Remote and Hybrid Work: Insider Strategies from Verizon (CXOTalk #796)
Remote and hybrid work are here to stay, but working from home creates a variety of challenges from a technology standpoint for HR, for compliance. We're speaking with Mark Custodio, the director of enterprise sales at Verizon, about these challenges and solutions. I get to meet with the largest global companies in the world at their locations, doing tours of their facilities, and really getting a deep-rooted understanding in terms of how their business operates. Mark, as you're speaking with your customers (talking about remote work and hybrid work), what are they telling you? What's going on today in this world? Hybrid is here to stay. That's the first thing. It seems like the IT, HR professionals, they did herculean work to get folks to get home when the pandemic struck, and I think it probably accelerated many, many years' worth of, "Hey, we're talking about doing work from home, we're talking about these hybrid environments," to "All right. Now we have to. How do we do it?" They were able to do this patchwork to get them to work. I think they think it's working okay in some instances, but they have a little bit of concerns
around employee experience, around security risks that they don't really know where to go yet. What are the shifts or the changes that you see these folks going through in their organizations right now? I think the first major shift is in the employee mindset. Before – and it's almost hard to remember, but – it wasn't too long ago where we had to be at work on time, at office, in the desk. Now, I think the latest statistic is 58% of employees would actually seek a different job if they weren't able to work from home at least some of the time. Now it's really put a lot of control in
the employees' hands saying, "Look. I have choices out there. I want the best possible experience. I want a work-life balance. I also want all the tools that I need in order to be effective at my job at home." And so, it's putting the companies in a position where, "Okay, we want to embrace this. How do we give the best experience to attract and retain our top talent but also ensure that we're meeting our productivity goals, our financial goals," because there might be an added cost in doing this, "and, of course, securing everything end-to-end?" Now the office is their home, and that's essentially a branch location for these enterprises. And so, now that they've established a work culture policy (essentially,
enabling folks to work in their home environment or at a Starbucks or at an airport or wherever they might be), they're trying to figure out, "Okay, what's the right toolset to give?" Broadly speaking, what are some of the challenge that organizations face as they make this transition from being exclusively in the office to remote and hybrid work? You mentioned me being in front of customers a lot, so I can hear firsthand some of the challenges that they're saying. I was with a large insurance company recently, and they had many work-from-home employees. They're utilizing their own home Internet connection, which (you could imagine) there are dozens and dozens of different providers. And they've been experiencing lots of issues with their VPN (just staying connected) and lots of VPN drops. It's been really hard for them to troubleshoot this because, essentially, they can look into their own system but they can't really look into the home user's network because that's their own home Internet. They don't have access at an enterprise level to the provider
that's giving them that home Internet. Even if they call that provider, they're not treated as an enterprise. They would be calling on behalf of a consumer, and they don't have the rights to do so. And so, for them to be able to troubleshoot at scale, you can imagine how exponential that problem becomes. What customers are saying is, "How do I get
one standard that not just delivers that good employee experience but reduces the IT burden, because when I get dozens and dozens of calls that could have dozens of different root problems across dozens of vendors, it's just not scalable, and I don't have the resources to support that?" Enterprise IT departments are in this position of needing to manage their own network but, at the same time, manage the multifaceted, diverse networks that are out there among their entire employee base. You got it, Michael. You think about the risk that that entails. In your average home, there are probably tons of IoT devices and smart devices and things that are listening and snooping. Whether malicious or not, my guess is they don't have all of the up-to-date security parameters that a business or an enterprise would want or would accept on their own network. The biggest recommendation that I can give is start the conversation of now saying, "Those home offices are an extension of your business." If you were going to allow somebody to work at a different location, you have to treat that with the same fervor or the same rigor that you would do for your own brand location, your own brick and mortar because, essentially, that user has the access to the same amount of information they would have within your four walls, so you have to protect that information in the same way. The zero-trust framework is becoming more and more
prevalent in conversations. But you really need that visibility end-to-end to be able to manage those connections end-to-end. Enterprises are saying, "Okay. If I own everything end-to-end, and I have visibility end-to-end, it's going to help me across several different vectors." All of those calls to various different providers, well, now that anomaly is gone. I don't have dozens of standards. I have one standard. In addition, when there's an issue, I have remote access, remote control, remote capability to actually diagnosis and troubleshoot that challenge." By controlling that connection, you create a simpler environment that's easier to administer and, at the same time, from a security standpoint, everything is standardized, and so you know what's going on.
That's exactly correct. I think that's really what the IT professionals want. HR is really burdened with this challenge as well. We've seen several states start to do legislation. I think there are about 11 states that have legislation. Some are more specific than others. If you think about an organization that spreads across multiple states, they tend to go toward whatever the strictest standards are. So, if in California they're requiring you to reimburse for certain tools that you need to work from home, that often includes Internet connectivity.
Very similarly to how corporations really have, en masse, migrated around bring your own device, they started to do that trend many years ago, but it was very difficult to manage. It started to be very expensive. They were starting to be asked to give stipends and things like that. They've really all brought back and said, "You know we're going to provide a corporate phone." HR professionals are saying, "You know what? We can view this as a benefit. We can view this as a way to meet our standards across. We can view this as a way to improve employee experience," because you and I are communicating virtually right now. And
if we don't have a solid connection, the relationship just doesn't work. Giving them that solid connection makes them better at their job, makes them more effective. And so, there's value across a lot of different workstreams here. We're seeing some early adopters in call center space. You think about how call centers are not en masse in these giant buildings anymore. There are many at home. Often, they don't have the most reliable Internet connection, as there's been that move to rural where you don't necessarily have fiber and some of those high-speed connections. And then all
those other challenges, so they provide a kit. A kit could include an Internet connection, some security applications, a VoIP phone and, essentially, day one, they're onboarded. They have everything they need to be successful. What are the considerations around choosing these kinds of tools? A few things that folks need to consider. One, it needs to be easy to operate and easy to deploy because, essentially, you don't have somebody in every home doing a robust setup, installation, troubleshooting.
Many corporations (including right outside this door), at our office, we have a help desk. If you're having a challenge with your technology, you make an appointment, walk up to the help desk, and we'll troubleshoot that for you. Well, at home, it's not quite so easy, so I think you should look for something that's plug-and-play. Second, something that you can remotely manage so, if there is an issue, you can diagnose and see what that is. Third, I think you need to look for something that's scalable. What about from a security perspective? Security means different things to different folks but, ultimately, you need to be able to protect the data that's on there. You need to
be able to protect your end users. And I think you need to make it a little bit foolproof. We just released our data breach investigation report, and what are we finding? Well, security breaches are on the rise yet again. So, despite many efforts, it's happening more. Many of these breaches are organized, and many of them are for financial motives. And so,
we know that the motives are there to get the information, and often the breach happens with the employee. Right? That ends up being the firewall that's at most risk. The other thing, though, is you need to balance that with employee experience. You need to put solutions in place that enable the employee to do their job without having so many restrictions that it's draconian and they can't access the sites and the information they need to be successful.
We can guide through all of that, and that's really what it is. It's a consulting journey where we look at the outcomes that the customer wants to achieve, we help them diagnosis what products, services, consulting enables them to achieve that outcome, and then we deliver a package that's really seamless to that end user. You mentioned the HR benefits earlier. Can you be a little more explicit in linking
this kind of connectivity and control that is obviously so beneficial to IT to the value, the benefit, the employee experience and, therefore, the HR benefits? I'm reminded about a visit I did at a large physical security company. We were walking their facilities, and they had shown literally stacks and stacks and stacks of expenses, paperwork, and timesheets. They were very antiquated in some of the ways that they did things where they were faxing information in from each of their security locations, whether that be an expense for a phone, whether that be an expense for Internet connectivity, whether that be their actual timesheet. It was all manual in nature for folks to process this. One, at an enterprise level, when you're providing these tools and resources, you can remove all of that necessity for, one, the employee to do expenses. And, by the way, Michael, I have yet
to meet an employee that wakes up in the morning and is excited to do their expense reports and, by the way, sometimes get them kicked back, audited, and all the things that come with that. You remove that. Now you're giving them a benefit that's really easy to manage. I think, two, you're compliant. Essentially, you're providing those tools and resources, so it's not just compliancy from the IT and security that we talked about but compliancy for the regulation that's in place today and, potentially, future regulation as that starts to mature as hybrid and work-from-home becomes more and more the standard, not the exception.
Then finally, you need to think of ways to differentiate yourself. You imagine you're coming into a brand new job, and you might be coming into a brand new company. Day one, how easy is it (when you're not at a physical office, you're at your home) to connect into the training that you need? How do you feel if, when you connect into that training, it's choppy, it's not reliable, you can't get the VPN to stay, you're not able to get that clear communication to learn the information you want? I think what you're probably going to find is if we're not adequately equipping those home users, we're going to see churn tick up very rapidly, employee churn. Why do I have this prediction? Well, it's pretty simple. If my onboarding experience in those first few weeks is poor, even if I'm an existing employee but now I'm working hybrid or home, and my work experience is not as good or better as it was when I was in the office, and I now have less physical tie to a brand or a company because I'm not building relationships within those four walls. Plus,
maybe I have a little bit of extra time to have on my other monitor LinkedIn, Indeed, job searches, and monster.com to search for those jobs. It makes it really easy for me to find something else. And so, we need to be thinking differently about how we attract and retain talent, how we develop our folks, that face-to-face interaction that's now likely a virtual face-to-face interaction. Those experiences need to ride on a different type of infrastructure. I'll also add, I know that 5G is going to bring experiences that weren't possible in the past by a virtual connection, things that were only possible in face-to-face. Augmented reality and virtual reality, different ways of training, different types of employees are now being more prevalent so that need for a more robust connection with really low latency (so it's a good experience for everybody) is becoming more and more important. Mark, tell us about the cybersecurity implications. When you don't own
the connection at home, you don't know what else is riding on that network, what might be causing risk. But at home, I think most enterprises have no idea what's riding on that network. You want to know where the data is going. Would it interest the organization if they found that data from that connection was going to another country, another nation-state, a part of the world where they don't do business today? Would it interest them to know if there were incoming attacks? Would it be interesting for them to know if certain websites were being accessed? I think this would be interesting to know but, more so, you can then create policy, framework, and automation. When you own the connection, you can encrypt that end-to-end. When you own the connection, you can add on analytics that help you search and seek out what's going on. And when you own the connection, you can quickly put in a framework that restricts
access, allows access, put in a framework that quarantines, that does all the things you would expect in an enterprise environment. Mark, what about the privacy and the compliance implications or benefits from using this type of connectivity? That needs to be at the forefront of everything we do because employees aren't going to be happy if we're invading their privacy. Having a dedicated Internet connection means you don't have that risk at all. The connectivity that you have for your business product, your business solutions (your laptops, your phones, your tablets, whatever connectivity they're using, their VoIP phones) that's segmented off from their home Internet. And so, now you don't have to worry what they're doing on their network. They don't have to worry about how they're monitoring their network. It's under the same policy and
framework, so that makes it really easy. But if you flip that and you say, "Okay, well, if I want to add these types of security solutions and I don't own the Internet connection, well, then what risk does that put me in, in terms of what data I'm collecting on my employees? What risk does that put me in, in terms of how their perception may be of how I'm monitoring?" If they're doing something malicious or wrong or have a security breach on their phone that's their personal, I don't want to put my information at risk or vice versa. By the way, employees think the same. "Hey, I want to be able to access information, but I don't want you seeing what I do on my personal device." Let's segregate that. Let's make sure there's a fence. And we don't have to worry about personal information and work information. We have dedicated lanes. I'll tell you; once you do that, it's so empowering for the
company because it can enable a better experience. An example might be let's build a private network, so maybe you don't need that VPN anymore. Maybe the moment you authenticate that device to your Internet connection, it just immediately connects. These are things that we can do. Maybe we do a private network with a VPN and add a completely different layer of security.
Maybe we say, "You know what? We're going to prioritize certain bits of data or applications (just like we would do in an office location) because we own the Internet. We're going to put a little bit of priority on that VoIP phone, so you get the best experience on your voice, and any other applications like YouTube and things like that are more best effort." These are things that you can start to think about when you own the connection and you have the applications, the hardware that's wrapped around it. Given the importance of employee training around issues such as phishing, what resources can you recommend for folks that are listening, to learn more and to help their employees? On our website we have a great Internet portal, the Verizon Business Internet. It
gives great information at a high level as to some of the recommendations we have for this. In addition, and this is really the most important thing that you need to do, let's start with a conversation. I heard Danny Johnson, who is head of one of our product marketing divisions, he made a great analogy that the most important investment that you can make (if you're listening to this as a business leader, as an IT professional, as an HR professional) is the investment of your time because, at the end of the day, there's unlimited upside to what that conversation can bring, and there's very little risk, there's very little downside. You're just investing in a conversation. Let's have a conversation. Meet with your professional. We have folks that are assigned
to almost every business that's out there. We'll have a conversation. We'll understand what your goals are because that training may not be one-size-fits-all. There are different levels of maturity and outcomes that the customers are looking for. We can design a solution for that. Now, for companies that are a little bit more advanced or are looking for more, something holistically, we have world-class business consulting services. We're on retainer for some of the largest companies in the world where we do specific trainings (red table events, for example) where we simulate some very sophisticated attacks. We utilize this information because the data breach investigation report (I think, this year), it's maybe something like 15,000 or 17,000 data breaches that we investigated, that we ingested, and then gave analytics on. So,
we see what happens across networks around the globe, we see how these things are manifested, and then we know how to prevent and, if it does happen, how to respond very quickly. We're able to consult and do the training at any level and increase that adoption, and so we encourage you to work with us. We really are experts when it comes to this – the network, the security, the applications that are all within there – and we'll help you get the outcomes you're looking for. Mark, clearly the solution demands both technology infrastructure as well as employee training. I would completely agree. The technology
infrastructure should at some point become so easy that the employee training could just be a simple card that they receive that says, "Plug in and play." That's literally the extent. "If something doesn't work, contact here." It makes it very easy for that employee to see the experience. But I think awareness as well as training is very, very important. You need to be aware that, at least from a security standpoint, these risks exist, and there are things that we can all do in our personal and professional lives to ensure we're living the most secure and reducing the risk as much as possible. Awareness is really important. I think businesses need to continue to do that, double down on awareness campaigns, let them know what's going on – if there's a breach that occurs – let that happen. By the way, all of that information is publicly available for free. We have a
mobile breach report, a data investigation report. Folks can use that information to help train and make aware their employees. Then second to that is let's ensure that not that they're aware, how do you respond? What do you do when something occurs? By the way, what's the investment that we're making in you to make it easy so that doesn't happen? Again, that creates employee loyalty because the employee recognizes the investment that the organization is making in their well-being and in their skills. No doubt. When you think about that importance of
data (protecting the employees' data, protecting the company's data) if you look – if it's a global organization, you think about some of the GDPR requirements that are on there – the image, brand, and financial implications that could happen if we're not adequately protecting that data, this is not an if; it's really a must. We must do these things not just from a governmental policy standpoint, but from what we do in terms of the right things for our employees and our customers, et cetera. I know when I'm negotiating a large agreement with our customers, this is a question they ask us. Now, I'm very proud of our record and the things that we do, and so we can talk about those things. Customers are very satisfied with the steps that we put in. And then, in that conversation, says,
"Well, here's how we can help you do the same," and I encourage any organization, as they're contracting with a company, to do that. I think it's table stakes to make sure that you're partnering with somebody that preaches what they practice and practice what they preach. Mark, let's talk about implementation. You speak with so many Verizon customers, very large organizations, organizations of every size. What are some of the best practices that you see for implementing remote work? Process is really important. What you want to do is enable some of this technology to work before it arrives, and you can accomplish that a few different ways. One, some companies either do it internally or
they outsource staging and kitting where, essentially, the device is set up to the industry or the company's standards before it's shipped out to that end user. That process of "when the end user receives it, it just works," that needs to happen. Now, in addition, there's some automation you can do with that. For example, we see that with smartphones where we can actually enable what's called a supervised mode on that device. We ship out that smartphone or tablet to the end user. The moment they turn it on, it authenticates with the network. It says, "Hey, this is corporate-owned. Here are the policies that need to be on here," and it just works. You can also do that with a router device.
Now, depending on what those requirements are, some companies also say, "You know what? We're going to put some custom information in there." I mentioned that card that kind of explains plug-in and play. Let's go ahead and include those instructions. Then if something doesn't work, here's how you contact. That process is the number one best practice I see. Another part of that process that I see that's really, really important is doing
qualification in terms of what the experience might be from a coverage standpoint at that home. Although we cover 99% of the U.S. population, I'm certainly not going to sit here and say in every building, in every nook and cranny, at every location are we going to have great coverage.
But what we do have are some geospatial analytics and a wealth of information that can give a pretty good indicator as to whether there's coverage there. If it's an enterprise office location, we typically come in, we do a site survey, we do readings, we might install an external antenna. We do things to ensure the best possible experience. But when it's a home user, you need to use as much intelligence beforehand as possible. Now, the good thing is, again, this can be automated and easy. We get the addresses from the end users. We then spit out a range that says this will be a good experience, a great experience, a poor experience. Then the company can make a decision;
is this the right solution for that home user, or do we need to augment with a booster, or maybe this isn't something that we can install at all? Upfront doing the work to have a process in place will ensure success when the end users receive it on the back end. I say, "Look. Start small. Let's do a pilot together. Pick 100, 200 users, and let's get their feedback." We are finding very, very high success, but we're also learning,
"Hey, with this application, here are the settings that we need to do. Here's what's going on with the VPN. Hey, here are the policies that we need to do," so when you go to scale, it ends up being the best possible experience. Mark, as we finish up, where is hybrid,
remote work going, and what are the technology advancements that we're going to see in the near future? It's here, and I think it's going to be here for the long haul. I don't see us ripping back that Band-Aid. I do see us doing more purposeful experiences in our corporate offices to kind of draw people in and build that engagement. I was listening to one customer that said, "You know what? We're not going to have as much real estate, but what we're going to do are events. So, maybe every quarter, we do a really big event. We take some of the money
that we saved on that real estate. They're now working from home. But we do things that are really purposeful to bring people together." I think this hybrid mindset (while still having some brand identity, some culture identity) is going to be there. The majority of the time,
though, folks are going to be working from their houses, and so how will the technology advance? Well, right now, you and I have a great connection. It's true high definition. I can see in great fidelity. I can see the facial expressions that you have. It doesn't look grainy. That's accomplished by you and I having really strong Internet connections and a great platform.
By and large, much of the technology that folks are utilizing today to video conference isn't even full HD today. And so, I think there are opportunities we're going to see as connections become more robust, as 5G and fiber become more prevalent across the country. It enables us to really uptick the quality. Then on top of that, you're going to see more augmented reality where we see ways of connecting and engaging with folks differently. That doesn't
just require bandwidth; that requires latency. Because our eyes have excellent latency, we're able to pick up things really quickly and smoothly. On a video screen that's attached to your head, that requires an even greater grade of that. I think, as more and more folks are
working from home, having those applications pushed closer to them (so there's that great experience is important), that's where things like mobile edge compute come in, having applications like that augmented reality application closer to the tower, closer to the cell site, closer to the network, so that experience and that response time is really seamless. I think the applications are really broad. What most excites me... I think about this all the time. When we launched 4G, when Verizon said, "Hey, we're going to have a nationwide 4G
network," at the time, that gave us 5 to 12 megabits per second, which may not seem like a lot now but was groundbreaking at the time. Most folks were between 600 kilobits per second and maybe a meg, a meg and a half. So, going to 5 to 12 was groundbreaking. Well, what did that do for us? If you think about some of the businesses that were transformed, the easiest example might be Uber and Lyft. They ended up creating applications that rode over the top of our 4G network that completely disrupted the way that we travel and the taxi industry. You couldn't do things like that before because you didn't have a robust enough or reliable enough connection. We built a network that enabled that to work ubiquitously wherever you are,
and that's just one of thousands of new businesses that were created. I'm most excited about the new businesses that are going to be created, the new disruptions that are going to be created. The developer community, once they have these capabilities (that 5G really starts to usher in) are going to be unleashed just like they were with 4G, and we're going to see experience that you and I can't even fathom today that are just going to change the way that we work, play, and engage with each other. It's exciting to imagine what's coming next. Mark Custodio of Verizon, thank you so much for taking time to speak with us today. Thank you so much, Michael. It was a pleasure.
I'm so excited to talk about the future of work and can't wait to talk to you again.