The COVID-19 crisis is forcing businesses across the globe to adapt to sudden operational disruption. IT, tasked with supporting the rapid, largely unplanned move to remote work, is truly on the front lines of the
effort to adapt day-to-day ops to a “socially distant” economy.
Existing disaster recovery (DR) plans simply didn’t envision this type of scenario. The most common way to conceptualize the “disaster” in IT DR is a physical threat to your technology infrastructure: events like a flood, fire, or a storm that destroys key servers. In this context, businesses need a plan for scaling up alternative infrastructure as fast as possible.
However, as we’ve seen with the COVID crisis, it’s just as possible for a disaster to affect your employees’ ability to access infrastructure. And the potential threat to business continuity can be just as great if you don’t have the right strategy for supporting employees as they move to a remote work strategy.
Businesses suddenly find themselves facing a very different sort of DR question:
How do we preserve business continuity if our infrastructure is up and running but our users can’t reach the sites and technology necessary to perform daily work?
In this article, we highlight some key concerns to cover when updating your DR playbook to reflect the risk of disasters that disrupt employees’ ability to access key technology infrastructure. Amid all this disruption, it can be hard to take a step back and think about formally documenting what you’re learning from the current situation. But now is the time to take note of the resources, processes, and plans you’re using to respond to this crisis and update your IT Disaster Recovery plan to reflect key lessons learned.
Ensuring Remote-Ready Employees: Home Hardware, Connectivity, and Security
Reliable employee connectivity from home is the foundation for effective remote work. At the most basic level, employees will need both capable devices and a quality internet connection to effectively work remotely on a day-to-day basis. While more homes than ever have basic computing devices and internet connectivity, there can be a real gap between a functioning home setup and one capable of supporting full-time daily work. For instance, an internet connection that’s fast enough to check email and occasionally work from home may prove almost unusable if called upon for daily, high-volume video conferencing (not to mention competition with the family for bandwidth). Even for organizations that already employ a BYOD approach or offer remote access for some applications, the sudden need to support a full range of business-critical applications (like ERP software) for a large number of personnel from home is a serious, multi-faceted challenge. Organizations without a BYOD approach may find that the only option is sending employees home with the equipment from their desks.
In addition to adopting remote access for mission-critical resources like ERP software, employees need access to practical tools like printers and scanners. These tools needed for simple daily workflows can be easy to overlook, but the inability to, for instance, quickly print, sign, and-scan key documents can create painful delays at the worst possible moment if your DR strategy cannot support them remotely.
For any new remote work solution relying on home devices, security will need to be carefully considered. Suddenly allowing access to hundreds of inadequately secured home devices in a disaster scenario means a massive security liability. If home devices are going to be used as part of your DR response, virus protection and other standard security measures need to be implemented wherever possible (ideally ahead of time).
Planning for Scaling Up and Managing Effective Remote Access
Fortunately, today’s marketplace offers a number of options for remote work, like VDI and Citrix virtual workspaces. While these solutions offer a powerful toolkit for projecting technology services remotely, a quality implementation still requires careful planning.
A few key areas that DR-planning needs to cover in case onsite-access is impaired include:
1. Licensing: An organization that normally maintains a handful of VDI licenses may suddenly find itself needing hundreds for its entire organization. Most virtualization solutions are readily scalable, but DR planning needs to ensure that a cost-effective plan is in place to acquire the necessary licenses quickly (and without locking into a costly-plan long term).
2. Training: Many users rely on limited keystroke-training on daily workflows, and can find themselves lost if the virtual environment presents even a slightly different user-interface. DR planning should include training/documentation resources for remote-work solutions whenever possible. Ensuring that each working group has at least one “power user” who can train colleagues on-the-fly is a useful method for ensuring that all users are acclimated to the remote work environment.
3. Management: Access-related problems like quarantine can create problems for administrative access as well. Effective DR planning needs to ensure that key supporting systems like firewalls can be fully managed remotely or accessed onsite when necessary. Even the need for routine configuration changes (tasks that might take minutes in-office) can create substantial delays if IT doesn’t have adequate remote management capabilities. A plan for some kind of emergency onsite access is also vital if, for instance, IT needs to change a disk drive or a crucial piece of hardware fails.
4. Communication and Collaboration: In addition to accessing the software needed for their daily work, employees need tools for conducting the constant communication that happens in-office. There are more collaboration tools than ever, from Slack and Microsoft Teams to Zoom Video. Once again, the key is defining a unified approach to your organization, ensuring all users are trained and capable of communicating as much as needed in their daily work.
5. Security: Unless every employee has a work-issued device capable of supporting full-time remote work, an access-denying disaster means hundreds of new devices will be accessing key business systems. A robust security plan needs to cover multiple bases: virus protection software needs to be installed on home devices, remote access needs to be fully secured, and employees need to be advised on best practices to avoid compromising sensitive data.
Gathering Knowledge to Build a More Resilient Organization
Based on our first-hand experience so far, companies are working hard to find solutions for the sudden remote technology needs introduced by this global virus. While these efforts have been largely successful at piecing together working solutions, many IT teams have had to improvise extensively to get the job done. And many are still figuring out, for instance, how to properly secure their new remote work environment.
Effective DR-planning tries to avoid unnecessary improvisation wherever possible, which is precisely why it’s so important to capture key lessons-learned right now. Many IT leaders have barely had time to catch their breath as their organization makes the sudden transition to remote work, and that makes it hard to think about long-term best practices. But now is the time to ensure that these hard-won lessons don’t go to waste.
Taking the time to update DR documentation now helps ensure these lessons are transformed into usable, institutionalized knowledge that’s ready to go for the next crisis.