The past year has been a catalyst for business transformation—especially as organizations struggled to maintain operations with most employees working from home. To survive and keep up with the ever-changing landscape, companies were constantly challenged with having to frequently adjust their work models and processes.

The good news is that—using the latest tools and technology—Avaleris has consistently empowered clients through this challenging time. We are proud to have helped countless businesses embrace change by supporting new security initiatives that support to this new way of doing business .

Of course, Avaleris was not equally impacted during time of transformation and experienced similar challenges much like our clients and other companies. We responded in a variety of ways—including changing how we onboard new employees, how we continue to connect with and support our clients, implementing new technologies, all while keeping our industry-leading security practices tight with a holistic approach to security.

Recently, we sat down with Hugh Lindley, VP of Cybersecurity and Emerging Technologies at Avaleris Inc., to discuss our best practices, how these changes affect our own business, and recommendations he has for other organizations.

How have things changed in the last year?

With few and then no employees working in the office—essentially, they all moved to working from home—this changed the dynamics from a security perspective.

For example, remote work changed our dynamics from a support perspective. In some cases, support could actually be delivered more quickly because we were using Microsoft Teams and everybody was online—therefore, tech support was available quickly and at all times to those who needed it.

Meanwhile, there were reports and challenges with troubleshooting bandwidth issues in people’s homes. It had less to do with our networks and more to do with their networks: Not everybody had Gigabit fiber to their home, so we couldn’t throw a one-size-fits-all fix at the challenge.

What are some of the ways that we got around bandwidth issues?

For users and staff who were bandwidth-constrained, we suggested they use a lower level of service—like don’t video conference, just voice conference, things like that. The good news is that we previously optimized our network for split tunnelling and only user traffic destined for our corporate network was forwarded through our VPN. This enabled users to maximize their bandwidth to cloud-based services like O365 and Teams.

Why do some organizations enforce network access through VPN, and what was the reason we chose not to?

The reason that most organizations would force users through a VPN connection is so they could monitor that traffic through security controls they may have on-site. For example, there may be a specific firewall they’re directing user traffic through, or an intrusion detection system to monitoring outgoing traffic. Another reason could be that there is an authentication mechanism that the VPN uses. Some organizations require two-factor authentications for remote access to a network environment.

For Avaleris, that was a lot less of a concern. We already had Azure MFA in place, so we had cloud-based multifactor authentication and advanced security controls on laptops when everyone went remote. We also have Windows Defender for Endpoint on all desktops in addition to disk encryption technology. All of this allowed us to monitor the security of our users’ laptops, without them having to be in the office or VPN-connected.

As a result, we didn’t need to change our network configuration. Rather, circumvented the need to implement new security policies in a cloud-based or on a device-based system because we built our IT environment with remote workers in mind. Lucky for us, we always implement Microsoft’s state of the art technology in our IT environment, we’ve always followed this practice to evaluate and learn about the best ways to deploy Microsoft technologies. As a professional services organization with a highly mobile workforce, it’s always been important for us to balance information security with a high degree of mobility.

Did Avaleris have the proper foundational infrastructure in place to support this shift to remote work?

 We did – and all our users like it! This is probably something more unique to a consulting company, but the default machines in our environment are laptops or tablets. There are no desktops, so it’s not like we had to go out and buy new equipment. Even pre-pandemic, our goal is to equip workers with the means to work remotely, with a high degree of mobility, both in and outside our physical office space.  

In your opinion, what are the top Microsoft technologies that help businesses be productive anywhere, anytime on any device, without compromising security?

In Avaleris’ case, Microsoft Teams and Microsoft Office 365 provide us with the tools we need from a productivity perspective. Azure AD Multi-Factor Authentication (with Conditional Access) and Microsoft Defender for Endpoint are the top two security-oriented technologies we are leveraging.

If we were to look at the support tickets from the past year of employees working from home vs. the year before (when all staff worked in the office), what would be the difference?

We’ve certainly seen an increase in the number of helpdesk tickets, but they’ve all been in relationship to known challenges that have come up when working from home. Most often it’s “I’m trying to do this from home and I’m not equipped to do it—what do I do?” We also run into hardware issues—things like “my camera or headset isn’t working,” or “I can only connect and use my voice versus full video.” Normal stuff.

Overall, we have not really seen our security impeding employees’ productivity or their ability to work.

What are some top security strategies Avaleris already put in place that we would advise to any of our clients?

First, make sure you have a Disaster Recovery (DR) plan. Historically, our DR plan has been centered around continuing our operations if our physical offices are not available. But being prepared for the unexpected means not just preparing for one or two scenarios: it’s about planning around a wider range of threat events. If you’re prepared, the same or similar controls can typically be used to protect your business against impacts from multiple worst-case scenarios.

Second, adopt cloud technologies. For Avaleris, it was our whole adoption of cloud five years ago that essentially prepared us for today. A significant portion of our computing environment is now cloud based, and this architecture allowed us to seamless transition to a configuration where users were connecting from home the majority of the time versus from on-premises.

In terms of organizational security strategy, what’s wrong with the statement “If something isn’t broken, don’t fix it”?

 You always want to be proactive—never reactive. For Avaleris, the initial drivers to be proactive with our security strategy was not based on needing to respond to a specific event. This strategy has proven itself, particularly as cyber threats across all industries continue to be on the rise. It doesn’t mean that you must do a full overhaul every year and implement new technical approaches, but you should always ensure you’re up-to-date with your security approach.

Much of our early adoption of security technology is based on our close partnership with Microsoft. Avaleris works closely with Microsoft to deploy solutions for our clients, but we are also early adopters of these technologies in our environment—and they have served us well.

Pre-pandemic, Avaleris really valued in-person collaboration. How has a shift to work-from-home affected our corporate culture?

 As a professional services organization a large percentage of our consultants work directly with our clients and rely on collaborating with our colleagues to solve the different challenges our client face. Even with all of this technology – it is still easier to do this face-to-face and we all miss this level of interaction. In the past we consciously chose technologies that would enhance in-person collaboration: outfitting our staff with laptops and surfaces, equipping boardrooms with large screens and collaborative technology, and promoting mobility – if only to give our consultants the ability to collaborate from different locations in the office. While working from home, we may not be able to leverage the in-person collaborative tools, but we have significantly benefitted from technology such as Teams, PowerPoint, and Microsoft Whiteboard to enhance our online collaboration. In short, we have continued to leverage the collaborative infrastructure that we were building all along, albeit with a bit of distance. Our corporate culture has remained unchanged.

Why do some organizations enforce network access through VPN, and what was the reason we chose not to?


The reason that most organizations would force users through a VPN connection is so they could monitor that traffic through security controls they may have on-site. For example, there may be a specific firewall they’re directing user traffic through, or an intrusion detection system to monitoring outgoing traffic. Another reason could be that there is an authentication mechanism that the VPN uses. Some organizations require two-factor authentications for remote access to a network environment.

For Avaleris, that was a lot less of a concern. We already had Azure MFA in place, so we had cloud-based multifactor authentication and advanced security controls on laptops when everyone went remote. We also have Windows Defender for Endpoint on all desktops in addition to disk encryption technology. All of this allowed us to monitor the security of our users’ laptops, without them having to be in the office or VPN-connected.

As a result, we didn’t need to change our network configuration. Rather, circumvented the need to implement new security policies in a cloud-based or on a device-based system because we built our IT environment with remote workers in mind. Lucky for us, we always implement Microsoft’s state of the art technology in our IT environment, we’ve always followed this practice to evaluate and learn about the best ways to deploy Microsoft technologies. As a professional services organization with a highly mobile workforce, it’s always been important for us to balance information security with a high degree of mobility.

Did Avaleris have the proper foundational infrastructure in place to support this shift to remote work?

We did – and all our users like it! This is probably something more unique to a consulting company, but the default machines in our environment are laptops or tablets. There are no desktops, so it’s not like we had to go out and buy new equipment. Even pre-pandemic, our goal is to equip workers with the means to work remotely, with a high degree of mobility, both in and outside our physical office space.

In your opinion, what are the top Microsoft technologies that help businesses be productive anywhere, anytime on any device, without compromising security?

In Avaleris’ case, Microsoft Teams and Microsoft Office 365 provide us with the tools we need from a productivity perspective. Azure AD Multi-Factor Authentication (with Conditional Access) and Microsoft Defender for Endpoint are the top two security-oriented technologies we are leveraging.

If we were to look at the support tickets from the past year of employees working from home vs. the year before (when all staff worked in the office), what would be the difference?

We’ve certainly seen an increase in the number of helpdesk tickets, but they’ve all been in relationship to known challenges that have come up when working from home. Most often it’s “I’m trying to do this from home and I’m not equipped to do it—what do I do?” We also run into hardware issues—things like “my camera or headset isn’t working,” or “I can only connect and use my voice versus full video.” Normal stuff.

Overall, we have not really seen our security impeding employees’ productivity or their ability to work.

What are some top security strategies Avaleris already put in place that we would advise to any of our clients?


First, make sure you have a Disaster Recovery (DR) plan. Historically, our DR plan has been centered around continuing our operations if our physical offices are not available. But being prepared for the unexpected means not just preparing for one or two scenarios: it’s about planning around a wider range of threat events. If you’re prepared, the same or similar controls can typically be used to protect your business against impacts from multiple worst-case scenarios.

Second, adopt cloud technologies. For Avaleris, it was our whole adoption of cloud five years ago that essentially prepared us for today. A significant portion of our computing environment is now cloud based, and this architecture allowed us to seamless transition to a configuration where users were connecting from home the majority of the time versus from on-premises.

In terms of organizational security strategy, what’s wrong with the statement “If something isn’t broken, don’t fix it”?

You always want to be proactive—never reactive. For Avaleris, the initial drivers to be proactive with our security strategy was not based on needing to respond to a specific event. This strategy has proven itself, particularly as cyber threats across all industries continue to be on the rise. It doesn’t mean that you must do a full overhaul every year and implement new technical approaches, but you should always ensure you’re up-to-date with your security approach.

Much of our early adoption of security technology is based on our close partnership with Microsoft. Avaleris works closely with Microsoft to deploy solutions for our clients, but we are also early adopters of these technologies in our environment—and they have served us well.

Pre-pandemic, Avaleris really valued in-person collaboration. How has a shift to work-from-home affected our corporate culture?

As a professional services organization a large percentage of our consultants work directly with our clients and rely on collaborating with our colleagues to solve the different challenges our client face. Even with all of this technology – it is still easier to do this face-to-face and we all miss this level of interaction. In the past we consciously chose technologies that would enhance in-person collaboration: outfitting our staff with laptops and surfaces, equipping boardrooms with large screens and collaborative technology, and promoting mobility – if only to give our consultants the ability to collaborate from different locations in the office. While working from home, we may not be able to leverage the in-person collaborative tools, but we have significantly benefitted from technology such as Teams, PowerPoint, and Microsoft Whiteboard to enhance our online collaboration.

In short, we have continued to leverage the collaborative infrastructure that we were building all along, albeit with a bit of distance. Our corporate culture has remained unchanged.

 

Hugh Lindley
VP of Cybersecurity and Emerging Technologies

Avaleris focuses exclusively on hybrid identity, enterprise mobility, and cloud security, enabling businesses to improve their agility and security while enabling employee productivity and collaboration.

Reach out to us to discuss your project objectives.
1-844-996-9695[email protected]avaleris.wpengine.com



Subscribe to the SecureScoop Newsletter