When we wake up from this mini dystopia, the world will have changed, especially the way companies go about business continuity (BC) and disaster recovery (DR) planning. Previously based on natural disaster or cyberattack scenarios, these strategies will need to expand to include new scenarios staring us in the face today. Previously de-prioritized and overlooked risks could stymie a business very quickly. Organizations need to closely consider and plan for each of them.
What are some of the risks that may not have hit a company’s radar in a significant way?
Risks – some old, some new
Regional shutdown: If a state or city your business operates in was closed or inaccessible for 1- 4 months, would your company survive?
Up to this point, it’s been common for medium and large businesses to have specific operations or employees in a single locale. Historically, this made sense; it optimized workflow, teamwork, and organizational synergies. However, recent events have opened our eyes to the substantial risks of consolidating systems and employee locations around operational functions. The massive shut down of offices and public spaces across major business hubs due to human safety concerns brings this issue to the forefront. This scenario now has precedence and will be expected to be addressed. Going forward, companies must ask themselves if they could survive another similar or longer shutdown in the future and what steps should be taken to make this scenario survivable.
Stay-at-home orders: Are employees who perform critical functions prepared to do their job from home on short notice?
Zoom does not solve this one. Until March 2020, many companies still required employees to work from the office, even if the employee didn’t need to physically be there to successfully get the job done. A slew of reasons, including corporate culture, logistics, and security, rationalized this. The new reality of government-mandated stay-at-home orders has had companies scrambling. Even large enterprises with long-standing, comprehensive BC and DR plans struggled with overwhelming remote access issues, including a lack of infrastructure to support remote access, inadequate tools to facilitate remote work, and scarce technical understanding at the individual employee level to effectively work from home.
Inaccessible systems or infrastructure: TeamViewer going to Citrix going to a laptop in the office. Where’s the duct tape?
This risk is an overlay to all other risks. Technical systems and infrastructure have long been the focus of IT departments, as they try to achieve the elusive (and imaginary) 100% uptime. As SaaS adoption increased so did the focus on uptime and availability. This left behind a subset of companies, mired in legacy systems, realizing that their current technology infrastructure is no longer relevant and potentially a major operational risk.
Your infrastructure landscape must be set up to support local or regional outages and inaccessibility. There are countless companies dealing with a patchwork of strung together systems and infrastructure. Many of them are doing it with a fraction of the staff they had just 60 days ago. TeamViewer going to Citrix, going to a laptop in the office should not be the go-to solution. All kidding aside, tech staff out there might have seen something very similar. Even at the smallest company, if employees and customers are unable to utilize critical systems, the negative impact on the organization and its customers could be overwhelming.
Opportunities – solving these problems
Knowledge redundancy and the cloud
One of the most complex risks to mitigate is location shut down. The business impact this could have on any size or type of company is enormous. For example, if you run a small or medium-sized business, how do you operate if on any particular day your office is no longer accessible and that situation may last for a week, a month, or longer?
One option for addressing a location shut down is building smaller remote teams in geographically disparate locations, strategically ensuring employee and operational knowledge redundancy. For medium and large organizations, a solution could be splitting teams between offices in different locales.
However, this poses a more substantial issue for smaller organizations that have only one or two offices and a few remote workers. For example, small companies have only one or two people executing critical operational functions that won’t benefit from a geographical solution. Smaller companies should create and test a BC plan that includes moving to a fully remote work environment. Large or small, we are learning this lesson right now.
In all cases, operational systems will be required to be accessible from, at minimum, a single disparate location and preferably any location. Moving to a cloud infrastructure can address this issue and adopting SaaS offerings is helping to drive many organizations there. Those organizations that are not currently transitioning to the cloud should get hyper-focused on this task to mitigate risk.
System and data redundancy
Clearly, the days of having a single server room with an organization’s technical infrastructure are over. Every IT manager knows this.
Whether your organization runs on cloud-based infrastructure or some hybrid of on-premise and cloud, all critical systems and data must be locationally redundant. Most of the major cloud services providers will offer datacenter redundancy in different locations. When working with third-party vendors, due diligence must be carried out to ensure all your vendors address these risks.
Test your plan
You’ve created your BC and DR plans, now you need to stress test them (more than once) to determine their efficacy. What are the weak areas that need to be strengthened? Are all employees prepared to access systems remotely? How are customers affected?
Our current stay-at-home orders gave many companies just 48 hours to test their plans before the order was effective. It doesn’t have to be like this in the future.
The additional step here, which could possibly be overlooked, is to ensure that any business-critical third-party SaaS apps, used by your organization, clearly address data redundancy and how catastrophic events would impact system uptime and accessibility.
Remote meeting and collaboration tools
Luckily, as we all found out, this nut has been cracked. With the widespread use and social acceptability of video conferencing and screen sharing tools such as Zoom, WebEx, Hangouts, Teams, and others, there is no lack of solutions to solve both the video meeting and remote collaboration issues. The instant social and corporate acceptance of remote meetings and remote work due to stay-at-home orders will quite possibly change how companies operate long into the future.
Capitalize on these opportunities sooner than later
The new normal for business includes new risks and new opportunities. Taking a hard look at the centralized aspects of an organization and the operational infrastructure that supports the most critical areas of the business is required. Decentralization of one or more of those critical areas, in order to mitigate catastrophic events, should be under serious consideration. Now is the time for companies to strengthen their positions and rebound faster during future hard times.
There is a new opportunity here to create a solid operational infrastructure that could very well be deemed a competitive advantage. Companies that do not adjust to these new risks will surely see negative impacts.