The biggest problem with an information asset is that once it has left the controlled environment of the managed platform, it is outside the capabilities of the organisation to monitor and control the asset.

DRM can change that by providing a system where any information asset under DRM control has to check back to a central server to ensure that any action being taken on the asset is permitted by the owning organisation, and that information security can be maintained.

A well-provisioned DRM system can also provide time-out control against a document (i.e. making it available to the recipient for only a period of time); enable the owning organisation to immediately rescind access to a document (e.g. where an agreement between two parties has been broken); and, help defend an organisation against a document being sent to the wrong person, as they won’t be able to open it due to the policies in place.

Again, because strong policies must be fully in place, DRM is an area where MSPs can look to monetise their services. Many organisations struggle to understand how they should put controls in place around information security. Being able to bring personalised best practice policies in to play is worth money at a consulting level – and it shouldn’t cost a lot to keep skills current once you have built them up.

The new normal will not be the normal we had pre-pandemic. The way that organisations will have to operate will be very different, with employees working in a far more decentralised manner. For MSPs, this must be viewed as an opportunity – not as a threat.

Photo: rdonar / Shutterstock

Clive Longbottom

Posted by Clive Longbottom

Clive Longbottom is a UK-based independent commentator on the impact of technology on organizations and was a co-founder and service director at Quocirca. He has also been an ITC industry analyst for more than 20 years.

Leave a reply

Your email address will not be published. Required fields are marked *