Security, stability and capacity: key technology considerations during COVID-19
Companies and organisations around the world have been forced to shift the way they interact with customers, suppliers and stakeholders at a rate few could have predicted at the start of the year.
Even established online grocery retailers’ robust e-commerce systems have been pushed to the limit as people shop online to comply with government guidance to stay indoors. Digital content providers, meanwhile, are experiencing a huge boom in demand, with streaming platforms urged to consider temporarily switching to lower definition output in a bid to manage the strain on their infrastructure.
Many of these companies’ servers are being asked to cope with a demand that had previously only ever been modelled as peak load, but, for the foreseeable at least, will be a daily ask.
For the vast majority of mid-sized businesses, however, capacity is less of an issue. Security is a bigger threat.
To accomplish social distancing while maintaining operations, most businesses are going online. Remote working is completely new to many, while working exclusively from home is a huge change to all but the most agile organisations.
The demands we are placing on remote-working technology to support this are extensive.
Businesses that are able to manage digital risk while providing stability and continuity will stand the best chance of weathering this crisis.
Potential issues to consider
Stabilising services across your networks should be a key consideration, as the pressure on local broadband infrastructure may mean outages or reduced access. For many organisations, remote systems will be under significant strain, which may impact performance.
Implementing new technology may be best left until the outbreak is over, so teams can focus on the continued operation of established systems. Untested software can be unstable and it would be best to use existing solutions for the time being. Roll-outs may need to be paused or revised, and restarted at the right time.
Engaging with consumers without physical interaction is a major change for many organisations. Key questions need to be asked about how to manage communications and ensure website infrastructure can handle the increased digital load.
E-commerce systems need to have the functionality to keep customers informed, and process orders, without reliance on front-line staff.
Securing your systems and data is essential, but many organisations will be reacting quickly to attempt to establish some degree of business as usual, without giving due consideration to cyber hygiene.
Patches and upgrades are being put in at short notice, but questions will almost certainly arise about how secure these prove to be. Well-meaning business areas may have rapidly bolted on additional IT services to stay operational outside of their normal IT teams or processes and this ‘shadow IT’ may be leaving businesses exposed, if it is not configured to work securely with existing infrastructure and systems.
In addition, people working remotely may be using inappropriate facilities (such as personal Dropbox accounts) as temporary solutions where approved systems fall short or prove difficult to access.
Focus an internal audit on checking resilience and continuity arrangements. Identify where technology and programmes are working and where they are falling short. How will you run back-ups and are they in accessible locations if required?
Consider increasing your system capacity in the short term to ensure it is sufficient, and make sure all internet-connected devices and services are patched appropriately and kept up to date.
Prioritise patching high-risk applications that will be used extensively during the quarantine period. Ensure cloud systems have been configured appropriately for security and understand exactly who’s responsible. This is particularly important when you are operating hosted environments such as IaaS, SaaS.
Run regular external vulnerability scans where appropriate and reinforce security policies, so that employees know what to do when a device is lost or they think they may have been subject to cyber phishing.
Restore and reimagine
Are you prepared for a return to ‘business as usual’ after the pandemic is over – and can you predict what that will look like? There will likely be a spike in demand in some industries.
Have you thought about what your estate will look like after all this is done? With remote working proving effective, or at least manageable, longer-term adoption may well be something which could benefit your company.
Some of the more forward-looking businesses already have one eye on the future and are considering the effect potential longer-term shifts in consumer spending and the way we work will have on their requirements for digital infrastructure.
Questions to consider
Do your employees understand and abide by a formal remote-working policy, and is it effective and secured against cybersecurity risks?
Will your team – including IT support staff and third-party teams – be able to cope with remote working and large numbers of staff absences?
Have you managed the access rights, VPN requirements and cloud security settings of all the members of your team who now need to work from home?
Have you conducted external reconnaissance of your digital presence, penetration testing and checked the availability and security of your key outsourced systems?
Can alternative techniques, such as data analytics, be introduced or leveraged further to provide visibility of risk and control effectiveness?
If you require strategic advice and support with during this challenging and unprecedented time, please don’t hesitate to contact me, or a member of my team.