Business continuity: Coronavirus crisis puts CIOs’ plans to the test
As the Coronavirus pandemic spreads, CIO have the perfect opportunity to brush up on business continuity planning as they strategize their response.
Senior Writer, CIO | MAR 19, 2020 3:00 AM PDT
As the COVID-19 coronavirus rattles industries, it’s more important than ever for IT leaders to ensure employees have the tools they require to work remotely and securely.
“When traditional channels and operations are impacted by the outbreak, the value of digital channels, products and operations becomes immediately obvious,” according to Gartner analyst Sandy Shen. “This is a wake-up call to organizations that focus on daily operational needs at the expense of investing in digital business and long-term resilience.”
For most organizations, that means a boost in business continuity (BC) planning. From executing “fire drills” associated with cyberthreats to spinning up additional data centers and communicating about the challenges of remote work, IT leaders are facing down COVID-19.
Here IT leaders share their plans to bolster BC, providing templates for peers to keep businesses humming smoothly in preparation for disasters — no matter what shape they take.
Since joining AvidXchange as CIO in 2018, Angelic Gibson has invested in BC planning to ensure that the SaaS provider of accounts payable software can serve employees and customers without a hitch. This includes enabling AvidXchange’s 1,400 employees to work from anywhere no matter what role they occupy. “There are pieces of business continuity planning that we’re starting to activate,” Gibson tells CIO.com.
As the pandemic unfolded, Gibson stepped up “role-playing” activities, essentially testing to ensure that remote staff had the proper tools, including computers and collaboration software to ensure virtual meetings at scale through applications such as Microsoft Teams and Cisco WebEx. She’s also ensured that she has a handle on network traffic through the VPN, including testing volume, to make sure staff can connect to their business applications.
Gibson says the role-playing is akin to cybersecurity drills many companies execute to prepare staff in the event of breaches that lock them out of operations. This entails ensuring staff know how to do their jobs when they cannot physically come to the office. “I feel well prepared to run our business and support our customers through various scenarios,” Gibson says.
The cybersecurity drill provides a good template for facilitating BC for the current pandemics, says Gartner’s Shen, adding that C-level, operations and IT staff should practice emergency drills at least once a year to prepare for cybersecurity incidents but also disruptive events such as COVID-19 that threaten the continuity of operations. The goal, Shen says, is to identify gaps in policies, processes, technologies and workforce planning so they can make contingency plans to better prepare for future incidents.
Sound time management for remote workers
CIO Alastair Pooley has switched exclusively to remote working at Snow Software, a provider of SaaS-based software asset management tools based in Stockholm, Sweden. Pooley took pains to ensure that employees use corporate-issued laptops to perform their work, in accordance with Europe’s Global Data Protection Regulation (GDPR) rules that forbid employees from putting work data on a home computer.
One advantage Pooley has is that more than 95 percent of Snow’s 120-plus applications run in the cloud and require employees to use multi-factor authentication. This “zero-trust” network access model affords Snow with more security, while enabling employees to access their apps and data from anywhere. “We’re well set up for remote work,” Pooley says.
Even so, Pooley had to ensure that Snow employees had enough capacity to access an order management system, software products the company develops and legacy file servers from the VPN. “We rarely have this number of people working remotely,” Pooley says. He also had to set up a call-forwarding system to allow customer service staff for field calls from home.
The technical challenges are minor; Pooley says he frets about the cultural aspect of remote work. At an all-hands meeting earlier Monday, executives stressed the importance of advising the rank-and-file not to overwork themselves, which can impair productivity, as well as the importance of setting up a quiet place to work and taking regular breaks. “It can be hard when they suddenly don’t have a commute and find themselves working more hours,” Pooley says.
Turning crisis into opportunity
During the current health scare it is incumbent on IT leaders to shore up “flat spots” in their organizations, says Stan Lowe, CISO for cloud security vendor Zscaler, who previously ran cybersecurity at PerkinElmer, the Department of Veteran Affairs and the Federal Trade Commission.
“Never let a crisis go to waste,” Lowe says, adding that the coronavirus offers CIOs the perfect time to “take a good look at things that matter to your organization.” Lowe, who helped spin up an additional data center in Milan to ensure Zscaler had enough computing firepower to support its operations as well as its customers, offered the following advice for CIOs and CISOs looking to get their arms around the challenge:
Apps and data. CIOs must ensure that the right IT systems are fully operational. The top app? Email. “Without email, places come to a screeching halt,” Lowe says. Of critical importance is ensuring that employees can access any top-tier software they require to do their job at home.
Hardware and bandwidth. A lot of people in non-knowledge work sectors have desktops, so CIOs should consider whether to let those staff use their home devices in lieu of their work PCs. And they should ensure they have enough bandwidth to handle the external traffic. For most corporations, 70 percent of the bandwidth requirement is outbound. But with the rush to remote work flipping that model, CIOs should assess whether they have the network capacity to handle increased inbound traffic.
Reassess your risk profile. As do data breaches, pandemics offer great opportunities for IT to evaluate their risk tolerance and consider creative ways to enhance security through technology or administration. Is IT equipped to fend off emerging cyberattacks and other threats? For example, Zscaler is seeing new phishing scams piggybacking on COVID-19, including one that purports to use AI to protect users from the coronavirus. “You have to make sure your business can deliver goods and services to drive revenues,” Lowe says.
Communications culture. Mastering communications is the mark of a good leader, but many executives fail to loop in the rank-and-file staff during a crisis because they forget that they’re not sitting in the same meetings with the C-suite, Lowe says. It’s imperative that executives close the loop and keep all employees up-to-date regularly each business day. Microsoft’s handling of communications during the coronavirus outbreak is Exhibit A of how to be proactive and keep staff informed.
“Your employees are more worried than you are because they don’t have access to the planning information, which could cause serious morale and production problems,” Lowe says. “At these high- level meetings, we forget that we know what we know, but they don’t know what we know so you can’t communicate often enough.”
Facilitating “trustworthy” information is also paramount, says Gartner’s Shen, adding that data from unverified sources or the lack of data can impair sound decision-making and escalate employee anxiety.
Shen recommends that organizations set up a website, app or hotline featuring curated content to provide guidance to employees. These sources include local governments, healthcare authorities and international organizations, such as the World Health Organization (WHO).
Gartner is offering additional analysis on the actions CIOs and IT leaders should take to remain resilient during coronavirus business disruptions during a webinar “Coronavirus Outbreak: CIOs’ Short- and Long-term Actions” on March 24 at 11 a.m. ET.