The Record - Issue 18: Autumn 2020

100 www. t e c h n o l o g y r e c o r d . c om A s a consequence of the coronavirus pan- demic, organisations have had to rethink how they keep employees safe and healthy by providing secure remote work solutions. Over the past six months, Microsoft Teams has seen tremendous growth, and, as we return to our offices, it is becoming the meeting platform of choice for hundreds of millions of people world- wide. Employees have embraced virtual meet- ings as the new normal, and video meetings have become second nature for many. Even more interesting is that according to Gartner, 82 per cent of enterprises allow employ- ees to work remotely at least some of the time. The benefits of hybrid working – in-office and remotely – are likely to make long-term changes to our work routines. But unlike in-person meetings – where data, presentations, and conversations stay in the room – virtual meetings happen online and in the cloud. This poses a new security threat to many companies. Where does data go, where is it stored, and who has access to it? The UK’s National Cyber Security Centre (NCSC) has specified 14 Cloud Security Principles (CSPs) to ensure technology and solu- tion vendors align with standard security prac- tices. The NCSC is an independent authority that provides a single point of contact for busi- nesses and organisations of all sizes and kinds. It’s objective is to keep the UK the safest place to live and work online. NCSC works with small and medium-sized companies, large organisa- tions, government agencies, the general public, and departments in the UK. It also collaborates with law enforcement, defence, the UK’s intelli- gence and security agencies, and various inter- national partners. NCSC’s 14 CSPs provide a systematic approach to determining whether a cloud service is a good match for an organisation’s particular security needs. It covers topics such as protecting data in transit (encryption), asset protection and resil- ience (protecting user data), secure user manage- ment, and secure use of the service, among ten other topics. An essential aspect of the CSPs is that they are understandable and easy to employ for IT administrators and facilities managers that are not cybersecurity professionals, making them usable and useful for many institutions. As we return to our offices, many meeting rooms equipped with video conferencing tech- nology will be rendered useless as they cannot be used with Teams. Organisations need to solve that compatibility challenge while focusing on the levels of security, privacy, and data protec- tion already in place when using Teams. Fortunately, several vendors already provide solutions that address this compatibility chal- lenge, and they are all approved and certified by Microsoft. However, an additional challenge is that they employ different ways of solving it, thus have different ways of accessing and han- dling users’ data. When using shared cloud meeting services such as Microsoft Teams it can be hard to know where users’ data is physically stored and who can access it. The Microsoft cloud benefits from Microsoft’s security and privacy measures, and Secure remote work People have rapidly become accustomed to video meetings. But how do organisations make sure employees are secure when a mix of technologies and vendors is required? N I CO CORM I E R : P E X I P V I EWPO I NT “The benefits of hybrid working are likely to make long-term changes to our work routines”