If you’re a CTO, you’ve seen the joke:
Do most companies have a disaster recovery plan (DRP) in place? Yes. What about business continuity plans (BCP)? Again, yes. The bigger, more important question is, do companies have plans that could match a crisis like the coronavirus? And in that case, the answer is no.
You can’t change what’s happened, you can only review how your company handled it and learn from mistakes or missteps. Hindsight is 20/20. Here are a few challenges CTOs came up against during the high-stakes rush of COVID-19, and the takeaways you can use to prepare for the next crisis.
Your established disaster recovery and business continuity plans make immediate accommodations for a limited number of essential staff, intending to be short term. And in most cases, the plans rely on systems and services in alternate geographic locations. In the case of a pandemic, those resources can’t be leveraged for the long term.
COVID-19 required rapid execution and reshaped digital transformation. More importantly, it required a long-term solution that could last months or even a year.
Clear communication, quick assessment, and swift action were paramount to a successful transition. Coordinating the move of 200 computers is taxing not just on you, but also the users who need those devices to do their work. Clear communication helps ease their mind, knowing you have the situation in hand, and when they can expect their devices helps reduce their panic.
Takeaway: CTOs are front and center, and your role is going to grow as COVID-19 persists (and again when another disaster comes along). Plan for the worst-case scenario, then plan again for the worst worst-case scenario. Know how you’ll communicate with users, how you’ll find and track devices as they leave the office, and how you’ll retain business continuity. If your plan doesn’t allow you to do all of that in less than a week, train your team and do tabletop exercises until you can.
Companies should consider how teams will collaborate away from the office. Assign a single tool for the company as a whole that encompasses phone calls, video conferences, and online chat. Agio’s SkySuite can help you with this.
Physical data centers were a liability in the early months of COVID-19. IT teams couldn’t access their own hardware because buildings were completely locked down, but they still had to provide user support.
Switching from in-office to remote workspaces meant moving from desktop-based solutions to cloud-based solutions. Cloud-based services like Azure are on everyone’s radar right now. If your company had already migrated (or at least started a migration), you were probably in better shape than other firms. If you had tools like Desktop as a Service (DaaS) in place, you were ahead of the game and likely saw a more significant benefit during the transition.
Takeaway: While other companies cobbled a solution together (letting security measures slip in favor of optimal productivity away from the office), CTOs who took advantage of the cloud and DaaS had fewer issues because they had a reliable enterprise-class solution designed from the ground up with security in mind.
Adopting the public cloud gives you an adaptable, scalable base that leaves room for substantial changes in how your firm operates beyond COVID-19. No company can match the efficiency of the cloud and the effectively limitless, on-demand resources that come with it. Data is automatically backed up, you have unlimited storage space, users can access tools and applications from anywhere in the world. And servers, storage, and networks can be added, removed, reconfigured, and upgraded quickly on a 24/7 basis—all remote, no one has to travel or even touch hardware to provide support.
All those items you were putting off—finding gaps and redundancies, putting cybersecurity and governance frameworks in place, identifying missing capabilities—came back to haunt you in a matter of hours.
Takeaway: Drastic housekeeping is in order. You’ve probably been adapting to changes on the fly, but it’s time to really sit down and plan for and fix everything you’ve been putting off. Now is the time to audit your digital assets and how processes work (or don’t work), then incorporate a cadence of review and testing to ensure you’re improving now as well as being ready for the next crisis.
Look at your legacy applications and manage them appropriately. If it’s time to move on, do it now. If there are processes to automate, now’s the time to get that going. You’re leading the charge, and the executive team is relying on you. They’re probably more receptive than ever to suggestions on improving efficiencies.
The new architecture of work-from-anywhere means cybersecurity has the spotlight. When users aren’t in the office, it’s easy to forget that, even though they have their device and can access the data and applications they need, they don’t necessarily have the safeguards that were in place at the office. Users may be working over unsecured networks and sharing devices with family members. Or they may let their guard down and fall prey to a phishing attack.
Takeaway: Preventing data loss is an urgent priority for CTOs. Training and continued communication about best practices are imperative. All devices should have two-factor authentication (2FA); all laptops should have endpoint protection (EPP).
So far, we’ve focused on lessons learned and how to prepare for the next crisis. One thing you can do to get ahead of the curve is to determine how you’re going to handle users coming back into the office.
A few things to consider to ensure that users aren’t bringing outside safety threats into the company network:
- Confirm devices have the latest updates and patches
- Create a portal where users can flag technical issues
- Reconcile company data stored across multiple company and personal devices
- Optimize the tools used for sharing company data
With most disaster recovery scenarios, the migration to the systems is the easy part. The migration back and the reconciliation of the data and security can be a much larger challenge.
Telecommuting is likely a permanent part of the landscape. Taking that into consideration, look back at what’s worked and what hasn’t since March, then adapt as needed.
Consistent and scheduled testing—factoring in redundancy and resiliency—is critical for successful disaster recovery and business continuity plans. CTOs are moving IT teams to the front of the line to educate a non-technical workforce about cyber threats and providing security training.
COVID-19 is just the latest emergency. Continuous modification, scaling, and training are the new normal; it’s how firms will weather the next watershed event. If you’re ready to evaluate your current DRP and BCP, . Agio is here to help.