While the COVID-19 outbreak is far from over, even more trouble may suddenly arrive in the not-too-distant future. Now is the time for IT leaders to begin preparing their organizations for a possible second-wave flare-up this winter.
The worst may be yet to come, warns Massimiliano Albanese, an information sciences and technology professor at George Mason University’s Volgenau School of Engineering. “While we never truly reemerged from the first COVID-19 outbreak, we are likely to see a second wave of infections, which will force organizations that were starting to bring people back to physical offices to return to fully remote operations,” he says.
Preparing your organization to handle another major COVID-19 outbreak requires insightful, detailed planning, targeting a worst-case situation that, hopefully, will never arrive. Following these seven steps will help you get started.
1. Build a resilient culture
IT should embrace its role as an internal critical infrastructure provider, and set its operational expectations accordingly, suggests Paul Rohmeyer, an associate teaching professor and director of the master’s in information systems program at the Stevens Institute of Technology. “Specifically, IT needs to establish a culture that recognizes that future disruptions, pandemic or otherwise, will most certainly result in increased demands on IT professionals.”
IT leaders should also prepare their teams for the fact that a second major COVID-19 outbreak may require them to work longer hours and perhaps travel to data centers and other locations at a time when most employees will be sheltered in place. Such awareness should run two ways, Rohmeyer notes. “Employees need to be prepared to be called upon in a crisis, and management needs to recognize and reward the individuals and departments responsible for keeping the enterprise alive,” he says.
In today’s uncertain environment, it’s important to remain nimble and communicative, suggests Rich Temple, vice president and CIO at Deborah Heart and Lung Center. “No one quite knows what form the next outbreak may take, but what we do know is that we will collectively have to knock down walls, pivot rapidly, and be ready to successfully deploy new technology and workflows almost instantaneously.”
Accelerate the move away from legacy infrastructures and systems that hinder or prevent the successful deployment of dispersed teams, advises Toby Buckalew, CIO at OneShare Health, a medical cost-sharing ministry and plan provider. “Rethink how things are being done; rethink your roadmaps,” he says. Begin planning today for the new normal that waits in the wings. “This means working with senior management to understand the new business operations strategy,” Buckalew notes.
While planning is essential, so is decisiveness. “You can have all the ITIL and best practices in the world, but if you can’t jump into the boat when an emergency strikes and be able to make quick decisions … you are truly dead in the water,” Temple observes. “Everyone has to be ready to turn on a dime and to do whatever has to be done to address the immediate crisis at hand.”
2. Evaluate available IT resources
IT should ensure that remote employees have all the resources they need to work effectively from home, including both hardware and software.
“The first wave of COVID-19 caught us by surprise — although we should have known better — and the transition to remote operations was far from ideal,” Albanese says.
During this first shutdown, poor planning and preparation allowed expensive IT resources to sit idle in deserted offices and labs while employees were working from home on inferior hardware/software platforms.
“We can plan better for the future and use our resources more efficiently,” he observes. Albanese also advises IT leaders to check their collaboration tool portfolios for a sufficient level of redundancy and diversity. Having access to alternative tools is essential to ensure uninterrupted workflows if a collaboration platform suddenly fails or becomes inaccessible.
Rohmeyer suggests making remote access as easy and intuitive as possible, since during the initial COVID outbreak many help desks were overwhelmed by support requests from confused and frustrated users. “Access control, including multi-factor authentication, needs to be presented in a consistent, simple way that’s acceptable to users with average technical skills,” he explains.
It’s also important to stay on top of upgrades and keep key resources up-to-date. “For instance, when the pandemic hit, support for Windows 7 had ended just a couple of months earlier, and a good number of machines still had to be upgraded to Windows 10,” Albanese says. “Many of the machines that were taken home couldn’t be upgraded remotely and many of the ones that were left behind couldn’t be upgraded either because there wasn’t anybody there to restart them.”
Connectivity is the lifeline that makes working at home possible, yet many organizations experienced serious capacity issues during the initial COVID outbreak.
“Ensure that your secure remote access platforms are scalable to support 100 percent of your users,” suggests James Breeze, principal at technology consulting firm DMW Group. “Typically, organizations size their remote access platforms for 20 to 50 percent concurrency and can experience performance or availability issues when demand increases significantly.”
Depending on the particular remote access platform, it can take a considerable amount of time to acquire and install hardware and network connections capable of scaling up to a level that can support all users. “Replacing legacy remote access solutions with a cloud based equivalent … can enable rapid scaling without the need to invest in hardware,” Breeze observes.
4. Learn from the mistakes made during the first COVID shutdown
Lessons learned several months ago are gradually being forgotten as IT teams focus their attention on new, more immediate concerns. An organization may, for example, have struggled to obtain sufficient VPN capacity and bandwidth during the pandemic’s first few days and realized that it would be a good idea to deploy additional VPN endpoints or increase bandwidth as soon as possible.
“However, they may have never executed on that intent as the pandemic went on and workarounds were found,” says Michael Cantor, CIO of Park Place Technologies, a data center support services provider. “Now is the time to review these changes and get them implemented before the next outbreak.”
5. Update your business continuity plan
To ensure operations proceed without interruption or delay during another major COVID shutdown, update your organization’s current business continuity plan (BCP) to include lessons learned from the first outbreak.
“Every organization should have a BCP and, hopefully, followed it as they moved their workers to new locations,” Cantor says. “Taking time to review the current BCP, confirming it contains all the lessons learned from the first execution and applying those lessons now, will ensure the organization is ready for the next outbreak.”
6. Move digital transformation projects to the front burner
Digital transformation and related business projects, such as online ordering, curbside pickup and touchless purchasing, were often underfunded in the pre-COVID era. “The pandemic has turned these initiatives into imperatives for business survival,” notes Goutham Belliappa, vice president of AI engineering at business consulting firm Capgemini. He notes that IT may need to collaborate with other technology departments to quickly deploy innovative concepts into production as well as to discover new ways of interacting with customers and keeping their businesses open and thriving.
While many enterprises scrimped on modernization projects over the past several years, the initial COVID outbreak demonstrated the value of constant IT infrastructure evolution. “Creating flexibility in an organization’s infrastructure will be key to surviving another pandemic wave or other event forcing the business to relocate operations,” Buckalew says.
Buckalew advises advocating for virtualization whenever and wherever possible. “Virtualizing infrastructure and workstations can address most of the challenges an organization will face,” he says. Testing is the key to successful virtualized infrastructure deployment. “Testing doesn’t need to be intrusive, but it should be valid,” Buckalew notes. “Sending key staff to work remotely for a day or two is a good test of the ability for work to be accomplished.” Performing tests at several locations, with participants drawn from across the organization, further improves the chances of identifying any issues that need to be resolved.
7. Double-down on cybersecurity
Enterprise chaos is a dream come true for cybercriminals, who are only too eager to take advantage of the security gaps created by new, and all-too-often weakly protected, remote access technologies. A major pandemic outbreak, leading to depleted security teams, creates an ideal window of opportunity for data thieves and other system attackers.
IT leaders need to keep their cybersecurity teams even more alert than usual, Breeze advises. “With a reduction in staff … IT security and support teams can be constrained, giving cyber attackers more opportunity through unpatched systems or delays in response to incidents,” he explains. An increase in the number of people working outside of an office environment may also make enterprises more susceptible to phishing or malware cyberattacks “as the lines blur between work and personal life,” Breeze adds.