Microsoft Research Podcast - 130 - New Future of Work: Managing IT and security in remote scenarios with Jaime Teevan and Matt Brodsky
Episode Date: July 29, 2021For Microsoft researchers, COVID-19 was a call to action. The reimagining of work practices had long been an area of study, but existing and new questions that needed immediate answers surfaced as com...panies and their employees quickly adjusted to significantly different working conditions. Teams from across the Microsoft organizational chart pooled their unique expertise together under The New Future of Work initiative. The results have informed product features designed to better support remote work and are now being used to help companies, including Microsoft, usher their workforces into a future of hybrid work. In this episode of the podcast, Chief Scientist Jaime Teevan and Senior User Research Manager Matt Brodsky examine how the level of IT support available during the shift, including the ability to provide hardware and software, made the difference between laying off staff and weathering the challenges brought on by the pandemic. They also explore why remote work came with a spike in phishing threats, what the biggest thorn in the sides of IT administrators has been this past year, and where opportunities exist to prepare to keep up with tech advances and tackle future disruptions. https://www.microsoft.com/research
Transcript
Discussion (0)
Some of the most important things that IT admins and security organizations are dealing with right
now is really educating their end users on how to use new technology and how to be safe.
And that's something where organizations are employing their own tools and everybody has
their own system of learning and their own system of training. And that's something that I see as
being a difficulty in the future is really how do
we make sure that that learning and training happens quickly so that if, hopefully not, but if
there's another pandemic or event like this, how we can train people quickly, how people can adopt
the software or the technology that they need in order to work and stay afloat, how we can do that quickly so we don't face situations where
organizations are laying off people or, you know, forced to perform poorly for a significant amount
of time while everybody comes up to speed. Welcome to the Microsoft Research Podcast,
where you get a front row seat to conversations on cutting edge technology. I'm Jamie T. Vann,
and I'll be your host as we investigate how work practices have changed because of COVID-19
and what it means for creating a new and better future of work.
In this episode of the series, we're exploring the IT and security chapter of the new future of work report published by Microsoft.
Matt Brodsky is here to help us understand the role
that IT and security professionals played
in helping information workers remain as productive
as possible as they move to remote work.
He coauthored that chapter with Adam Coleman.
Matt is a senior user research manager here at Microsoft
who focuses on the Microsoft 365 administrative experience
and understanding the best way for organizations to adopt and manage cloud solutions.
He has a Ph.D. in neuroscience and behavior from the University of Washington, where he studied neural circuitry, underlying drug reward and addiction.
Specifically, Matt identified novel roles of serotonin receptors in the mechanisms underlying the motivation to take cocaine. After finishing his PhD, Matt then took a postdoc at Seattle Children's Research Institute
to study brain circuitry underlying the motivation to exercise.
Welcome, Matt.
Thank you for having me.
So I'm curious, Matt, what was the path that brought you from studying addiction and motivation
to IT and security?
Well, it was a long and convoluted path,
but to sum it up,
when you go from a field
where you study what motivates rats
to take cocaine
to studying how humans take windows,
a lot of the thinking around
how we design our experiments
and problems are similar.
So obviously not the same.
I'm not equivalating or...
Windows isn't cocaine.
Windows is not cocaine, but surprisingly, some of the ways that we structure studies at Microsoft mimic some of the
ways that we've did academic research at the University of Washington. You know, one of the
things that surprised me before I came to Microsoft was how important IT and security are to Microsoft.
As an end user, I sort of thought of Microsoft as like Word or PowerPoint
or the tools that I used, and I didn't really think about how.
Microsoft is really essential in ensuring that companies can provide their workers
with a safe, reliable technology.
Can you tell me a little bit more about why IT and security are so important to Microsoft?
Yeah, absolutely.
You know, IT and security organizations at large corporations,
at schools, at nonprofits, at small businesses, you know, they exist and they're really important
for the efficient functioning of the organization as a whole, right? So one of the ways that I like
to think about it is if we were to, again, this is me bringing up my biologist background, if we were to think of an organization as an organism, the IT professionals and IT org
are almost like the neurons that are stemming out throughout the system that help make sure that HR
is functioning efficiently, make sure that the information workers are able to do their core
work and make sure that the business is successful and functioning. So the IT organization is really crucial in making sure that that works.
One of the things that brought me to IT is that the population that we study,
the actual IT professionals themselves, are a really highly technical population. And they're
really invested in making sure that the user experience for their end users is
appropriate. So as a user researcher, we actually have a lot of the same goals, right? My goals are
for IT admins to have a good experience and their goals are for their end users to have a good
experience. So we have a lot of things in common and it can really lead to fruitful collaboration
on the future experiences that we create for them. And some of the most
exciting things about studying IT experiences at Microsoft is how many people they affect.
When you really break it down, there may be millions of IT admins who are using our tools.
And from that, hundreds of millions of end users who are affected by them. So making sure that Microsoft
administrative experiences work is crucial in making sure that those hundreds of millions
of people are efficient at work. So what makes a great IT organization?
So a great IT organization is one that is really a silent IT organization. We hear this a lot from
IT admins across the board. If you hear a lot from your IT organization, that means something's not
going well. Another analogy that I like to make, and maybe this is a little cliche to go to a sports
analogy, but a good IT organization is kind of like the goalie in a soccer game. You know, they can't necessarily win the game for you, but they can certainly lose the game for you.
So an IT organization, if it's functioning well, if it's an efficient organization, you really don't see or hear much of what they're doing.
But they certainly are doing a ton.
So has the criteria for a good IT organization changed over the course of the past year?
You know, there are clearly new challenges that they're dealing with. Has the criteria for a good IT organization changed over the course of the past year?
You know, there are clearly new challenges that they're dealing with.
There's certainly new challenges.
You know, a lot of them have to do with how they're able to support their end users.
And it really depends on the type of organization.
One of the benefits of the team that I work on at Microsoft is we really care about IT experiences across the board.
So we don't just focus on our larger enterprise customers
or on schools or on small businesses.
We want to make sure that the tools work for everybody.
So really depending on the business,
the criteria have changed, right?
And one of the major ones is how IT organizations
are able to support their end users.
So some things still work well, right?
If the organization was able to deploy most of
their solutions in the cloud, support has gone surprisingly well over the last year, right?
They're still able to support remotely. When it comes to things like hardware and on-premise
servers and things like that, it becomes significantly more difficult. So IT organizations
and some IT admins were the essential workers who were,
you know, back in the workplace firsthand. And when it came to supporting some workers who were,
you know, significantly further away remote from the office, that was certainly a challenge that
has come up. You know, in many ways, IT admins have been real heroes this past year. You know,
they've really, they are who have enabled us all to work, even though we can't go into the workplace. I can't imagine that this
would have even been possible 10 years ago and all of the information workers, you know, would
have had to been furloughed or laid off. I know that sorts of changes that we've seen tend to be
very planful, like these big shifts. How have people enabled us to do it so quickly?
You know, lots of hard work and long hours. You know, when we've spoken to some organizations
that really had to sacrifice a lot in this switch, you know, to give kind of a, I'll give kind of a
tough example that we've heard, you know, right at the beginning of the COVID pandemic, we spoke with a few smaller
organizations that did choose to lay off a majority of their organization because they didn't have the
technology to enable them to work from home, right? Particularly what jumps out to mind was a call
center we spoke with on the East Coast. I think they were New Jersey based. They had to lay off
over 200 people because they were not able to provide them with voice
over IP software at home in order to make those calls and to provide them with laptops
that would work.
So, you know, that's a really hard thing to hear.
You know, on the other hand, we've spoken with organizations that really didn't have
much trouble.
And, you know, the timing, as you mentioned, 10 to 15 years ago, probably wouldn't
have worked. You know, a ton of organizations were mid-rollout of teams, right? And this switch
forced them to roll out teams much more rapidly. And that rollout for most larger organizations
went pretty successfully, from what we understand. We spoke with an IT director at Comcast, actually, who
made it clear to us that, yes, they had to buckle down and roll out teams to a much wider population
than they expected, but that it worked well and that they were happy with it and that it was,
you know, actually ended up being beneficial to their business because a rollout typically
would have taken, you know, years and they were done within months.
So have we learned anything enduring from
having to make these changes overnight that will help us with them in the future, even when they're
not so emergency-based? In terms of what would lead to a successful organization, I think always
having business continuity plans and making sure that you are able to make drastic changes and provide
a more inclusive workplace where people can work from home or can work in different geolocations,
I think is really important, you know. So having that ability, so the organizations that had that
at a very low level were more successful than organizations that didn't have that at all,
right? And so being able to plan ahead of time, I think that's really helpful.
So some of that is being proactive about the digital transformation too, and having the
functionality already there made it easier.
Certainly, certainly. And some of that functionality, you know, it's still,
well, let me take a step back here. Maybe, so even certain schools that
we spoke with, you know, struggled to really move into this fully remote environment because they
lost a lot of their student workers who would have been kind of help desk or would have been
work-study students who provided certain support, right? And so those IT organizations, you know, specifically at the
schools, were able to cope and had these plans in place and had, you know, the ability for remote
learning, but maybe not quite for the remote support. So I think that there are elements that
have changed there, you know, maybe making sure that you really cover all the bases of what a
remote workplace would
look like. Yeah, I'm interested in diving into remote support a little too. I have four kids,
and with the four kids online and me, my husband's been our tech support, and it's been awesome.
He actually did this huge internet upgrade at home right before the pandemic, and I was very angry at
him for doing this, and I ended up very grateful. Do you have a sense for how people
are dealing with the problems as they arise working from home? That's not an uncommon experience. We
are hearing parents are now, you know, functionally the IT admins for classrooms, for schools, and
that's something that we are, you know, rapidly trying to fix and work on, make sure that these IT experiences that we provide,
that we build, are accessible to people who may not have an IT education or may not have
a technical background, but are still able to make sure that students have email addresses
working, that students are able to access their lesson plans, things like that.
So really almost democratizing the IT space
is something that we've been focusing on.
I know security threats have increased a lot this past year as well.
What can you tell us about that?
Oh, certainly.
So one of my partner teams is the Security Research Organization, and they've been publishing
research on information coming from security admins and security operators at these organizations.
And phishing threats have increased significantly. It may be the fact that
people are just so much more attached to checking email and being on their computer that, you know,
this is an opportunity for those threats to come in. But particularly phishing has been a huge
concern. And so security teams have had to adopt and enable new functionality to really combat that.
Yeah, I thought that phishing
data was super interesting because at first blush, it actually wasn't obvious to me why we'd see an
increase in phishing campaigns tied to working from home. What are some of the things that make
working from home, you know, more vulnerable to various security threats? Well, when all your communication is digital, there's certainly
just more opportunity for the threats to break through, right? That's one. The other thing is
people are using home networks, which may not be as secure as using the corporate network at their
organization. So these are certainly things that come up. So home network, the increased communication, and also some folks who may
not have had quite the level of or experience with digital communication now having to quickly learn
on the job and have to take a phishing threat, for example, having to sort through a ton of
emails in the morning and make sure that that one threat that looks like it's coming from your HR
organization is actually coming from your HR org and not from somebody who's phishing.
Some of the most important things that IT admins and security organizations are dealing with right
now is really educating their end users on how to use new technology and how to be safe.
And that's something where organizations are employing their own tools and everybody has
their own system of learning and their own system of training.
And that's something that I see as being a difficulty in the future is really how do
we make sure that that learning and training happens quickly so that if, hopefully not,
but if there's another pandemic or event like this, how we can train people quickly, how people can adopt the
software or the technology that they need in order to work and stay afloat, how we can do that
quickly so we don't face situations where organizations are laying off people or, you know,
forced to perform poorly for a significant amount of time while everybody comes up to speed.
Yeah. So you mentioned home networks, and I alluded to the challenges we had with our home network
as well. It doesn't really seem like our infrastructure is necessarily set up even
to be connecting everyone to be working from home, like all the big pipes are going into the
big businesses. What have you seen happening with connectivity over the past year? Oh, connectivity is the number one issue that IT admins are dealing with on a regular basis. And
in many cases, there's nothing they can do about it, right? If they have their end users,
their information workers who are in maybe more rural or areas that don't quite have the same
infrastructure, you know, that's something that they really can't deal with.
There are certain people who can only be online
for a few hours a day, right?
So network connectivity and speed
is the number one issue that's been coming out
from IT admins during this.
Have you seen either IT or security challenges evolve
over the course of the past year?
I mean, I know that
connectivity was a huge problem right at the beginning. Has that gotten better or is it still
as big a challenge? I think connectivity is still one of those things that's a huge challenge.
The other things that have changed is kind of hardware, office setups, those types of things
were a major challenge. And really, you know, when we first sent out surveys, I think we turned around some research
within the first few weeks of the pandemic and hardware and office setup was one of the
top issues then.
And I don't think that's quite as much of an issue talking to admins now.
You know, at a higher level, things that have changed over time is how IT budgets and the
business have been affected. You know, we at first were made aware that close to two-thirds of IT budgets were affected by the COVID-19 pandemic.
And most of those would be decreasing budgets.
I think over time we've heard that now that's not the case, especially maybe some of the more cloud-enabled organizations.
We're hearing that budgets are staying the same. If not,
IT budget's increasing while other budgets may be cut back. IT is, you know, clearly a much more
important piece of the infrastructure that needs to stay up. So as we start moving back to the
workplace, do you think there are going to be some new challenges that are going to come up?
For IT admins, certainly. I think that they're going to have to, you know, deal with kind of that in-person help desk element again, which they may have not
had to deal with for a while. I know that personally, I went into the help desk at Microsoft
and spoke with a seemingly very frustrated IT admin, and I let him know, you know, this is what
I do. I study your frustrations. So, you know,
he was a little nicer after that, but I certainly think that there's going to be a huge volume
of issues that are right now not being reported that will be reported as soon as folks are back
in the office. Are there things companies should be doing to get ahead of things so they sort of
don't get caught behind the transition? They could be investing in making sure that devices are working,
that infrastructure is working in the offices, things like, you know, we mentioned network
connectivity, all of those things, because there is a worry that, you know, whenever there's a
major change, there will be problems and making sure that that volume of problem is something
that's manageable for the IT admin. That's really important. What are you most worried about looking forward?
I don't know if I'm necessarily worried about that, but the things that I'm paying attention to
is how much of IT is being outsourced from organizations. We hear a lot from kind of the
higher level IT directors and people like that about outsourcing IT, outsourcing major pieces of IT,
and just how that's going to end up affecting organizations. Obviously, that might come with
a bit of job loss at the organization itself, but what technologies will be needed and what that
will look like on a large scale as how much IT will be outsourced. Along with that, you know, we've seen the IT organizations,
both titles and skills needed are changing rapidly, right?
And so IT organizations are dealing with how do we make sure
that the people that we're hiring have the right skills
and have the right skills that we'll need in five years
and not just right now, right?
And so lots of IT organizations are dealing with education and learning, you know, on the job,
what can we do to make sure that our more senior IT admins are staying current? Since the technology
is evolving much more rapidly than people, we need to make sure that folks are still, you know,
getting the appropriate training and retaining the right skills. Has what you've learned through
your research and the research that you've read
changed your own work practices? Oh, yeah. I mean, maybe just mention the way that I spoke with the
help desk person on campus, on Microsoft campus. But, you know, I've certainly been more conscious
of how much time I'm spending in front of my machine and talking to the folks on my team, you know, really trying to build in
healthy habits around meetings and, you know, Zoom and Teams usage, things like that, because
I know that there's a lot of fatigue that can come from that. So I've been changing my practice
personally around that. I'm also a bit more cautious about bringing new things onto, for
example, the laptop that I'm using at home. I'm not adopting new software that may put me at risk, right? I am incredibly dependent on a very
singular piece of technology here, right? In the past, if it had failed, I could still go
to meetings. I could still collaborate and work on the things that I would need to here
working from home. I don't have that luxury. I really am dependent on my technology.
Well, great. Thank you very much, Matt. And thank you to our listeners for tuning in.
We hope you'll continue to join us as we explore the new future of work.
You can learn a lot more about the research that we discussed today at aka.ms slash new future of
work. Also, be sure to subscribe for new episodes wherever you listen to your favorite shows.