The Coronavirus (COVID-19) hit the world hard without warning and spread quickly across countries and continents. In their attempts to limit the spread of the virus, governments and individuals have changed the way we interacted with each other, and the way we worked and did business. This had a significant impact on the organizational IT systems, their infrastructure and applications. Unfortunately, many organizations were caught by surprise and were ill-prepared to handle this new environment, which required a massive and immediate transition to a work-from-home model.
The first aspect of this change is the broader distribution of the IT environment. Until recently, organizations had most of their IT infrastructure and endpoints located within their offices, data centers or at service providers’ locations. However now with the massive growth of users working from home, the organization faces a situation where a large percentage of its endpoints is located outside of its premises. Beyond the logistical challenges of purchasing and delivering such equipment to the users’ homes (laptops, monitors, printers, fast Internet connectivity etc.), there are many security risks that the organizations need to address. Unfortunately, hackers do not rest at this time of pandemic that hit the world and are trying to leverage any new vulnerabilities they could find. Accessing the organizational network and data through endpoints at the users’ homes may be an easier way in, and this sheds a new light on IT security. The old approach that assumed that most of the endpoints are located within the organization’s premises is no longer valid. Many home WiFi networks are not secure enough, and corporate laptops now co-exist on the same home network with the personal, non-secured home PCs. Moreover, the sudden change in the way we work sometimes did not allow organizations enough time to purchase devices for users to work from home, so it is not uncommon to see employees using the family PC to access the organization’s application and data. Such PCs may very well be infected by malware which can be then used to attack the organization. It is important to note that most of the components of the required security solutions exist in the market, but they need to be acquired and deployed quickly as part of a new, adapted security strategy.
An additional aspect of IT readiness is the infrastructure and applications for a massive number of remote workers. The technical infrastructure of most organizations likely needs an upgrade to accommodate the sudden surge in growth of employees working from home. Communication lines, VPN and authentication servers need to be enhanced, and new solutions may need to be quickly explored and deployed. Such changes could involve moving from on-prem servers to scale-out third-party SaaS, such as Zoom and Office 365, or having developers work on virtual desktops (VDI) and running long tasks on remote servers. The internal IT support departments must adapt to this situation and allow phone/chat support since employees cannot be expected to stop by the IT helpdesk to fix an issue. Additionally, some applications may not work properly from home (e.g. due to communication latency or low bandwidth). Since it is not practical to completely rewrite all those applications, continuous monitoring of the situation by requesting periodical (daily?) feedback from the employees is essential, so the problematic bottlenecks can be resolved.
The interpersonal communication changes as well. Video and audio conference calls become popular and the new way to collaborate, replacing face to face meetings. The employees need to be trained how to be more effective in such meetings, and what is the right way to conduct them. A video conference is significantly different than a meeting in a conference room, when the interpersonal, non-verbal communication is neutralized and the conversation culture changes. For example, eye contact usually does not exist in a video conference call, since we look at the other person’s image and not directly at the camera (which is above or below the monitor). In audio calls, longer pauses are required between speakers, since if two people talk simultaneously, only one will be heard. Employees must learn those new skills to continue being effective when working from outside the office.
Last but not least is the organizations’ readiness to recover from disasters. We used to associate disasters with natural disasters or human acts (e.g. terror attacks), and many organizations assumed that since they were in “safe locations” (e.g. a small town outside of the hurricane/earthquake zone), they do not need to plan for disaster recovery. The Coronavirus has proven to us that it can hit anywhere, and you can never know if the town in which your data center is located would not be placed under quarantine overnight. What would you do then? How can you operate your data center? Can you easily move your data and applications to operate somewhere else, possibly on a public cloud, until things return to normal?
A proper design for disaster recovery requires more than just purchasing the right products. It is an organizational mindset stating that the business activity must continue, no matter what. It is implemented through establishing processes, training personnel, deploying the right solutions and testing them periodically.
The Coronavirus presented many challenges to humanity and is expected to change many things in our life. We will likely continue to adopt some of these changes also after we overcome the virus. Therefore, while we support the patients, the medical teams and the researchers that seek solutions to the disease, organizations will be wise to use that time to evaluate their readiness to the post-Corona era and to the new social norms and work processes that will remain with us.