IT organizations, especially those that were a bit too lax about resiliency and business continuity, had a rude awakening in the face of COVID-19 as they scrambled to deliver a rapid-response remote work plan.\nTraditional enterprise IT resiliency and business continuity plans aren\u2019t set up to respond effectively to 100-year-type events like a global pandemic, which touched every employee and every corner of organizations. Business continuity and IT resiliency roadmaps that focus on the creation of \u201clevel 4\u201d recovery options in different regions, or are limited to bringing specific teams or geographic locales back online, were not really designed to ensure secure, work-from-home capabilities for every employee.\nDespite these extreme circumstances, many enterprises fared surprisingly well during the COVID-19 transition, a recent #IDGTECHtalk Twitter discussion revealed. There were cultural hurdles and a fresh batch of security challenges to tackle, including a rise in insider threats, problems surrounding shadow IT, as well as disruption to standard security best practices. However, the exercise also refocused IT organizations on the importance of business continuity and disaster recovery (BC\/DR), with most shoring up and refining plans as they exit crisis mode and launch into continuous improvement.\n\u201cIf you didn\u2019t have plans, you now realize you need them,\u201d said Arsalan Khan, a speaker and blogger on business and digital transformation. \u201cIf you had plans, you now realize you need to test them. If you tested plans, you now realize you have to update them. And by the way, the business should be on board to provide the budget.\u201d\nPreparing for a global pandemic\nAsked what they could have done better, participants in the Twitter chat had a wide range of suggestions. Taking a proactive and long-term stance to BC\/DR planning was a key takeaway, along with the need to design IT infrastructure for flexibility and adaptability. Another important point: Don\u2019t bake business continuity and resiliency into specific assets; instead, make it a framework of decisions and criteria that is regularly tested and that can lead the business.\n\u201cFew companies had a binder marked `global pandemic,\u2019 but many had policies that called for annual DR testing that they didn\u2019t enact,\u201d said Kayne McGladrey, CISSP and cybersecurity expert. \u201cTeams play how they train, but not having table-topped crisis communication, DR\/IR hurt response.\u201d\nAI and automation have a role to play, but they\u2019re not quite there yet\nWhile much has been made about the role of AI and automation in bolstering security and helping enterprises remediate vulnerabilities and interruptions to digital business operations, most #IDGTECHtalk participants said it is still early days for those technologies.\n\u201cI think [AI and automation] are about five years away from overall use for most companies,\u201d said Ben Rothke, an information security manager at Tapad. \u201cIt has a lot of potential within infosec, but many solutions are hype and they do take time to implement.\u201d\nBest practices for a more resilient future\nMoving forward, chat participants advocated for evolving DevOps and agile practices to aid in more responsive IT resiliency. They also emphasized the need to build out a robust bench of security and operations talent and to make sure the culture promotes security and resiliency as everyone\u2019s problem\u2014not just IT.\nMost of all, experts said the COVID-19 experience should be a lesson that companies need to make IT resiliency and business continuity a continuous process and not wait for perfect. \u201cIT resiliency isn\u2019t an all-or-nothing game,\u201d said Wayne Anderson, a security and compliance architect with Microsoft\u2019s M365 Center of Excellence. \u201cMake incremental improvements and build a business case for the `big whack\u2019 at the systemic problems.\u201d\nThis Twitter chat was sponsored by ServiceNow. Please join the #IDGTECHtalk Twitter chat that occurs every other Thursday on Twitter at 12pm ET.