Exploring IT’s Critical Role in Business Resilience
As part of its response to the COVID-19 pandemic, TenFour has asked some leading team members to explore how our business partners and colleagues can overcome this challenging time. In the piece below (part one of two), Matt Jonson, TenFour’s Vice President of Design Engineering, shares his experience working for the U.S. Air Force amid adversity and his thoughts on how businesses might think about continuity planning in the face of worker displacement.
One of the great gifts that the Internet has brought humanity is the ability to collaborate anytime with anyone from nearly anywhere.
The COVID-19 crisis is reminding us of this tremendous value, but it is also revealing some of the limits of our current capability. The overwhelming need for business in this environment is to continue to operate, and in as virtual a way as possible. While colleagues may still be adapting to new circumstances and team leaders still learning to keep their teams unified, many businesses are fighting to ensure resiliency with continuity and disaster recovery plans. Traditionally, business continuity within Information Technology (IT) has been about keeping business data resilient and available throughout a crisis. However, we’re being reminded that business continuity is really about ensuring the resilience of the people to do work.
Every day more than a billion people around the world use tens of thousands of disparate platforms to seamlessly communicate via Internet Protocol (IP) packets from point A to point B. But ensuring that the employees who comprise a business are still able to work is about far more than passing data.
Many IT organizations have exhaustive, well-documented business continuity plans for their data, including the ability to take a whole data center off-line and continue to run. However, how many equally well-documented plans exist to provide continuity for worker displacement (like we are currently seeing)? Are there plans to ensure the supply chain communications to their vendors are intact and secure? Is there a plan to support virtual customer meetings that can temporarily replace face-to-face meetings? Is there a plan to ensure strategic executive meetings continue when the only room to meet in is a virtual one? What if an organization—especially a small- to medium-sized business—has no business continuity or disaster recovery plans in place to begin with?
I’m reminded of a time early in my career when I was building and managing IP router networks for the U.S. Air Force. The military is well-known for documented planning, but that doesn’t mean every detail is always sufficiently understood or communicated. During Desert Shield a vast number of troops were quickly moved into the Middle East to support Kuwait, and I planned and aided the communications build out of several Air Force Bases in the region.
The U.S. Army also had a plan to ensure routers were deployed to provide communications to their mobile units in the region, but without the benefit of building out fixed facilities like we had. They had generators, shelters and mobile wireless communications vehicles, and pre-assigned IP addresses for the routers, but they had neglected to inform every soldier who deployed with the routers who to contact to get them into production. I still don’t know how they got my phone number but the calls started coming to my desk. I made sure my team in the AF Network Operations Center could also support these calls in case they came in outside of primary duty hours, and I am proud to say we helped a large number of Army units get into production before they had all their own support sorted out.
The hallmark of the military when a plan breaks down is to improvise and get the job done, and that is exactly what happened in that scenario. Many great organizations will also do this, but the better the starting plan is, the easier it is to fill gaps and successfully finish. As can be gleaned from the recent flood of articles on the subject, in today’s unusual situation it’s clear that there must be a plan for ensuring the resilience of the business to do work. A few major trends have made this easier, including:
Migration of business applications to cloud SaaS and IaaS. These can be more easily reached by a user from “anywhere.”
Distribution of data services, via many providers, into many neighborhoods, often with competition. Many providers are not as likely to fail as a single provider.
Collaboration tool availability on many devices, including end-user provided devices.
However, there are also important risks that must be mitigated by the plan:
Security for corporate data on “any device”
Distributed user and tool support on “any device”
The good news is that the things making a modern Business Continuity plan easier to deliver are more powerful than the risks, but still those risks must be addressed. In a second, forthcoming piece I’ll discuss the security threats to resiliency and how businesses can defend themselves as they cope with current circumstances.
Copyright © 2020 TenFour