Modern workplace management: What is it and how do I get there?

modern-workplace-one-desk-multiple-people

Effective modern workplace management has two key pillars: provide a good user experience and make sure enterprise information is secure.

To do this, modern workplace management takes advantage of cloud services to approach configuration, control and security in a new way – and redefine the traditional corporate approach to device, network, application and user management.

My own bare-minimum definition for modern workplace management says this:

In modern workplace management we connect authenticated users securely to enterprise information and provide analytics (reports) to the customer (corporate).

Rule 1: Good user experience is top priority

Good user experience is the first rule of a modern workplace. A good user experience is not just aesthetically pleasing, it makes the user more effective, more productive. You can achieve this by making workplace services (applications) available where the modern user expects it — in the cloud. The CIO and IT are the stewards of corporate usage of (public) cloud services. Users can self-manage and self-support “their” gadgets and devices with self-service, chatbots and crowd-sourced support. IT doesn’t stop this. Instead, IT allows the user to download or install anything, except of course when a user is about to install a virus, ransomware or any other blacklisted services! The default is just to warn (and audit) the user on suspicious behavior.

Modern workplace management does not stop or hinder the user in performing their job with any gadgets, any tool, using any application, anywhere, anytime — except if it conflicts with the second rule.

Rule 2: Data security is top priority

The second rule is as important as the first one. Modern workplace management secures corporate data all the time, everywhere. It also confirms its security, availability and integrity and balances these three aspects to make sure that they are applicable — you cannot keep data secure and consistent by making it unavailable. If users need data, they will bypass the “unavailability” and move it outside of corporate control.

Modern workplace management comes with a complete new set of security requirements as it moves away from the locked down, white-list environment. At the same time, many security functions previously provided by add-on tools — anti-virus, firewall, VPNs — are now available and “good enough” in the operating system itself.

Many CIOs are struggling with this new world. Modern workplace management moves both the data and the control out of their traditional comfort zone. But in reality, traditional security is not so secure any more. Modern workplace management provides a strong security alternative by adopting the cloud as a more secure place for (most) corporate data and leveraging cloud access control mechanisms (including data mining) to restrict access to corporate data to only those that need to know.

How to get there

So how do we achieve modern workplace management? Here are four essential considerations:

  • Manage the user’s digital identity. Managing the user’s identity is fundamental in modern workplace management. First, authenticate that the user is actually the person he claims to be. After that, establish what rights this user has to the corporate services (authorization). Authenticate users who have corporate-provided identities or consumer credentials with strong authentication (multi-factor) and apply authorization based on policies that can be enforced across devices, operating systems, applications and networks.

Users, the consumers of corporate IT — or better, the actors that access corporate data — can be anywhere and anyone: partners, suppliers, employees, contractors, home users, etc. And they can use hardware or software according to their choice.

  • Manage security. Modern workplace management provides security policies that can dynamically change based on device, location, compliance mandate, application, etc. When a user asks for a service, IT assesses the risk to determine the level of trust and which policy to enforce based on proactive monitoring, user behavior analytics and, ideally, machine learning to detect threats. IT controls these tools to prevent compromising a user, device or app.

Since the security landscape is constantly evolving, IT needs to asses new threats daily and make regular changes to security settings.

  • Adopt a security baseline. Microsoft, CIS and NIST have all documented a baseline security setting. These may not be targeted at your industry or take into account the complexity of a big enterprise, and they may not be created for modern workplace management, but they are a good start.

Don’t just port all existing group policy object (GPO) settings to modern workplace management. There are several good policies hidden among the thousands of GPO settings that may need to be ported, but you probably know those already or will find them early in the deployment — no need to look back at your existing environment to identify them.

  • Take small steps and keep moving. Modern workplace management is not an all-or-nothing project, only achievable after a “big migration.” Any corporation can start by implementing some quick wins. Find the ideal user group to pilot your idea and adapt the environment quickly based on user feedback and business requirements. Grow the user population and adapt again. Plan for failure and recover fast.

Corporations can immediately reap benefits (including cost savings) from adopting modern workplace management capabilities such as:

  • Optimize PC lifecycle time frames significantly using push-button reset or Windows Autopilot.
  • Use off-the-shelf, lightweight images to reduce image management and testing.
  • Stay evergreen: Keep security patches and/or new capabilities up-to-date, automatically applied.
  • Self-enroll: The user is in the driving seat, which removes the overhead of staging centers and on-site support.
  • Use enhanced security — conditional access, single sign-on, Azure AD and some internet-initiated remote actions: restart, remote control, factory reset
  • Leverage software-as-a-service (SaaS) apps (Office 365) in line with modern users’ expectations and reduce the application portfolio.
  • Use cloud storage: Data in the cloud is really safer and reduces support, backup and storage costs.
  • Reduce corporate infrastructure: SaaS services and cloud storage reduce your intranet infrastructure reliance, and with that the cost of maintaining these components.
  • Automate support and business processes to raise user satisfaction and lower operational cost.
  • Reduce support costs through the use of service desk bots, smart self-service and crowd-sourced support.
  • Adopt a BYO-style experience — even on corporate assets — where the user is an admin.

When setting out into the new world of modern identity and device management, zero trust and conditional access concepts, make it a truly agile journey. Don’t request or try to build the perfect solution. Start out with a minimum viable solution and a trusted outside partner who has applied best practices for your industry, then create a roadmap to modern workplace management that provides an exceptional, consumer-like user experience and dynamic data security.


Ben Santing is a senior technical architect for DXC Workplace & Mobility Services and has been recognized by the company as a Master Tech Honoree. He focuses on transforming cutting-edge technology into services for enterprise customers that provide business critical functions. His interest in the bigger picture is matched by technical skills that include Windows NT MCSE, ITIL V3 expert, IT Strategy and Architecture certificate, Azure EMS MCP, and are demonstrated in knowledge briefs and white papers. He held a variety of architecture and engineering positions within DXC Workplace and Mobility before becoming a lead architect for DXC Device as a Service and DXC Business Insight for Mobility. Ben lives in the Republic of Ireland, but originates from the Netherlands.

Comments

  1. In the early 70s I wrote a paper for an undergraduate business class about management information systems. The most advanced system at the time was a system that Sears had in place to keep track of inventory in the warehouse.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: