X-ray of a Successful Small Medium Business (SMB) Digital Workplace Strategy

However, new technologies also bring new challenges, especially on the security and privacy fronts, so it is important to consider and form a plan tailored to the specifics of your company to ensure a successful and beneficial digital transformation.

COVID-19 has played a major role in driving the adoption of solutions that allow teams to work remotely. While having the ability to access your data or your SaaS solutions whenever you or your teams need it may seem like enough, it’s not. A comprehensive strategy considers the devices accessing that data and your SaaS solutions, the security policy that governs the COBO, COPE, or BYOD devices, and how your end users are accessing that data, ensuring that employees access data from a trusted, secured, compatible, pre-authorized device – either personal or provided by the business – and providing them with a consistent end-user experience across all their different devices. The key is to find the right balance to enable a collaborative way of working and exchanging work data, while always keeping it secure.

This week, we will start discussing digital workplace strategies with a Small Medium Business (SMB) use case: One central office with a dozen employees onsite, using corporate-owned desktop computers as their main work devices, as well as their personal mobile devices when needed. They need to communicate with their sales on the road (that use a combination of personal or company-owned devices) to provide them sensitive customer data in real-time so they can close business deals, as well as exchange signed documents that later need to be safely stored in a central location.

While preventing employees from using unapproved software is straightforward on corporate-owned, managed devices using a Mobile Device Management (MDM) software, it is more complex on personal devices, where we have little to no control, depending on how our BYOD program was implemented and if we have that MDM capacity or not. Requiring employees to use their own device and have them managed by company IT, while not sponsoring the associated cost (voice/data subscription, servicing, replacement) is a no-go, but allowing them to access services if they want, in a convenient way and to make their job easier, while following some basic rules, provides a better chance to succeed. 

The first step is to provide employees with the apps they need to do their job, thus ensuring sensitive business data is handled and managed as securely as possible, while keeping it convenient and user-friendly to ensure a good adoption. Basic services start with corporate email access and extend to online file storage and instant messaging capacities, all coming with their dedicated mobile app. Access to business email should be the easiest to deploy and adopt, as employees are most likely already familiar with the most common apps used (e.g., Gmail and Outlook), and might even be able to use it to also access their own private mailbox. But we also need to secure communications between colleagues internally, or with partners and customers externally, as well as sensitive business information and documents exchanges. This might be a little more challenging as most of them (if not all) are accustomed to using free, public software like WhatsApp, and might be more reluctant to use yet another software to do the “same thing.” Both Google and Microsoft provide convenient, easy-to-use IM software that integrates with their other services and apps to make it easier and transparent for the employees to adopt. Sharing a document must be as easy as transparent as possible, while remaining secure to ensure it is adopted by everyone. 

Another critical aspect is how sensitive work data, like internal company or customer data, is being handled and stored. On desktop computers, employees might be used to storing these locally, or using an external HDD or USB stick, which could potentially lead to unintentional data leaks. Both SaaS solutions allow employees to easily access, store, share, and sync documents from their mobile devices back to a centralized, secure repository. Plus, like IM software, this would integrate with the other apps within the software ecosystem so users can easily access them from email or IM apps, for example. 

The goal is to have few to no documents stored locally on mobile devices. However, if need be, you must ensure that data on the device (referred to as “Data At Rest”) is secured using advanced data encryption (e.g., AES 256-bit) and that access to said data using business apps is restricted, for example, using biometrics (fingerprint, face recognition, etc.) This is possible with Microsoft 365 apps, even on personal, unmanaged devices. 

For tablets used by the Sales team, which consist of company-owned devices, it is highly recommended to have at least some basic remote management capacity so the device can be locked or wiped in case of loss or theft, and always geolocated. If using Microsoft 365, depending on the subscription level, it might already include a basic yet performant option with Intune, which is more than enough for our use case. Another option, if purchasing mobile devices through your wireless/telecom provider, is to check whether they offer cloud-based MDM services as a subscription, together with voice and data services.  

A digital workplace strategy is only as good as its level of adoption/acceptance, and that requires understanding and commitment which only comes through educating your employees on new tools. Training is key to ensure your employees are not part of the problem when it comes to implementing security internally. They need to know and understand the security concerns and their own liability when handling sensitive customer/business data, while teaching them how to use the proper tools. Also listen to their concerns and needs, and try to integrate them into your policies instead of “fighting” against them. Always balance security and usability to ensure user adoption and thus a successful digital workplace. If you are interested in learning more about implementing a digital workplace strategy for your company, please contact us with any questions and the team at ISEC7 can better help you understand your options and what’s needed for your specific environment.