Follow the Sun in ITSM
“Follow the Sun” is a popular term in the IT Service Management (ITSM) which literally means 24/7 call centre help desk support globally to accommodate customers in different time zones to increase responsiveness and to reduce delays.
Working from home for ITSM
The COVID-19 lockdown in most parts of the world has made the call centre service desk support staff very difficult or even impossible to commute between their home and work place. In order to maintain the “Follow-the-Sun” capability, organisations which manage the service desk support have to shift most, if not all, their employees to work from home.
With the advancement of technology, many organisations have adapted quite well to this to enable remote working for call centre staff and not subject them to certain limitation. The benefits of working from home (WFH) to support the “Follow-the-Sun” pattern include the geographical flexibility of staff recruitment as it doesn’t matter where someone is located as long as they are connected.
From the business point of view, companies could save the running cost between 20% and 25% in the reduction of rent and overheads (office furnishing, utility, staff canteen etc.) costs. The cost and time savings on commuting, greater work life balance and flexible working are also considered to be intangible benefits to both the employees and the organisations.
Security and Regulatory Issues in ITSM
According to the Economics Times, there are challenges to particular sectors which handle classified and confidential information as these organisations are restricted by regulations and security rules that their employees are unable to connect to the call centre and data centre remotely and have to travel to the site to performance their job. With the social distancing still in place in the UK, the number of staff working at site is reduced to about half and this has hindered the customer services and performance. And, what about if there is a 2nd wave of the COVID-19 and the whole UK is to go back to the lockdown again? This is a big challenge to companies who support confidential functions to customers. If WFH becomes inevitable, here are a few tips to address these issues:
GDPR @home
General Data Protection Regulation or privacy regulations or requirements which are applicable while WFH same as working at the workplace must be followed.
Licencing
Particular areas in the financial sectors are required to obtain licence from the financial conduct and security authority to operate at premises. If employees are to WFH, this regulation still applies. Make sure the licence covers both locations for the company as well as the home of its employees
Physical Security@home
Many organisations have very secured working environment at their sites. Visitors are not allowed to enter the employee’s working area. Employees have to go through security clearance prior to joining an organisation. This has given the organisations assurance to work at the office. However, when WFM, we have lost all these physical security assurance. We don’t know the background of our neighbours or house/flat mates?. How much should we trust our next door neighbours or people who share the same house / flat with us? To play safe, always place a privacy shield on the computer display screen at all time and always lock the computer when away from desk even only a very short period of time. When conducting audio / video conferencing, keep the noise down, close the door and close the windows of the room to make sure there is no eavesdrop.
Cybersecurity Policy
Organisation must have strong Cybersecurity Policy covering the WFH security measures. Considerations such as handling procedures and policies must be in place and destruction plan (control and policies) must be set out in the event of risks and vulnerability at home. There also needs to be a continued pivot away from a purely controls and rules based approach, even with the technology. Human factors still play a great part in Cybersecurity and the implementation has a lot to do with human attitude and behaviour. Training must be provided to employees to familiarise themselves with the security policy while WFH.
Cloud computing
Technologies such as cloud computing particularly private cloud which, in effect, a virtual secured data centre, which should enable more effective remote working and offer security, flexibility and scalability.
Security Monitoring
Security measures must be put in place such as monitoring system powered by the technology such as AI and Robotic inside the secured environment but can be accessed remotely by human engineers. The monitoring system can counter illicit penetration into a network or system and send alert to the engineers who work remotely. Proactive security monitoring that focusses on suspicious and anomalous behaviour will lead to rapid detection and early response, even if there is a breach, compromise or break in policy be that by an attacker or an employee. It is no longer sufficient to configure technology with rules and signatures, sit back and wait for them to alert us something is wrong. Set and forget is no longer effective – arguably it never was.
Multi-Factor Authentication
Multi-Factor Authentication (MFA) verifies a user’s identify by requiring multiple credentials such as a combination of passwords, PINs, random code generated by a token or mobile phone app or SMS message. This is particularly important when WFH.
Virtual Private Network (VPN)
Although not 100% bullet proof, VPN is considered more secure than standard internet connectivity as it is an encrypted connection over the internet using a funnelling protocols to encrypt data at the sending end and decrypt it at the receiving end between the employee’s home and the company’s data centre.
Firewall
The firewall monitors incoming and outgoing network traffic which can permit or block data packets based on the security rules in order to protect the data and devices and to keep destructive elements out of the network.
Encryption
The encryption of data is to convert information or data into code or symbol so that its content cannot be understood if intercepted.
Anti-Virus
Anti-Virus software must be installed at all remote devices and network infrastructure to help detect, prevent and remove malicious software.
STRAP environment @home
Employees must follow the Defence Manual of Security when WFH when handling sensitive information such as documents which have been classified as STRAP to minimise the risk of leakage of sensitive information into public domain or at the hands of people who do not “Need-to-Know”.