How to bolster IT resilience, before the next crisis

The COVID-19 crisis has changed how and when we work, possibly forever.

“Agile, distributed ‘anywhere, anytime’ workplaces will become the norm,” ServiceNow CIO Chris Bedi wrote recently in Workflow. “Managing complex digital workflows will be critical to providing employees the services and experiences they need to do their jobs seamlessly and effectively.”

Technology played a critical role in ensuring business continuity during the almost overnight shift to work-from-anywhere. Adjusting to the new work paradigm requires CIOs and other technology leaders to zero in on business continuity—and invest in it before the next crisis hits.

Here are four key areas where technology leaders should focus their attention and their budgets.

1. Invest in a hybrid, multi-cloud strategy

The pandemic changed working from home from a perk into a requirement. Even when the crisis finally passes, not much is likely to change. Global Workplace Analytics predicts that 25 to 30 percent of the U.S. workforce will continue working from home multiple days a week through 2021.

Now is the time to begin or continue investing in hybrid and multicloud solutions, says Jake Smith, the director of data center technologies at Intel. Combining private and public clouds gives enterprises the ability to scale up quickly, as they did during the initial March lockdown, while keeping legacy workloads and sensitive data safely on prem.

“Before COVID, you might have had 1,000 employees but only 100 needed to access your network remotely,” says Smith. “Now, suddenly all 1,000 are working from home. You need to rethink everything, from upgrading the network to how you do backup and recovery to implementing new security procedures, all while keeping the business running.

“In a situation like today’s,” he adds, “where IT staff can’t work inside facilities, you need to create environments they can manage remotely.”

2. Automate security and other workflows

The sudden surge in people working from home also puts enormous stress on security resources that were already stretched thin. Now, in addition to protecting the corporate network, CISOs have to worry about every employee’s laptop and home Wi-Fi setup at a time when COVID-era attacks are accelerating.

“The uptick in attacks right now is historic,” says Mark Campbell, chief innovation officer for Evotek, a digital enterprise solutions firm. “CISOs are asking, ‘How do we secure all those BYOD devices connected to our mission-critical assets? How do we implement zero-trust and password-less access, or newer endpoint protections like Secure Access Service Edge (SASE)? How do we audit the shadow IT that was necessary to make connectivity possible?’”

Security teams, already overtaxed, will need to rely more heavily on automated processes to identify threats and respond to them, says Deborah Golden, Deloitte’s U.S. cyber and strategic risk leader.

“We now have an exponentially larger threat landscape with more networks, more data, and more people than any security organization could possibly monitor,” Golden says. “The only way to do that with fewer people and less money in a short window of time is to look at robotic process automation, machine learning, and AI.”

The uptick in attacks right now is historic.

The pandemic is also pushing enterprises to begin automating other workflows to reduce costs and increase efficiency, says Campbell.

“They’re looking at workflows that may have been considered sacrosanct in the past—like operations, business intelligence, and supply chain,” he says. “And many enterprises are finding out that they’re not as automated as they thought they were.”

3. Stress test business continuity plans early and often

The COVID crisis put every enterprise’s business continuity plans to the test—and not every organization passed, says Sue Bergamo, CIO/CISO for EpiServer, a global e-commerce company.

“There are three kinds of companies during this pandemic,” Bergamo said. “Those that were prepared, those that were semi-prepared, and those that weren’t. I was a little surprised to learn that in 2020 we still have companies that don’t have business continuity plans in place.”

But even the most comprehensive plan isn’t worth much if it’s not routinely tested, reviewed, and refined.

“Your business continuity plan needs to constantly evolve,” Bergamo says. “You need to be ready for anything and have the technologies in place to respond.”

EpiServer utilizes ITIL and ISO 27001 frameworks as guidelines and tests its business continuity plan every month, doing live failovers of critical operations between its five major global offices during company holidays.

“We don’t just test once a year, like a lot of companies do; we test all the time,” Bergamo says. “We have redundancies across the globe, which is the only way you can make business continuity happen on a worldwide basis.”

4. Invest in your team

With IT teams running full speed 24/7 since March, burnout is a real concern, says Intel’s Smith.

“The only way your organization is going to survive is if you and your team do,” he says.

Companies should consider creating new touchpoints among employees and between employees and their managers. These could include digital “watercooler” sessions and more frequent one-on-one meetings, so managers can keep tabs on individuals’ well-being. Other approaches include more frequent celebration of milestones and team successes, as well as mandatory breaks as part of the daily or weekly routine.

“You need to find time to step away to be the best you can be for your enterprise,” Smith says. “Otherwise, you’re going to be overworked, and you’ll miss something important.”