Business Impact Analysis of Social Distancing
We’ve all been witness to misfortune that companies have been faced with due to circumstances out of their control. Being headquartered in Nashville, TN our minds go to the recent tornados that swept through the heart of our city or even the flood of 2010 that crippled many businesses and put company data centers under water. Yet COVID-19 has been drastically different.
Most organizations have gone through the exercise of developing business continuity plans (BCP). Many public organizations are not just encouraged, but rather required, to conduct annual testing of operations and continuity planning activities which may also include disaster recovery. Yet despite all the BCP activities, very few organizations found themselves prepared for COVID-19. In today’s blog post, we will discuss some of the unique data challenges that organizations operating in a post-COVID-19 world are faced with and what they can do to overcome them.
Week 3. Legacy System & Data Management
Week 4. Business Impact Analysis of Social Distancing
Assessing the New Environment:
The first step in building a business continuity plan is to conduct an adequate assessment of systems and processes. Assessments for most BCPs include tiering critical company assets and data. In short, companies must understand what type of data is being stored, what the business dependencies on the data are and how could it be recovered in the event of an emergency or disaster to the main data storage device. However, one of the critical aspects to business continuity plans that many organizations have failed to address is how that information will be accessed in the event of a disaster, at least not to the extent which COVID-19 has required. Most companies have been implementing a remote workforce for years now, but those who haven’t and those who have done so on an ad-hoc basis, have found themselves playing catch-up and attempting to rapidly scale operations to achieve some level of normalcy as it relates to collaboration and productivity in the new operating environment. Understanding and documenting all assets in your environment including details such as asset ownership, key system functions, record storage locations and backup and redundancy must take place. Based on our experience there is a very high likelihood that the results of this effort will look very different today than it did six months ago. Once your environment is properly documented and known, your ability to then contain and control access to company data is vastly improved.
Planning for a Virtual Workforce
Like it or not, the virtual workforce is here to stay. Many companies will likely never return to pre-COVID-19 office environments. Metropolitan cities which were once critically important epicenters for business have been replaced with dual screen monitors, a standing desk, and a high-speed internet connection at home. There are several elements that companies must be ready to address as it relates to this new working environment:
In the past, there have been many security and technology limitations encountered to enable a fully secure remote working environment. Companies attempting to deliver the same services remotely such as telemedicine, are now faced with how to properly extend HIPAA security controls to the home office network and devices. Many vulnerability analysis solutions that once crawled the network to ensure a safe internal operating environment must be extended to the desktop in a way that is unobtrusive and effective. Lastly and most importantly, companies must have a data encryption plan to ensure data protection at rest and in transit. Most client agreements make this a mandatory requirement. Yet, the likelihood of sensitive data being transmitted in an unencrypted state is significantly greater in the new operating environment and must be addressed.
Historically, companies have enabled remote connectivity with traditional VPN clients. However, these legacy VPN networks were quickly overwhelmed at the onset of the new remote workforce. This impact forced some companies to quickly expand their capabilities, or implement new cloud-based authorization models for accessing and hosting resources in a secure manner. With the vast number of layoffs that are occurring, removal of access can be even more critical than granting new access to resources. Companies must re-evaluate their access control procedures to ensure that revocation of access for terminated or furloughed employees is occurring in a timely manner.
Collaboration and Data Access go hand-in-hand. Simply being able to communicate effectively with your team is one thing but being able to collaborate on work product with your team and share ideas is the new norm. Without proper vetting and communication of collaboration tools, users will likely take it upon themselves to find cloud solutions that meet their needs. This can lead to multiple software products that perform the same functions, with replicated costs, also known as shadow IT 2.0. In order to address these circumstances and improve access and collaboration capabilities, a number of our clients are transitioning all internal file shares to Google Drive or Microsoft OneDrive and expediting their cloud adoption plans to remove the hub and spoke dependencies with the central business office.
Typically, data is stored in locations based upon its use and how it should be protected. Highly sensitive data is stored in network segments that are more protected than others and permissioned in a manner that is highly restrictive. These normal business processes are now challenged with a remote worker who may or may not be on the network and who may or may not be using a company approved device. Storage techniques are also more difficult when it comes to backing data up. Tape rotations typically require a person to physically move tape cartridges around. Likewise, network storage locations that were heavily used with users in the office, are now continued to be frequently backed up even though the use of those locations may have drastically changed. To address these challenges companies must create data storage plans to help end-users understand where and how to store critical company assets. Users should be properly trained (and restricted) on where to store documents to promote better security and collaboration.
The Return on Investment (ROI) and Reduction of Risk (ROR):
Few organizations found themselves prepared for a global pandemic. Protecting ourselves from the illness alone is one thing, but the ripple effects of COVID-19 will have an impact on social interactions for generations to come. In addition, organizations have had to do more with less and reduce staffing volumes to address declining revenues due to social distancing and isolation requirements. We anticipate that the longer companies are socially distanced and working remotely, the less likely they will be to require brick and mortar in the future, especially if they are not servicing customers at their physical office location. Therefore, the ROI is relatively simple. Companies must understand what impact the new remote working environment has had on productivity and must find creative ways to return productivity levels to pre-COVID-19 standards. For example, if a company of 100 employees with a fully burdened labor rate of $50 an hour experiences a 10% drop in productivity in the new remote working environment, then the net annual impact to cost of goods or services sold has just gone up by $1M. Understanding what the impact has been to your company will help ensure that all necessary stakeholders are educated on the potential impact to the organization and underscore the need to become laser-focused on how to address some of these new operating challenges. Not addressing items such as data access, data security and data storage generates a considerable amount of risk that must be managed and reduced to an acceptable level. At InfoCycle, we’ve helped a number of clients address these challenges and we look forward to partnering with you on your journey.