Moving security operations back to the office – NTT Ltd.’s experience

Moving a global SOC to Distributed Workforce

Without doubt the last few months have been hugely challenging for all of us. But, hopefully we’re all now looking forward to the future and how we can learn from our unique experiences of dealing with COVID. Many of us who recently experienced the mad dash of getting everyone Working From Home (WFH) are now navigating the even harder task of returning to the office, and the provision of a safe working environment. NTT Ltd’s own security operations are moving through exactly this process right now, and our experience could be relevant to clients and others in the industry.

Lockdown was imposed in most countries where we maintain Security Operations Centers (SOCs) literally overnight. Everyone was expected to WFH, while maintaining strict security levels for clients. Fortunately, as a company with years of experience in collaborative workspaces and with access to some of the best brains in the business, we initiated our Business Continuity Plan and successfully implemented a smooth and successful transition to WFH.

We had to rapidly activate our Business Continuity Plan and get all of our people working from home

Planning a phased return

However, just as we were all thinking what a great job we’d done, we realized that all of our focus had been on WFH and, in reality, we’d not considered the task of getting people back to working in the office during a pandemic. At the same time, many of the internal and external organizations they collaborate with would remain remote in the near term. In essence, our security operations needed to move to a distributed workplace.

Preparing ourselves, our facilities and our colleagues to return to work has been a massive undertaking. We formed a committee comprising HR, facilities, corporate risk, IT, finance, marketing and individual business leaders within the company. Together we planned how we could provide safe, socially distanced working environments, across multiple and shifting regulatory guidelines. I’m proud to say that on July 6th we welcomed back our critical Secure Operating Centre (SOC) staff across six countries.

We had to rethink a lot of things that we take for granted to ensure our people safe when they returned to the office

Obvious things such as socially distanced workstations, perspex shields everywhere, hand sanitizers at every door (I’m now an expert on hand sanitizer alcohol content!), and the provision of masks were straight forward. But the most challenging aspect by far were all the things we normally take for granted. For example, we had to consider our air-conditioning and ventilation systems, re-think the provision of tea and coffee facilities (especially access to biscuits!), and consider how people physically move around the office with one-way flows, etc.

In addition, we decided that to protect our colleagues as much as we could we’d provide rapid COVID testing kits and temperature testing equipment - both of which are completely new to our normal working practice.

As everyone says, ‘we’re living in unprecedented times’ and despite all of our plans, we’re having to deal with challenges daily, such as temporary reclosure in some locations.

Looking ahead

My advice after all this is to build your team across as many business areas as possible and to listen to everyone’s advice and experience. Take the time and invest in the effort required to make everything as safe as possible, but be pragmatic (for example, do we really need a $30k thermal camera when a digital thermometer costs $100?). Share information, don’t horde it and remain flexible (COVID doesn’t care about processes). Communication with stakeholders and colleagues is vital to any venture. Finally, our greatest asset is your people, so treat them with the greatest of care and ensure that everything you ask them to do you’re prepared to do yourself.