The first-ever virtual National Council on Teacher Retirement (NCTR) conference was a culmination of great ideas, discussions on the changing pandemic situation and how it affects work, and how technology plays a decisive role in keeping data secure. Our Chief Information Officer Warren Gordon was on a panel speaking about All things IT: from Cybersecurity to Telecommuting. Here are his thoughts and excerpts from the discussion.
Moderator: What are some of the basics of remote work that companies should practice and be cognizant of?
Warren: The basics of security include keeping systems up to date, having security software updated periodically, keeping home computers separate from work, and ensuring employees are aware of cybersecurity trends and are educated periodically. Beyond this, it is important to redefine capacity – invest differently in areas like VPN to encompass all employees working remotely. Equally important is for security teams to proactively look for threats to minimize them.
Moderator: Other than the basics, what other security strategies should organizations be thinking of?
Warren: At Sagitec, we have ensured that endpoints are scrutinized closely and we have rearchitected them for security. Our employees can’t install our VPN software on their home devices, only on certified Sagitec devices, thus securing them against threats. We recommend endpoint security and certificates for all organizations. We are even ready to do a home security assessment if required and are keeping an open mind to this changing situation.
Lastly, I have to talk about the advantages of the cloud. Over the last few years, 100% of our pension system clients have asked us to implement their systems on the cloud. You get network diversity for the back office – you can also deploy additional VPN capacity and train the agency IT team within days to ensure remote work doesn’t stop due to the pandemic. Today cloud technology is backed with artificial intelligence and machine learning, which eliminates any doubts people have about security on the cloud.
Moderator: What are the challenges with the cloud?
Warren: The biggest challenge with the cloud is the governance – for security, architecture and management, and cost. The solution for this is a hybrid model where we can help agencies support the cloud for X number of years while training them on governance, after which the agency IT team feels comfortable with managing the system on the cloud themselves.
Moderator: How do you secure data on the cloud?
Warren: Any cloud services provider should allow independent third-party assessments for security. For securing assets, a robust cloud reference architecture should have many configurations and policies to ensure compliance. A provider should take on a security framework like FedRAMP (Moderate) to protect data and comply with regulations.
Moderator: How should organizations plan business continuity with changing remote work or back to office situations?
Warren: The business continuity committees in organizations should continue to meet periodically or on-demand to assess the changing landscape and prioritize plans for future pandemics in their roadmap. We follow the three A’s – Align (to changing needs, partners, and members), Anticipate (opportunities and risks), and Adapt (plan for future).
Do you want to know how a cloud deployment can help your agency? Contact us.