For some businesses, the COVID-19 crisis has been nothing short of a disaster. However, enterprises that had robust and comprehensive contingency planning in place, the COVID-19 turmoil has had a limited impact on their ability to trade.

What has become abundantly clear over the last few months, is enterprises in the future, must have more detailed and far-reaching contingency planning in place to mitigate any future pandemic.

Speaking to David Lanagan, senior consultant, CloudStratex, Silicon UK asked has the contingency planning the tech sector had in place proved to be strong enough?

“No,” Lanagan emphatically responded. “And it is an area that has always suffered from underinvestment due to companies always stating they would never hit the panic button, as it is easier to fix forward and suffer a bit of pain to get up and running again. In situations like the current pandemic, they have realised that the answer to a higher power, i.e. the government.

“The decision to “invoke” is out of their hands, and this may happen again in the future. They must start preparing now and have a robust solution that works given a similar situation. There are a lot of companies using old Citrix and similar solutions out there, which are currently creaking at the seams, because they saw remote desktop working as a luxury, or something to cater for a tiny percentage of their company. The paradigm has shifted. You now must have a scalable solution that will readily adapt when the demand hits – luckily with the solutions available today; this is eminently achievable without costing a fortune.”

CIOs and CTOs will have to evolve the contingency planning. The disruption that COVID-19 has bought too many businesses will be specific to each organisation. Moving most staff to remote working and the impact this has had on hosted, and on-prem networks are clear. Systems are coping at the moment, but there is little flexibility in the platforms in use. Building more latitude into remote working platforms will be a core component of contingency planning for the next major business disruptor.

Some sectors – most notably healthcare – that typically don’t have large quantities of their staff working remotely have been hardest hit, as they grapple with remote working technologies. More importantly, security has become even more critical for these workers. CTOs using VPNs are using approaches such as two-factor authentication to reduce security risks. In the future, systems will need to be in place that can be quickly switched on when needed.

“While we could compare COVID-19 to quarantines throughout history, and even the H1N1 pandemic from 2009, several things are different,” Robert Rhame, director of Market Intelligence at Rubrik explained to Silicon UK.

“In 2009, the smartphone was still largely a consumer device, and many employees still had desktops. That has changed. We are much more able to keep a slightly deprecated business reliant on knowledge workers running remotely than even just ten years ago. Still, the employees themselves were thrown into remote working without being part of any test plan. Stories instantly surfaced of employees working from ironing boards, in noisy environments, or fighting with recalcitrant teenagers for bandwidth.”

A recent survey from Gartner revealed that nearly 50% of organizations reported 81% or more of their employees are working remotely during the coronavirus pandemic. Another 15% of those surveyed said 61-80% of employees are working remotely at this time. The Gartner survey showed that many workers are planning to work remotely more often in the future.

Commenting, Simon Pamplin, director of technical sales at Silver Peak, says: “This new Gartner study indicates what many of us will have been thinking for some time now: that even after the COVID-19 lockdown has ended, life, and particularly work life, will have shifted from what we knew before.

Pamplin continued: “The current remote working policies are unprecedented, and many organisations have been struggling with ensuring that connectivity, availability and quality of experience for UC&C applications are assured for their workers. This, in my view, represents a key tipping point for UC&C – often viewed as a nice to have in the corporate world, but now deemed a business-critical application. This shift in mindset will bleed into the time after COVID-19, with corporate networks prioritising collaborative applications and enterprises actively modernising their network infrastructures to be increasingly intelligent, agile, and adaptive to meet these needs.”

Businesses that have yet to embrace the use of teleconferencing and collaboration tools entirely will need to begin to use these services on a much larger scale. Services such as Microsoft Teams, Slack, Zoom and Webex can all be integrated. Planning and education will be essential when the current pandemic passes to ensure staff are agile enough to use these tools on a day-to-day basis, but also, able to quickly switch to using these tools remotely if they need to.

Future disruption

From an IT perspective future, contingency planning will mean more integration across what have in the past been often disparate systems.

Rubrik’s Robert Rhame commented: “Contingency planning in the future must look at the holistic business and its discrete components for areas that are brittle. These include legacy hardware, anything that requires physical intervention, highly specialised and difficult to run applications.

“While never a pleasant topic, mortality is a key risk in 2020, especially in combination with high levels of legacy or requirements for specialists. These human and technological single points of failure must be accounted for since the success of the organisation depends on them. Reduction of legacy debt is one of the top things needed to get ahead on all those transformation initiatives we were blissfully thinking of at the end of 2019.”

With Dave Chapman, head of Customer Transformations, CloudReach offering this advice: “From an IT infrastructure perspective, this is going to accelerate IT away from its ‘hobbyist’ background, which might have been blocking transformation historically. I think an acceleration into the cloud world, for all aspects of IT, is next to inevitable.

“For businesses in general: if their operations haven’t already changed, they will need to be thought about and changed urgently to ensure it’s possible to run themselves remotely. This is particularly true for very physical organisations; how can you continue to run them in a way that’s disrupted as little as possible through a crisis like this?

“This mainstreaming of continuity might very well be a major strategic plank for organisational change. This is potentially quite transformational – what was at most an interesting opportunity before, is now an absolute necessity for every organisation.”

Chapman concluded: “For organisations that are all about a physical supply chain, what measures need to be put in place to allow physical working to be safe, contained, and potentially scaled? I say scaled because online grocery services have all of a sudden become critical national infrastructure. The level has just been completely reset on organisations like that. It’s a big commercial opportunity for them, but it also requires organisation, rigour and flexibility.”

The COVID-19 crisis has exploded many businesses. The immediate need to move what can be large numbers of employees to remote working has meant in some cases, a radical change to working practices. Contingency planning for future events will need workforces and the systems that support them to be highly flexible and scalable – all with security and the threat perimeter in mind.

Silicon in Focus

Bob Sibik, Senior Vice President and Cofounder of Fusion Risk Management.

From a contingency planning perspective, what has the COVID-19 crisis taught businesses?

The COVID-19 crisis has taught businesses that the failure to proactively manage operational business risks comes with severe consequences. The companies that prioritised regulatory compliance and static plans over continual risk assessments and actionable data have been impacted the most. The reality is that looking at business resilience and crisis planning as a checklist rather than an ongoing process doesn’t work unless the crisis planned for perfectly aligns with the checklist. In the case of COVID-19, we heard ‘no one could have planned for this’.

While the statement may be true, that doesn’t mean organisations could not, and should not, have prepared for this. The organisations that built business resilience programmed were well equipped with the information foundation they needed. They quickly identified issues by combining data they already gathered about how their company works and simulation experience to refine their response strategies. COVID-19 has taught businesses that it is too late to plan for a crisis in the middle of one and that contingency planning should be done strategically and viewed as an ongoing process.

How will CIOs and CTOs have to change their contingency planning to mitigate the next crisis?

COVID-19 has shown how vital it is for CIOs and CTOs to ensure employees at their business have the tools they require to work remotely and securely. The crisis impacted communication, collaboration and operations, changing the daily norms of the workforce. Amid the pandemic, most non-essential businesses had to adapt to 90%, or even 100% of the workforce working remotely, which made the value of digital channels, products and tools very clear.

Moving forward, CIOs and CTOs must focus on ensuring that company IT systems have sufficient capacity and can be fully operational. Employees have access to essential software and hardware at home. They must also regularly communicate policies regarding remote work with employees. Lastly, CIOs and CTOs should continually assess the company’s risk. Security professionals are aware that the weakest link in the security chain is often people, and with a mostly remote workforce, the security risks skyrocket.

Which areas of a business’s operations need to be strengthened after the COVID-19 crisis has passed?

After the crisis, businesses should focus their effort and resources on resilience, on building a common information foundation that is kept current and accurate, and on mapping the organisational and ecosystem dependencies to understand how their business can be disrupted, and how disruption can ripple through the organisation.

The business that will adapt and learn from the COVID-19 crisis will be the most successful. These businesses are the ones that will conduct post-incident reviews, identify issues, and ensure remediation occurs.

Is being more agile and flexible – quickly switching to remote working when needed, for instance – essential for all businesses and organisations to adopt going forward?

Working remotely is a crucial component of contingency plans for business continuity planners. Before the crisis, more and more companies were open to remote working during normal business conditions, and the companies that practised “work from home” were more prepared for the COVID-19 crisis.

This means that moving forward; businesses should be prepared to switch to supporting a mobile and remote workforce quickly. Often, in business continuity, there is a rule that companies should plan for 30% of employees being out at any one time. We would say this should be at least 80% (people who are sick, people who are caring for the sick, people afraid to go outside). After COVID-19, it would not be going too far to recommend that companies are prepared for up to 100% absenteeism, with a capacity of over 120%.

Is a closer understanding of how the human capital and physical resources and technologies fit together, the basis of what contingency planning will look like in the future?

Contingency planning in the future will be predicated on collaboration and interaction between individuals within the organisation, between individuals and customers, and between individuals and suppliers. This will all be facilitated, and most likely more automated, in the future. Thus, while business viability requires a healthy and available workforce, contingency plans will need to ensure effective and secure interaction with technology and the data from anywhere at any time.

The COVID-19 crisis has shown the importance of protecting the most critical asset of the organisation – the workforce. It has also shown that employees must have the tools and technology required to carry on their work remotely, having been removed from local technology and each other. Employees should be supported and encouraged to think about what tools, information and equipment they would need to make decisions and maintain productivity at acceptable levels, should another situation as the pandemic arise.

As organisations plan for the future, they must remember that the ability to survive the disruption of the workforce or the disruption due to a crisis will not only depend on how effective they were in the continuity planning and preparation process but also the tools made available, as well as the employee training the business implemented, outside of a crisis as part of their contingency planning.