Save to My DOJO
The devastating effects of the COVID-19 pandemic are plain for all to see. Our sympathies go out to everyone struggling to cope with this tragic situation. We are truly indebted to the health workers around the world who are working tirelessly to protect us. But with most countries now restricting movements and public gatherings, perhaps the unsung heroes of the current situation from an economic perspective are the IT admins who are keeping the world’s workforce productive.
Virtually every industry has been impacted by the global pandemic in some way, but the businesses that are fortunate enough to be able to continue operations remotely have to adapt – and quickly. Larger enterprises have been doing this for years and will already have a robust remote work infrastructure in place. But for those organizations which are transitioning to this new work dynamic, it introduces many new challenges which IT departments are expected to solve. This article will review the top 5 challenges facing IT admins managing remote operations, along with solutions from Microsoft and other service providers.
1. Drops in Productivity and Business Continuity
One of the first things that your company will see is a drop in productivity as business operations slow down. This will likely be a combination of remote work challenges due to technology and personal reasons. When people are at home, they are generally more distracted, and they may even be taking care of their children during business hours.
Companies should expect these challenges and realize that this could also change work habits. For example, productivity could spike in the early mornings and evenings when children are usually sleeping. Encourage managers to ask their staff about any changes in employee behaviour so that the IT department can be prepared. Monitoring Office 365 activity is possible via usage reports:
All your staff should have laptops with your company’s line of business applications and productivity suite, which could include Microsoft Office 365 or Google G Suite. While most of your employees will be familiar with products like Word and Excel, explore whether using SharePoint for content collaboration or OneNote for shared workspaces will help different business units.
It probably goes without saying, but make sure that you are using a reliable virtual communication or meeting tool, such as Microsoft Teams or Google Hangouts. Encourage managers to move all their regular in-person meetings to the virtual format to keep their team on track.
If you haven’t already, provide a password-protected webpage which employees can visit containing a current version of all remote work guidelines, documentation, service notifications and a place to submit help requests. This is particularly important during a transition period with a lot of new remote users. Make sure guidelines are properly followed as this is one of the most important stages to be fully aware of vulnerability issues and to minimize risk.
Microsoft System Center Service Manager (SCSM) can provide this as an ITSM solution with an online help portal. Most IT organizations will see an increase in support requests, so consider redirecting more of your staff towards customer support. IT will be critical in keeping the business running, so having a quick customer response time is critical.
It is important to set clear expectations with your business stakeholders that there may be disruptions to IT services during the transition phase and encourage teams to have backup communication plans. This could be as simple as sharing each other’s phone numbers to ensure business continuity in case of an unplanned outage. You want to make the transition as easy as possible so that you can be a hero of your company.
2. Managing Network and Connectivity Issues
Since the coronavirus outbreak started, cities throughout the world have seen a 10 to 40% increase in Internet traffic. This is due to more people working from home and an increased number of children and others in isolation viewing more internet content during business hours from the same building. This has caused many disruptions throughout the internet, however, Internet Service Providers (ISPs) have been scaling up their infrastructure to support this growth.
While you cannot change these internet-wide problems we are all facing, you can provide your workforce with some best practices to help them address connectivity issues. Remind them that any network usage within their building, including streaming TV, video games or music, will reduce their bandwidth.
Some ISPs and cellular providers are offering their residential and commercial customers discounted service upgrades and no data overage charges – check with your company internet provider if they offer this as soon as possible. Furthermore, compile a list of these organizations for your employees. If regular Internet access becomes too slow, remind them that they may be able to set up a mobile hotspot and tether their laptop to their cell phone’s Internet connection.
Once your staff has remotely connected to your infrastructure there are different ways that you can optimize the network traffic. First, scale-out your network hardware. If you are running your services in a public or private cloud, you can take advantage of network virtualization and network function virtualization (NFV) by deploying virtualized routers, switches and load balancers.
If your datacenter is using physical networking hardware, you may want to invest in additional equipment, but be wary of delays if you have to ship anything internationally. If you are expecting an increase in remote users, also consider that you may need to increase the capacity of your entire infrastructure, including virtual machines and storage network throughput.
You should also prioritize network traffic so that requests for business-critical services or VoIP communications are more likely to go through. Network prioritization, or Quality of Service (QoS), can be controlled from various points in your physical and virtual networks. If you are using Hyper-V, you can use storage QoS to prioritize disk access to important data. You can also learn additional virtual networking best practices from Altaro.
Make sure you have a backup plan in place for different types of outages. Some organizations have deployed a redundant copy of their services in a secondary site or public cloud so you may want to consider turning these resources on to support the extra demand. However, cloud providers are not immune to outages (more about that in Protecting User Data) so you should always have a backup plan in place especially for communications services, a PABX (e.g. 3CX) for Chat & Video outages, and Email continuity solutions (like those of Proofpoint & Mimecast) for email outages.
If you do experience a service drop, it may not be immediately reported by the service provider as they often prefer to have an official reason and solution in place before they communicate it. Downdetector.com is a great way to quickly check if it is a genuine service drop or it’s just your connection.
3. Enabling Access to Remote Resources
Once your users have network access, you want to restrict or grant access to specific resources. Windows Server Active Directory for role-based access control (RBAC) is just the start – you should create groups in Active Directory and assign different users to each. Configure and manage security policies at the group level to simplify administration when users join or leave the organization. This is also where you can implement VPN restrictions (read more in Ensuring High Security Standards below)
Some of your users may need to access the operating system of a server, which can be provided through Microsoft Remote Desktop (RDP). This application allows the user to connect directly to a workstation or virtual machine to get access to all the services running on it. Make sure that you provide guidance, ideally with graphical step-by-step instructions, for any new processes. Ensure that all employees have a clear escalation path to tech support.
4. Ensuring High Security Standards
In addition to using Active Directory with RBAC, you should take time to deploy security best practices for remote access. This starts with education, making sure that employees are using private Internet connections or connecting via a VPN if they access your services via a public network. Also, ensure that you are following any industry-specific security requirements if you are working with sensitive data or in a regulated industry.
You should already have deployed a strong firewall which you can manage remotely. If the firewall is virtualized as a network function virtualization (NFV) device, then it can be dynamically updated and scaled. By default, disable all inbound and outbound traffic with a “zero trust” security model, and only allow access to specific protocols and ports that you are intentionally using. It is essential to turn Multi-Factor Authentication on for Office 365 access to ensure that remote users go through extra validation via clicking on an email link or entering a code sent to their mobile device.
For advanced control, use Azure Conditional Access which lets IT departments dynamically grant and revoke access based on different variables. A good example of this is using conditional policies to restrict access from certain counties if you know you shouldn’t have any users logging on from those regions.
Take advantage of any native security tools offered by your cloud provider, such as Azure Security Center. Portals like this provide an IT department with best practices and reports and use AI-based analytics to find anomalies or unusual traffic patterns.
For more information about Azure Security Center, watch our on-demand webinar Azure Security Center: How to Protect Your Datacenter with Next Generation Security
5. Protecting User Data
Now that all of your employees are working remotely from laptops, you want to ensure that their data is backed up and can quickly be recovered. The easiest option is to have your employees place their files on cloud storage, such as Microsoft OneDrive for Business, Microsoft SharePoint or Dropbox. This helps by providing a centralized location so that even if the user loses their laptop, a copy of the data is preserved.
However, these copies are effectively redundant copies which are not a replacement for backup. These redundant copies enable shared documents to function with approved users able to access the document for collaboration. But this data is constantly rewritten and thus not a genuine alternative to stored backup copies.
If your company is using Microsoft O365 for email, then one copy of that user’s mailbox is available in the cloud. Keep in mind that while the email is always accessible, only one copy of all O365 data is stored by Microsoft. However again, this is effectively redundant data. Thus, the native backup provided by Microsoft will not be enough for most companies considering that with more people working from home, the chances of software outages and blackouts increase due to the strain from supporting the wave of new users.
This was all too real to users who experienced wide-spread blackouts of Teams and Exchange Online on Tuesday 17 March.
Office 365 Service Health on Tuesday 17 March 2020
One way to prepare for these events is to have alternative options for the key apps to continue operations and business continuity (discussed above). However, these events also prove that Microsoft is not infallible, and proper backup is essential to ensure you don’t lose the vital data your company relies upon. Therefore, you should also be using a solution such as Altaro Office 365 Backup to create a reliable and secure backup of every O365 mailbox, SharePoint document and OneDrive for Business file.
If your users are not automatically storing their files in the cloud, then at least make sure that their files on their laptops are being regularly and automatically backed up. You can configure global backup settings across your organization using Group Policy Management. This will force backups to be taken on every laptop at certain intervals for certain essential business applications. Consider having the backups automatically copied to a remote file storage location during off-hours.
You now know how to prepare for the top five challenges you will face as your employees start working from home. If this sounds too complicated for your IT team’s skills, consider finding a managed service provider (MSP) or Cloud Service Provider (CSP) to help you through the transition.
Keep in mind that these best practices only cover the needs of your employees. If your business offers technology services, then consider the impact of the home workforce on your line of business applications, and scale them up or down as appropriate. Using these tips, you’ll get ahead of the challenges that your organization will face as more of the staff works remotely. These are testing times for all of us, but as an IT admin, you can now become one of your company’s heroes by keeping your business running in this new and challenging world.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!