The business case for cloud technology could not be clearer today. In recent months some of the reservations that organisations have harboured towards the cloud. Today, cloud technology has enabled wholesale remote working at a scale, that pre lockdown, would have been unfathomable.  Â
Recent months have put organisations’ business continuity plans to the test. As organisations now revisit their business continuity strategy and IT investment models for the future, their challenges and considerations will be different to what they were, even a few weeks ago.
Focus on ‘people first’
Predominantly, business continuity plans have been focussed on ensuring commercial operation during a crisis within the confines of a physical location – the office. While people have always been a key component of the plan, here on in, and perhaps for the first time, business continuity plans need to put staff on the top of the list in terms of importance due to the dispersed nature of the workforce. With flexible working no longer being a perk, attention needs to be paid to work culture, properly supported by a cloud environment.
Risk considerations from a staff perspective will change too. At a base level, typically staff safety and risk mitigation has centred around physical events such as a fire. But how do organisations ensure staff safety and their availability during a black swan event with wholesale remote working? Â And what role will IT play in such a scenario?
Technology alignment with working practices
Organisations need to revisit their technology infrastructure to align it with new working practices. While digital transformation initiatives are underway in most organisations, these programmes need re-examining holistically. For example, to ensure easy, intuitive, and yet secure access to business information, centralised, policy-driven, and cloud-based repositories for document and email management become essential for a dispersed workforce. Not all organisations deploy such systems today, and even less in the cloud.
In many sectors, despite the push to digitise records, there is still a significant reliance on paper for day-to-day activity – be they physical contracts, internal forms, postal letters and or any such. For the future, organisations need to review some of the older, non-electronic processes to close the loop and ensure that important information isn’t missed, which could impact business operation. By way of an example, during this lockdown, in some law firm offices, staff are having to go in to take deliveries of post, scan and then send electronically to lawyers.
With a reduction in face-to-face meetings, perhaps there is a need to make video conferencing capability available to every single employee, unlike currently where in most organisations only a limited number of licences for such tools are purchased. Â For example, some Office collaboration features are limited, unless the organisation has invested in the more expensive Office 365 Business or Enterprise licences.
Security measures rethink
Cyber criminals are having a field day as organisations scramble to remain operational remotely. With home working becoming ‘business as usual’, information security needs to become a top business continuity priority.
A layered approach to information security becomes essential. Foremost, conversations with cloud technology providers need to focus on their future security-related roadmaps, with contractual decisions taken based on the adequacy of those measures. For business-critical functional systems, investment in technologies such as Zero Trust, behavioural modelling and threat detection need to be undertaken.
Over the years, huge amount of investment has gone into security systems for the office-based environment. Now with a dispersed workforce, the importance of advanced end point security systems grows in stature. The laptops of employees may not have the same level of protection as they would have in the office environment. Potentially AI-based end point security will become an imperative for business continuity and security
Information disposal is another challenging issue. At a system level, policy-based security measures can be put in place to protect confidential information, but thought now needs to be given to how employees in their home offices can dispose of commercially sensitive physical documents – especially in sectors where paper documents are still widely used. For example, do staff need to be provided with crosscut paper shredders?
A different kind of capacity planning
Even in organisations that have adopted the cloud in some shape or form, capacity planning has been limited to a proportion of the workforce working flexibly or from home – with scalability thrown in for occasional disruptions such as train cancellations or annual snow-related transportation problems. Post COVID-19, organisations need to devise measures to ensure immediately available capacity for 100 percent of staff working from home.
There are costs involved, which need to be factored in. In many organisations, this kind of capacity planning has been under-invested in. If everyone needs to be working on the VPN, then more licences need to be catered for. Capacity will also need to be purchased for much higher volumes of data, that can flex in real-time. The same applies to disaster recovery. Organisations need to reconsider their investment in cold, warm, and hot sites, based on new business requirements. There is a strong case for investment in SaaS, PaaS and IaaS models.
Supply chain resilience
The COVID-19 lockdown brought to the fore the true IT resilience (or lack of) of organisations. Many businesses have not been able to meet their contractual SLAs. For example, many organisations struggled to get hold of laptops to provide to their staff when the lockdown was announced.
Most organisations have single suppliers for different types of requirements – i.e. they might use HP or Dell for PC equipment, another suppler for office supplies such as paper, and so on. Future business continuity plans need to ensure that there are strong backup measures in place for equipment and other business-critical online, IT infrastructure services. Likewise, from a support standpoint, technology suppliers with remote IT implementation capability will merit partnership compared to those that can only deliver and maintain systems on-site.
Business continuity planning in organisations requires an overhaul. Organisations will do well to consider tabletop testing of their business continuity and disaster recovery planning to ensure that their strategy is fit for the new business environment. It will allow them to re-direct and re-invest their resources in the most optimal manner, while ensuring that the needs of all stakeholders in the business are adequately met. Â Business continuity plans need levelling up, based on future unforeseen events.
Neil Davison, Chief Technology Officer at Ascertus, has over 23 years in the legal industry, delivering change programmes at law firms. Prior to this, he was IT Director at Farrer & Co for more than 11 years