Solving for Y, Only to Have to Address Z: Resolving the Challenge of Remote IT & the Supply Chain Security Concerns that Come With It

If it’s not one thing it’s another. That’s how many are feeling right now as we forge ahead and try to find an evolved way of working despite the challenges we’ve faced over the last eight months. This year’s mass exodus from the office has certainly put businesses to the test. There were many that had to very quickly equip large numbers of employees with the means of working remotely, but that involved much more than just giving everyone laptops (which is no easy, or inexpensive, task in and of itself). Rather, the state of their IT infrastructure had to be considered, as well.

How do we transition from an on-premise model to a cloud model? How do we ensure everyone has access to the network? How do we handle provisioning and deployment if IT teams don’t have access to the devices? How do we secure all of this added technology and protect our data?

These are just some of the questions my team and I have heard over and over again, especially in the early weeks and months of the pandemic. Those in the commercial space who thought they had years to make the transition to more modern IT infrastructures found themselves scrambling to do so under duress, many turning to professional IT services such as outsourced and as-a-service solutions to help them through it.  

According to IDC’s Global ICT Spending Forecast, overall information & communications technology (ICT) spending is expected to grow by at least 5% annually between 2021 and 2023, with specific growth in professional services being highlighted, driven by digital transformation activities. Configuration, provisioning and zero-touch deployment are among those professional services  that can be especially beneficial to companies with dispersed workforces.

Classic Configuration & Deployment Pose Challenges in a Remote Work Environment

Traditionally, upon receipt of the hardware, the in-house IT staff would have to manually configure each device to the company’s specifications and then ensure that all software and hardware was set up properly and tested before handing it over to the end user. However, with more employees working from home, neither the IT admin nor the end user are in the same place.

Outsourcing configuration and deployment resolves this challenge. Devices can be configured ahead of time and the company’s customized image preloaded, often during the manufacturing process. Devices are then shipped directly to the end user, essentially ready-to-use right out of the box, capable of being deployed remotely via a self-install wizard or function. These are services that have been offered for years but had been on a less urgent trajectory before the pandemic. Now, companies truly see the value they provide. Removing the middle person from this process (i.e. the IT admin) reduces operational costs and minimizes downtime for the user, allowing that IT admin to direct their attention to more business-critical tasks, such as application migration, cloud initiatives and security.

Solving One Problem Opens the Door to Another

However, as I stated at the beginning, if it’s not one thing it’s another.  As the use of technology to support companies’ distributed workforces has become more prevalent, new vulnerabilities around securing that technology have emerged. No longer are we just shipping blank PCs, or empty boxes, that the customer’s IT admin would configure and deploy upon arrival. The devices we are shipping have been configured to the customer’s unique specifications and thus hold critical data and access to company network information that could be exploited if it fell into the wrong hands during the shipping process. This window after devices leave the manufacturer and before they reach the end user creates an opening for criminals to more easily try to gain access to PCs or tamper with them, implant malicious software, or even remove or replace components without being detected.

Securing the Investment through the Supply Chain

A recent study conducted by security firm Barracuda Networks found that 46% of surveyed global businesses had encountered at least one cybersecurity scare since shifting to a remote working model in the first quarter of this year. In this evolved threat landscape, security across the entire IT infrastructure is even more important. It’s not enough to just provide the means of accessing data, but that data must also be protected end-to-end. It’s the OEM’s responsibility to serve as a strategic partner to help guide its customers in this area and offer end-to-end solutions that protect the device and the customer, even through the supply chain.

That’s why it’s imperative to understand how the provider protects the devices after they leave the factory, and not just the hardware, but the components and software, as well. At Lenovo, we worked with Intel to introduce two services specifically for this purpose. Intel? Transparent Supply Chain is a documented, auditable supply chain security program that that can detect any hardware, firmware or system changes made between the factory and the customer/end user. And coming soon is Intel? Trusted Device Setup, a preload verification process that seals software at the point of manufacture, protecting it until first boot so that companies can verify the integrity of the operating system and rest assured that it hasn’t been tampered with during shipping. Both of these services provide our customers with the confidence that what was shipped, is what is arriving at their door.

The protection of the device and its components is just one facet of the process. The provider should also offer a holistic approach to security that incorporates built-in platform security, integrated system management and a robust threat and data protection program. As more and more businesses are turning to remote work, safeguards for the entire lifecycle of the device and the outsourced services have never been more important.

Lenovo and Intel have partnered to introduce Intel? Trusted Device Setup and Intel? Transparent Supply Chain, both of which are described in detail on the October 8 episode of Intel’s Cyber Security Inside podcast. If you’re interested in learning more about how to bolster your own supply chain, you may be interested in reading our recent ThinkShield / Intel white paper by Tom Dodson, the Supply Chain Security Architect at Intel.