Managing the New Normal with a Remote Workforce: Interact 2020
At the recent Mitratech Interact US 2020 online event, Tony Bethell, VP Alliances at Mitratech, and Jay Chakraborty, a Partner at PWC, explored the practical steps businesses are taking to manage better the challenges of remote working.
Tony highlighted that many issues he had encountered working with customers had centered on three core areas: risk management and compliance, managing shadow IT, and data governance.
Jay suggested that it was difficult to underestimate the extent to which the world has changed since February 2020. Regulations have changed, travel policies have evolved, and health and safety requirements have been revamped, all driven by the implications of COVID-19. He felt the critical issue was managing the changes to policy, and ensuring that staff members have received the updates, understand them, and are putting them into practice.
Jay’s experience working with PWC’s clientele was that teams are working from home or in a mixed home/office environment. This is driving the adoption of digital processes to new levels. All organizations make use of manual processes, but the effect of distributed working is beginning to eliminate manual workarounds. Instead, replacing them are digital processes that meet corporate standards of transparency, auditability, and control, regardless of where someone is working.
Jay felt that these digital processes enabled more centralization of systems that promoted greater consistency, accuracy, and transparency. Maintaining proper risk management, policy compliance, and regulatory compliance is very important, especially where many of these issues change regularly in a fluid situation, and where staff has to be made aware of the updates. Jay also felt that this capability also provided enhanced litigation protection for class actions.
One paradoxical development? More use of manual EUCs
Jay also observed that while this elimination of manual processes has helped significantly, teams have paradoxically also invested further in using manual applications to fulfill their responsibilities. Staff are adopting EUCs – End User Computing applications – even more enthusiastically away from the office, given the challenges of collaborating with developers in the corporate IT function.
These applications can be Excel Spreadsheets, applications developed in SAS, MATLAB, or Python environments, or data visualization tools like Tableau. These are powerful, but uncontrolled, falling outside the realm of a corporate IT function. This lack of control can expose the business to multiple compliance, risk, and operational issues.
Jay suggested that the best practice for managing these EUCs isn’t to ban them, but to manage them proactively, like any other application. Organizations should apply the principles of application lifecycle management to support their development, management, and ultimately, their retirement. This capability needs a central EUC inventory, combined with self-attestation to capture the right application parameters – the significance to the business, any connections to other applications, and the application’s ownership, for example.
The need for operational resilience
Tony’s feedback from customers was that working from home was also creating significant data governance issues, as people pass – potentially very sensitive – customer and corporate information on emails, again using EUCs. Regulations including GDPR, CCPA, NYPA, and HIPAA demand effective data management, for securing and releasing private data when necessary.
Organizations have developed significant expertise in managing sensitive PII and CII data sets in corporate systems. However, homeworking and the greater use of EUCs threatens to compromise compliance with these standards.
Tony firmly believes automation could help enhance data management and governance. A combination of effective policy definition, automated policy enforcement – using an EUC management platform – and automated reporting can help raise the game of any organization. Allowing it to control its risk and compliance profile, while also supporting its widely distributed workforce.