Most organizations maintain both on-premises and cloud infrastructures. In many ways, hybrid cloud architectures maintain the best of both worlds. However, recent cloud outages have raised concern with organizations that are operating cloud-only. Ever-increasing ransomware attacks also pose a significant threat to on-premises infrastructures. This has left organizations struggling to quickly mitigate risk by architecting a hybrid infrastructure that is effectively, and equally, resilient both on prem and in the cloud.
Ascent is the technology consulting partner to SECURE, UNIFY, and MANAGE the enterprise. Our Stewards approach every project with an open mind, an open heart, and the expertise to modernize our clients for a more secure future. Meet the Ascent Stewards.
Leveraging a Rapid Risk Assessment and Incident Response to help a Customer in need
Six months prior to Ascent Solutions beginning its engagement with a multibillion-dollar, 12,000-seat construction conglomerate, the company had fired their security director after the company experienced a $2M business email compromise (BEC). The root cause of the former security director’s failure was in not implementing the technologies the company had already purchased. The company culture was decidedly not security-focused – there was a lack of leadership, funding, and support. The new IT team itself lacked the necessary skillset to properly protect the company. As such, the customer was largely flying blind – and, as it turned out, heading for a potentially more serious problem.
HOW ASCENT SOLUTIONS GOT INVOLVED
The client knew they needed a new plan and they engaged with Microsoft to begin the process of figuring it out. The Microsoft sales team, understanding the dire nature of this customer’s recent experience, connected them with Ascent to develop its security strategy. The client needed help in two critical areas:
- Their IT team needed to develop a robust Microsoft security strategy.
- The company acknowledged that they had to build out the people and processes required for them to carry the load after the products were implemented.
THE GAME PLAN
The Ascent team began the engagement with a Rapid Risk Assessment as the first critical step. This assessment would leverage Ascent’s unique threat hunting methodology to discover active and latent threats to create specific, targeted priorities. In addition to the threat and vulnerability profile, Ascent would deliver both a short-term project roadmap centered on their Microsoft Security tools as well as a long-term roadmap with 3 years of prioritized needs.
Of their internal initiatives, the most challenging to-date was implementing MFA for users due to the organizational impact. At the time, they were only partially protected on their users’ machines. The Ascent team emphasized that the company was still dangerously exposed to additional BEC or ransomware and recommended an immediate mitigation plan for them. MFA, along with a recommended move to Microsoft Defender Advanced Threat Protection, would close that gap. Against Ascent’s recommendations, the IT and security teams at the customer felt they could implement on their own, and Ascent’s engagement with the customer ended.
Unfortunately, and within a month, the security team leader called the Ascent team on a Sunday morning with an emergency message, stating that the company had been hit with a ransomware attack. Unfortunately, it was discovered that little progress had been made against the security recommendations Ascent had made a few short weeks ago, with no work at all performed on MFA or MDATP. To further the problems, the IT team had not fully implemented their Nasuni backup solutions, reducing their ability to successfully recover from the ransomware attack.
Ascent gave immediate guidance over the phone and responded within hours with a full Incident Response team on-site to lead the recovery effort. Ascent personnel coordinated all IR activities, including internal and external communications, for the client during this difficult time. Within days, the team had contained the security incident, with both MFA and MDATP 100% implemented. Once completed, default usernames, RDP open to the internet, and visibility tools were needed as an immediate follow-up to close remaining high-priority gaps. After recovery, Ascent Solutions re-created a comprehensive roadmap for the following three years, with Microsoft’s security and productivity products front and center.
Coming out of this incident, Ascent delivered a comprehensive threat-based security strategy to build organizational resilience, implemented critical Microsoft security tools to provide visibility and security controls to prevent future security incidents, and enabled the client to recover from the incident with no impact to the business or financial loss.
Ascent’s work in providing critical knowledge transfer to the client’s IT security team helped not only increase the overall maturity and skills of the security team but build confidence around the security team and the CIO. These actions helped dramatically reduce the overall security risks to the organization and helped prove the ROI from their Microsoft security investment.
Although not an ideal way to get a wake-up call, Ascent has stood by this important customer through good times and bad, and are now embarking on a multi-project, multi-year journey. The customer and Ascent teams have developed a lasting security advisory relationship and recently worked together to convince the CEO of the importance of security products and services. He is now “all in” and is leading the firm on a journey toward future threat avoidance.
A year after the pandemic began, employers are now considering how to welcome their employees back to the office. Ascent cybersecurity leaders, Derek Swenningsen and Kayne McGladrey discuss the challenges and threats that are emerging in the modern workplace. In addition to dissecting the threats, our experts discuss the proactive cybersecurity steps that firms can take to ensure their employees are welcomed back to a safe, secure environment.
Practice Lead of Strategy & GRC
Kayne has served for over two decades in cybersecurity and has been recognized the #1 Global Thought Leader on Cybersecurity by Thinkers360. He’s been published in CIO, CSO, Dark Reading, IEEE Transmitter, Cyber Security Hub, SC Magazine, Ed Tech Magazine, Tech Target, Communications of the ACM, USA Today, Bloomberg Law, and more. Kayne currently serves as Ascent Practice Lead of Strategy & GRC where he leads clients in transforming their security strategies to ensure resiliency and future posture.
Enterprise Defense Services Manager
Derek has seven years as an active cyber security professional with a demonstrated history in application and network penetration testing. Swenningsen leads Ascent clients in vulnerability assessment, network penetration testing, reverse engineering, malware analysis, and risk management. When Derek is not assisting clients, he lends his technical leadership as an adjunct professor of Cyber Security Operations for the Master’s program at the University of San Diego. He holds a Bachelor’s Degree in Professional Aeronautics from Embry-Riddle and Master’s Degree in Computer Science from the Naval Postgraduate School.
In response to the recent joint ransomware advisory published by the FBI, Health and Human Services, and the Cybersecurity & Infrastructure Security Agency, Ascent recommends that healthcare organizations immediately take the following steps to prepare for the coming ransomware attacks.
Working together, IT and cybersecurity teams should consider this their top priority, as we do not want to see another tragic situation as happened in Germany earlier this year, where a patient was turned away from a hospital affected by ransomware. The patient died hours later.
- Print hard copies of your organization’s incident response plan and disaster recovery plan, and distribute them to key staff with the understanding those documents should be taken home today
- Verify that you have up-to-date contact information for your organization’s cyber insurance provider and your general counsel
- Call your cyber insurance provider and ask for a list of preferred DFIR (Data Forensics Incident Response) providers and provide that list to counsel
- Document the decision for who at your organization has authority to involve an external DFIR provider, and if that is initiated via legal, insurance, or self-funding
- Consider curtailing IT and cybersecurity staff holidays for the next couple of weeks and confirm that your on-call rotation schedule is up to date
- Verify that your backup strategy follows the 3-2-1 rule: three copies of critical data retained on two different types of media with one of them stored offline
- Have your IT team confirm you have up-to-date gold images for servers and workstations, and that offline copies of these are stored on at least two types of media
- Confirm that your IT patching system is deploying critical and important patches to your systems based on system criticality and known exploits, including servers, endpoints, and infrastructure such as perimeter security devices
- Implement risk-based multifactor authentication for privileged users to mitigate the risks of credential stuffing attacks and lateral movement
- Use network filtering to block access to domains registered in the past week
- Confirm that your Security Information and Event Management (SIEM) system has adequate storage capacity and that your analysts have well-defined triage procedures for events
- Verify that your netflow data includes outbound internet traffic that could identify any sudden increases in data (indicating potential exfiltration of PHI)
- Use the indicators of compromise published by CISA to automate threat hunting in your network environment
While extensive, this is not a complete list of actions organizations should be taking. Our initial set of recommendations will help to mitigate the immediate risks of a ransomware attack. Continuous planning based on risks will help to support long-term cybersecurity resiliency despite these sustained and evolving adversarial threats to the well-being of our communities. And if this seems like an insurmountable burden at the end of a stressful and difficult year, know that we can help. From on-the-spot incident response to strategic resiliency planning, we can help firms reduce business risk and bolster their overall security posture. Contact us to get started.
Beginning September 30th, cybersecurity teams from Ascent Solutions and Pathfynder worked to defend a client from Egregor ransomware. Egregor’s notable traits are data exfiltration prior to live and backup system encryption as well as requiring victims to contact threat actors to arrange ransom payment via the dark web. Ascent takes an intelligence-driven approach to Digital Forensics and Incident Response (DFIR) activities. However, because Egregor is so new to the threat landscape, there is little actionable intelligence available to drive that type of strategic approach to DFIR activities. Ascent’s investigation into Egregor yielded a straightforward process DFIR teams can use to develop the correct intelligence in order to take action and eradicate further ransomware threats. The response team gathered internal, counter, and external intelligence before asking the critical questions that enabled them to develop a response appropriate to the predicted risk level.
Internal intelligence was collected from the client’s affected computers immediately after Ascent was contacted to respond to the ransomware. The team collected logs and data from the deployed antivirus solution as well as existing Windows event logs. This allowed the development of an initial intelligence hypothesis stemming from the files and executables as well as the client’s associated hashes. The intelligence was actionable at some level, as it allowed the Incident Response cycle to continue. However, it was not enough to drive all required remaining activities. Frequently, DFIR teams stop when they finish collecting internal intelligence. While arguably the most important, internal intelligence alone is insufficient in providing the full assessment needed when a new ransomware is crippling an organization.
The second type of intelligence collected was all publicly available data about Egregor. As it is a Sekhmet variant, it became comparably easy to conduct Open Source Intelligence (OSINT) about Sekhmet, and as the threat actors had provided a ransomware note with their .top and .onion domains, it allowed the team to develop an intelligence profile of the Egregor team. The counterintelligence enabled Ascent to form a hypothesis about the way in which the Egregor team operated, as all public-facing IT systems either confirmed or indicated their techniques, tactics, and procedures. Unfortunately, when taken independently, counterintelligence alone is not entirely actionable information.
The last step in investigating Egregor was gathering external intelligence about the client. This practice of “turning the map around” often fills in gaps left after internal and counterintelligence efforts, aids in forming an initial hypothesis of Patient Zero, and uncovers other potential indicators of compromise. In this case, external intelligence consisted of gathering a current state cyber threat assessment against the client organization. This exercise aims to determine where the weak spots are from an attacker’s point of view, with an objective of assessing what data they might have stolen and what might have the highest value to the threat actor. Like the internal intelligence and the counterintelligence gathered previously, the low amount of data gathered externally was not actionable enough to complete DFIR activities.
Intelligence Officer Makes the Call
It was the intersection of internal intelligence, counterintelligence, and external Intelligence that allowed our skilled DFIR team to probe the model and ask informed questions regarding what was and was not known and, ultimately, fill in the valuable blanks. This level of formal intelligence assessment could then be provided to counsel, insurance, and the client to recommend a course of action based on a predicted level of risk. It also enables a far more informed conversation around mitigation, eviction, and cleanup. There is always intelligence a DFIR team can use – even when that intelligence is simply the lack of something that should be there. For the Ascent and Pathfynder teams, Intelligence-driven DFIR is more than a subtitle—it is an accelerator that allows us to uniquely engage in defense of our clients against any threat.
“I want to break free, I want to break free from your lies, You’re so self-satisfied I don’t need you, I’ve got to break free, God knows, God knows I want to break free.” -Queen.
Freddie Mercury and John Deacon were bemoaning the binding nature of falling in love. In either a sarcastic or paradoxical nature, the songwriter longs to break free of the hold love has on a human heart. The song writers were not security technologists; however, the song should be the theme song for every Security Operations Center (SOC). Today, Security Information and Event Management (SIEM) tools have a grip on the industry from which the SOC cannot seem to break free. Here, we will briefly discuss the problems with SIEM today, detail proven military tactics applicable to cyber defensive operations, and identify opportunities organizations can leverage when transitioning between tools.
Problems with SIEM Today
There are many challenges with SIEM tools today, and most of them are independent of the vendor. The SIEM market is built on the same fundamental philosophies, and much of the capabilities revolving around these philosophies have become table stakes amongst manufacturers. This same theory holds true for problems in utilizing SIEM at the core of security operations. Nearly all products on the market suffer some of the same shortfalls that prevent security teams from being successful with the legacy philosophy that created SIEM.
Alert fatigue is hard to define, but it is easy to describe. Everyone has heard the story of the ‘Boy Who Cried Wolf”. In this children’s fable, we learn of a shepherd boy who likes to torture the town by falsely calling out the dangers of a wolf in the sheep’s pasture. The town runs to defend their livestock and there is no wolf, to only the boy’s amusement. He does this so many times that eventually, as the story goes, when there actually is a real wolf in the pasture, the town no longer believes him. The wolf gets the sheep at the fault of the boy’s dangerously false alarms. Alert fatigue is the same. Cyber security alerts generally consist of false positives, true positives, and benign true positives. If the ratio of false positives is too high, eventually the SOC analyst’s human nature will tune out the nearly identical true positives because this alert has “cried wolf” too many times before. Alert Fatigue as a concept has been around for a while in the industry, however, it has become so commonplace that the phenomenon has been accepted as normal and found at the root of many prominent breaches.
Collect Everything / Watch Everything
The exponential quantity of data available for collection, and the fear of not having the data necessary to piece together a breach, is driving the inclination to both collect every log generated across the enterprise and watch every alert this generates. This if from a flawed opinion that the best practices of centralized log management requires organizations to publish all events in raw format to their SIEM. In most organizations, this 100% collection requirement is both unachievable, and unnecessary. In fact, if most organizations were to faithfully execute this requirement, they would find themselves drowned in log management problems, with security alerts no longer being a priority.
After all logs are collected, security operations often feel the requirement to watch everything. Many organizations purchased their SIEM for the sole purpose of creating alerts. For every correlated log, there is an alert. This foundational misunderstanding has become commonplace and accepted in the industry and is only causing alert fatigue rather than protecting the organization.
Because of centralized storage strategies, organizations feel obligated to continue to pipe increasing amounts of data to their SIEM. This, along with the increasing volume of compute in organizations, usually means they must continue to purchase increasing EPS (Events Per Second) year over year. As the volume increases, organizations continue to struggle getting all this volume into the SIEM without tuning the alerting mechanism – furthering the alert fatigue cycle. This never-ending cycle of increasing the computing processor requirements, increasing the log volume, increasing the EPS, increasing the spend has no end in sight. Breaking free from these challenges has never been more important that it is today.
Military Tactics Applied
Although few organizations have come up with an appropriate framework for combating these challenges, the military has developed some tactics and doctrines which can assist organizations with a new thought process defensible to the security professionals in their respective organizations.
In the military, most operations start with intelligence. Marine Corps Doctrinal Publication – 2 states the fourfold objectives of intelligence:
- Identifies and evaluates existing conditions and capabilities
- Estimates possible enemy courses of action
- Aids in identifying friendly vulnerabilities the enemy may exploit
- Assists in the development and evaluation of friendly courses of action based on the results of the first three
With these primary objectives of intelligence in mind, the military continues to plan military operations – fully knowing that a failure in intelligence will result in a failed plan. These intelligence estimates have effectively driven military operations for centuries and can drive corporate cyber defense strategies as well.
The similarities between the two worlds are greater than their differences. An intelligence-driven approach to defensive cyber security operations and SIEM implementation would help companies determine if they are defending against an actual threat, and not simply a possible threat.
Take Appropriate Risk
Most security leaders today have a low risk tolerance. However, the military approach would contend that accepting risk is necessary to all operations, not only combat operations. Marine Corps Doctrinal Publication – 1, the foundation of U.S. Marine Corps Doctrine states as such, “We must not tolerate the avoidance of responsibility or necessary risk.” (p. 3-7); and “the essence of the problem is to select a promising course of action with an acceptable degree of risk and to do it more quickly than our foe” (p. 4-18); and “the main effort involves a physical and moral commitment,…It forces us to concentrate decisive combat power just as it forces us to accept risk.” (p. 4-22) When organizations look to accept little to no risk with their SIEM, they are falsely hoping they can catch anything by orienting on everything. However, security operations should operate just like military operations on this front and SOCs need to learn to accept appropriate risk so they can orient specifically on the enemy and protect their critical assets.
Marine Corps Warfighting Publication 3-11 highlights the importance of company level patrols when in a defensive position. “[Company Patrols] can provide redundant collection for important [information requirements] and fill gaps in the company’s collection plan.” (MCWP 3-11.1 p. 4-15) These patrols in the military context have a similar function to a threat hunt in the cybersecurity context. Ideally, threat hunts provide valuable intelligence through monitoring and alerting. When conducted appropriately, these threat hunts can uncover threats in places the organization does not have an appropriate control. Applying these military doctrines to organizational SIEM implementations, a security technologist can leverage their SIEM as a compensating control when mitigation cannot be met by other means.
For instance, if an organization knows from their threat and vulnerability matrix that they need to invest in a Privilege Access Management tool to reduce the risk of credential theft, but as of today there is no budget for the tooling, the SIEM tool can provide needed risk reduction through increased monitoring of credential theft. Using this military-driven approach, organizations can more intelligently leverage their SIEM investment to monitor known security gaps rather than just having an approach to “monitor everything.”
A SIEM is a security tool designed to alert a security analyst when a potential threat has been discovered. Usually, these alerts occur when a threat actor attempts to traverse a cybersecurity technical control. In the military defense context, these controls are called obstacles. These obstacles include everything from firewalls to Anti-Virus software. However, when SOCs do not actually watch these obstacles for enemy movement, organizations should be wary of their effectiveness. MCWP 3-11.1 states “Obstacles cannot meet a commander’s intent unless covered by some means of friendly observation and fire.” (p. 7-16) The intent behind the doctrinal placement of obstacles is that they are inherently ineffective if the defense cannot both observe the enemy traversing the obstacle and affect the outcome. Adding obstacles and alerts which security analysts cannot respond to further contributes to alert fatigue, lessening the effectiveness of already operationalized obstacles.
Azure Sentinel: Meeting Market Needs
After hearing this military-SIEM connection, you may be thinking, “what do I do now? How can we break free from this construct?” Changing process and perspective will go a long way. However, your organization wants to take the opportunity to break free from the challenges it faces in alert fatigue, rising EPS pricing models, and a failed approach. You require more than a pivot to military tactics. Ascent Solutions and Critical Start want to encourage you to take this opportunity to fully break free by moving to an innovative and disruptive technology, Azure Sentinel. Sentinel can provide significant advantages and opportunities at this time in your journey to reduce cost, leverage a new approach, and move beyond SIEM to Security Orchestration, Automation, and Response (SOAR).
Due to Azure’s ability to leverage its own cloud infrastructure, Azure Sentinel does not need to abide by the burdensome EPS pricing model. Azure Sentinel not only provides monitoring for its own platform (Office 365 and Azure) for no cost, but only charges cloud storage rates rather than an EPS model. This means organizations can leverage Sentinel in combination with their current SIEM. Many SIEM models use a “heavy forwarder” approach, allowing a forwarding tool to take load from the SIEM. This increases operational effectiveness by reducing alerts and significantly reducing the operational cost of the SIEM.
Leverage A New Approach
Security analysts can easily develop muscle memory from a process-oriented job. Unfortunately, when the subject of the muscle memory is an inefficient process built on a legacy mindset and action-triggering widget, only a completely new approach can revitalize the team. Once the yellow, green, and red lights go away, the analyst is free (or driven) to take a new perspective. In addition, many SOCs operate with dashboards upon dashboards on the finest 76” monitors on the market. However, if quizzed, the analysts behind those screens could identify the origin of only half of the alerts or widgets on the dashboard. Moving to a new solution and a new literal scenery in the SOC can drive different behaviors and perspective.
Security Orchestration, Automation, and Response
SOAR is the bigger, stronger, smarter brother of SIEM. SOAR takes monitoring and alerting and adds process automation through custom workflows. Although the real strength of SIEM will always be the analyst, SOAR frees the analyst to do higher order tasks and analysis. Azure Sentinel allows organizations to build SOAR capabilities in from the beginning. Leveraging Azure cloud infrastructure, SOAR capabilities can be instantly instantiated, built, torn down, rebuilt, and scaled to new, unique levels
Are You Ready to Break Free?
Looking at the fundamental flaws the legacy SIEM approach was built upon, the current sentiment towards the status quo of security operations is no surprise. It is expensive, cumbersome, and tiring. Much of the industries’ turnover and subsequent headcount shortage can be linked to using the same failed methodology and principles – but expecting a different outcome. Pivoting the principals towards proven, military-based tactics, wrapped around a product that enables those principals, allows security teams to refresh their landscape and turn their attention towards dealing with risk instead of alerts. While this seems like a radical assertion, it is what is necessary to break free.
Want to learn more?
Register for our upcoming webinar – Do SIEM Better: Tackling the Modern Challenges of Your SIEM Practices
With the unfortunate events transpiring lately and employees suddenly required to work from home, organizations across the globe are struggling to support a “management everywhere” approach. With the sudden explosion in enterprise access for personal devices, rapidly configured mobile devices (some consumer grade), and almost all of it on unmanaged networks, the endpoint is now the most vulnerable element for malicious activity. This is supported by a recent study revealing a staggering fact that 60% of breaches can be reduced with a patched and compliant environment (Truta, 2019).
Heading into the COVID-19 crisis, organizations likely did not have a mature BYOD or remote work plan in place, thereby leaving those organizations to rely on their best judgement for application and device protections, implementing faster than they would have liked. History has shown that malicious actors can and will craft realistic traps exploiting these types of situations. Taking the time to ensure that managing a device or application from anywhere has become more critical than ever.
Below are some relevant articles with excellent details:
- Security Boulevard: COVID-19 Pandemic Drives Spike in Phishing Attacks
- Microsoft: Spear phishing campaigns—they’re sharper than you think
While many employees already had work laptops available for at home use, this recent shift has organizations seeing a massive increase in the number of personal devices accessing company data. By using Conditional Access and Microsoft Endpoint Management policies together, enterprise IT organizations can control and secure corporate data in approved applications on these personal devices, allowing employees to remain productive and secure. Companies of all sizes must have urgency around this is to make sure that only trusted and compliant devices and applications have access to corporate data.
The global COVID-19 crisis has made businesses look to the cloud to complement their existing on-premises device management infrastructure. Organizations that currently use Microsoft’s Configuration Manager can easily add Microsoft Endpoint Manager’s cloud services to manage remote devices. This provides a holistic coverage plan for enterprise and personal devices. Upon implementation, co-management gives an organization the ability to:
- Enforce conditional access upon signing in for accessing corporate data
- Take immediate actions on all managed devices, including remotely wiping a device of corporate access, applications, and data
- Deploy software and updates faster, regardless of device type
To manage through this crisis and provide your employees the most flexibility while ensuring security, Ascent recommends your organization takes the following steps:
- Extend managing company owned devices everywhere with Microsoft’s Endpoint Manager cloud management
- Provide secure access control to enterprise data and applications for employees using personal devices
- Provide a Microsoft Windows Virtual Desktop experience if necessary
- Simplify management by unifying all platforms under one console
- Enforce Conditional Access to your corporate resources and applications
- Integrate an advanced threat protection service, allowing platforms to combat suspicious activities before they are formally identified
- Migrate on-premises restricted policy management to the cloud
The good news for many enterprises is that if your organization owns Microsoft 365 E3, EM+S E3, or the E5 versions of those licenses, you may already have the technology needed to implement these recommendations. With Microsoft’s Unified Endpoint Management, these policies can be deployed to all platforms. Solutions that are readily available today can dramatically reduce the risk of malicious actors compromising networks, devices, and applications.
Microsoft has published more on these topics, including the following:
- Helping businesses rapidly set up to work securely from personal PCs and mobiles
- Manage work devices at home during Covid-19 using Configuration Manager
Ascent encourages you to talk with us or your trusted IT Services Provider about services to jump start your modern management deployment with Microsoft Endpoint Manager. Don’t let this crisis open your organization to additional issues. Ascent Solutions brings our customers over six decades of experience and over 1,000,000 devices deployed globally. Combined with our core values and industry experts, you can count on Ascent having your needs front and center. Ascent Solutions has helped customers of all sizes and across a variety of industries transform their End-User Computing organizations into a modern management platform leveraging Microsoft’s Endpoint Manager. Ascent is aware that this crisis has required a renewed effort to increase the security of endpoints, while also providing flexibility for end-users. Our extensive experience and expertise in this area has prepared us to help all customers, no matter how unique or sophisticated their infrastructure architecture may be.
What we learned from our first Virtual Happy Hour and why these after-work rituals are becoming more important than ever.
This past week has been a time of adjustment for everyone in the work world. Events that would normally be held in person are now done virtually. This week I attended a Software Developer Group Demo Night which shifted from an in-person event to a Zoom meeting. Although being in person would have been better, the Zoom meeting was exactly what I needed – another way to connect to the outside world and give advice to these emerging developers.
Earlier this week, I went for a run with a neighbor and he mentioned that his work team of 8 were going to participate in a Virtual Happy Hour. I thought it was a great idea to promote connectivity. Here at Ascent we are so interconnected and for many of us this new world of social distancing has us missing the daily interaction with our Stewards.
As I was planning our happy hour, I did some research and found some meaningful tips to ensure this was successful:
- Pick a Video Chat Platform That’s Easiest for Everyone: At Ascent all our meetings and calls are on Microsoft Teams so this one was easy for us.
- Keep Numbers Manageable: As I mentioned, my friend’s team is a small group of 8, however with our numbers approaching 100 consultants, if a high percentage were to attend a virtual meeting, it would be impossible to have conversation. To get a gauge as to how many would attend, I first sent out a poll explaining the concept and determining how many would be interested. From there I made sure that each video chat room had no more than 10 members and then set up the appropriate number of MS Teams Happy Hour meetings.
- Encourage Everyone to Bring A Drink – there is something nicely communal about eating and drinking together. Alcohol is not necessary but having an alcoholic or non-alcoholic beverage in hand will help everyone feel more relaxed and is a good ice breaker for coworkers that you may not know as well.
- Wear Clothes – I joke but remember, this is still a work setting, we want some boundaries.
- Keep the Conversation Light – try not to turn this into another work-related conference call, the idea is to connect and laugh with one another
Some thoughts after our first ever virtual happy hour:
- I found that the virtual happy hour with co-workers was the best part of my day. It’s been great to hang out at home with my family, and I’ve stayed in touch with close friends throughout this period of social distancing, but I missed the daily interaction with co-workers that randomly occur throughout the day. This filled that void.
- For our next one we are thinking of giving everyone access to all the rooms so you can pop in and out of different rooms and mingle more.
- MS Teams was great, but I wished that you could see everyone at one time (currently the limit is 4 windows at one time, but I am hearing that MS is hoping to roll out a change to that limitation shortly)
- As a bonus, there weren’t any glasses to pick up or bar tab to pay when we were done.
This new reality of social distancing doesn’t mean that we need to discard some of the fun things that make us more human. Just because we are currently staying more than six feet away from each other doesn’t mean we have to be apart.
The COVID-19 outbreak is, as we all know, spreading across the world, and the health and safety of Ascent’s Stewards (our employees), Customers, and Partners is our primary concern. Ascent was already set up well for our consultants to work remotely, but we were able to immediately move towards 100% of our back office working effectively from home as well. This involved people change management, altering some of our processes to be just as effective remotely, and of course ensuring that everyone has the proper technology (hardware and SaaS) to get the job done. We rotated within hours, not days, and our Ascent team can do the same for you and your organization, ensuring that you keep your business intact during these difficult times – together we can get through this.
Obviously the core of any remote employee program is the technology enabling it all. Microsoft introduced their free, six-month subscription of Microsoft Teams in their E1 license. Because Ascent helps companies of all sizes implement Teams today, we are uniquely equipped to help any additional company that might need architecture, implementation, or change management help to get a solution in place as fast and pain-free as possible. The speed by which companies can enable employees to work remotely is critical, but more than that, keeping your system secure from start to finish is crucial for preventing sudden and avoidable compromise.
I’m proud of the fast work that the people of Ascent have done to help companies of all sizes make this shift to remote work. Our teams have mobilized within hours in some cases to ensure not only business continuity, but effective collaboration, communication, and progress. Here is just a snapshot how we can help organizations pivot quickly to a remote workforce, either through collaboration tools like Teams, through secure Virtual Desktops on any Bring Your Own Device machine, or with your overall Business Continuity Plan efforts:
Within 2-4 hours
- BCP Support – Many companies are executing their Business Continuity Plans during this outbreak. Ascent can assist with implementing your BCP or help you rapidly develop one which addresses your most immediate needs.
- Backfill Support – While you reallocate your resources to support your company’s COVID-19 response, let us keep your projects going. When you’re ready to get back to business-as-usual, your projects will still be on track.
Within 24 hours
- Remote Work Technology with Microsoft Teams – Whether you’ve recently deployed Teams and need assistance securing it for remote connectivity, you haven’t yet deployed and need a partner to assist with an escalated deployment strategy, or your users need more education to drive fast adoption, Ascent’s team of technical consultants and change managers can help.
- Rapid Virtual Desktop – Our team can quickly evaluate your current VDI and determine how best to help out, including immediate implementation of Ascent’s unique solution to quickly expand remote worker connectivity in the cloud – offering employee access from almost any device to a secure and supported Windows 10/7 workstation.
Within the next week
- Teams People Management Framework – Ascent can help your rapid deployment and adoption of Teams as your workforce moves remote on short notice via Microsoft’s new People Management Framework.
- Remote Technology Advisory Services – With our Remote Access Advisory service, and our Rapid Conditional Access offering, Ascent can help you configure your environment so that remote users and data are secure, regardless of where and on what device they are performing work.
- Privileged Remote Access with BeyondTrust – As you respond to the immediate demand to work remotely, Ascent can assist with your Privileged Remote Access solution from BeyondTrust. Let us help you quickly leverage BeyondTrust’s powerful security suite.