Ready for (almost) anything

If there’s a silver lining to what’s arguably been the most cataclysmic eight weeks in the history of IT, it’s that the network is coming out the other side more flexible, more capable and more agile than anyone imagined just a few short months ago.

“No one wants this kind of crisis. But collectively, I think we’re emerging from it with a different sense of what we can do,” Stuart McGuigan, the CIO of the U.S. State Department, told me. “I believe we’ve gone through two or three years of accelerated modernization in a very short number of months.”

McGuigan was luckier – and, as a consequence, more prepared – than many. For one thing, the State Department is naturally decentralized, with outposts scattered across every corner of the globe. So he didn’t have to navigate a wholesale shift home from a central location.

And since he was hired a year ago from Johnson & Johnson, where he’d served as CIO for seven years, he helped focus and streamline the department’s modernization effort, moving everyone to the cloud for access to core systems. He transitioned to Microsoft’s Office 365 online productivity suite, centralized support and identity management, and enforced two-factor authentication across the network.

“We didn’t know this was coming. But as it happened, in calendar 2019 we finished all that work,” he said. “So that in February when this hit, we were much better prepared to support this than we would have been a year ago.”

Of course, not every CIO was so fortunate. For many organizations, their infrastructure was architected to serve the bulk of their knowledge workers in a centralized location. So they were ill-prepared for the upheaval. That sent them scrambling to meet work-from-home connectivity demands, myriad device and identity management challenges, and dramatic changes in data workloads and the access needed to help organizations scheme their response to the health threat.

Horror story

“When everybody went home, if you hadn’t already adopted a ‘manage-anywhere’ type of paradigm for your business, then you were in a bad spot,” said Rex McMillan, a manager at unified endpoint management provider Ivanti. “How do you now take all of your internal policies and make sure they’re being applied to all devices anywhere?”

McMillan said infrastructure for some of the new customers Ivanti picked up during the crisis was so overwhelmed by work-from-home that they had to triage what they could support remotely. “A lot of new customers needed help because their VPNs weren’t robust enough to handle both business and management, and had turned off patching. That to me is a true horror story,” he said.

That’s exposure no company can afford, especially given the uptick in security threats from hackers hoping to find new weaknesses in coverage during the lockdown.

Milind Mohile, who heads up Workspace Security services at Citrix, agreed that, at least initially, helping customers ensure secure remote access was paramount. For many companies, that meant securing devices as well as solving connectivity issues.

“The number of devices we normally secure in a given quarter, we did that in just three weeks in March,” Mohile said. The onboarding occurred via cloud service, he said, which meant scaling to handle the dramatic load increase was not an issue.

Not for lack of planning …

Often, the severity of the pandemic-induced IT pain wasn’t the result of a lack of planning so much as a lack of planning for such an extreme condition like a lockdown to fight a pandemic on a global scale.

“Customers told us, ‘It’s not like we didn’t have a business contingency plan,’ ” Carisa Stringer, a senior director at Citrix, said. “But their business contingency plan was designed for a regional event. Not for an entire global workforce working from home.”

As well, companies in some industries have been unwilling or unable to migrate data to the cloud due to regulatory constraints or competitive considerations. Some retail outlets, for example, refuse to store sensitive customer information over Amazon Web Services, the public cloud arm of the world’s largest retailer. While that’s certainly a defensible competitive stance, the policy did leave many vulnerable.

“Many retail stores’ VPNs were scaled for maybe 10 or 15 percent of the workforce hitting it,” Jason Forsgren, a senior product manager at Ivanti, said. “Once they sent their employees home and closed their stores, suddenly 95 percent of their internal workforce is hitting the servers. Plus 100 percent of their customers.”

Best foot forward

And now, with many of the first-wave challenges largely identified and tackled, many CIOs are trying to anticipate and prepare for new challenges to their infrastructure.

“IT departments responded to the pandemic by getting basic equipment and connectivity to staff sheltering-in-place with what I call a ‘remote-light’ approach,” said Mick Slattery, president of managed workplace services Compucom, a wholly owned subsidiary of Office Depot.  “Now they’re moving to a ‘remote-right’ approach by adapting processes and models to support a permanently distributed workforce.”

One challenge ahead is how to incorporate a more flexible arrangement once more employees are once again working-from-work. Dean Hager, CEO of Jamf, which provides Apple device management, said that the financial services sector had been particularly slow to adopt remote work – but that this experience will prove “transformative.”

“It’s going to be hard to put the genie back in the bottle,” Hager said. “They still might not believe in working from home. But they’re thinking they need to prepare for the next covid-19. So they’re going to embrace more remote work.”

Internal safeguards

Forget about securing enterprise data from external attacks. One of the toughest and more enduring challenges to emerge from the lockdown is the growing complexity of protecting data internally. That’s an outgrowth of all the data in demand from different data stores, with permissions that previously would have precluded them from comingling. Like, for example, an employee’s temperature recorded whenever they enter the building. Or another’s home address for shipping a laptop.

“Everybody’s a self-service data analyst now, and that’s putting a lot of pressure on the CIO,” Anupam Singh, Cloudera’s chief customer officer, told me. “Everyone wants these new dashboards up and running today. But the poor CIO has to tell them, ‘Wait, I have to first figure out whether you have rights to this data.’ ”

Watch for that battle to continue for CIOs. Because rather than returning to an all-hands-at-work scheme, many companies are crafting a more flexible work-from-work arrangement for the foreseeable future. As well, they’re also planning for the possibility of follow-on lockdowns in the weeks and months ahead as authorities try to flatten the curve. Which means the need to manage data access across unconventional links will be an ongoing problem for CIOs.

That said, given what CIOs have just been through, they likely are better equipped now to handle the challenge.

“I think this is true across other agencies and companies as well, but I’ve never in my CIO career been so appreciated by so many people,” said the State Department’s McGuigan. “I think we’re leaving this period rethinking our own expectations for how quickly we can implement when the path is cleared for us.”