Ensuring your company’s IT systems and services are resilient enough in a post-COVID business landscape

By Adrian Overall, CEO of CloudStratex

[1] Now COVID is with us, what else might businesses be fearing in the future when it comes to disruption to their IT systems and services? What scenarios are businesses genuinely fearing here?

There is no doubt that COVID has challenged and also accelerated the adoption of next gen technology to support a workforce that overnight became remote. The pandemic has ushered in an era where your place of work has become less important than your ability to do work for the greater proportion of corporate workforces. The systems and resources that enable workforce productivity have been adopted at a rate not before seen and have enabled many businesses to transition to location independent capability with the advantages and disadvantages of such an enforced strategy yet to be really understood.

[2] How did COVID-19 trip up so many businesses?

Much of what we see now as the norm in the short two-year period that the pandemic has been with us for had been sleeping on test benches, proofs of concept and modelling scenarios where business cases were being dreamt up around productivity, building closures and flexforces. Most of that is a reality now and the fact is that the pandemic accelerated some of these nascent initiatives. On the downside many companies did struggle to transition with poor stress testing regimes, poor capacity planning for unforeseen events and many left with significant bills as they had to adopt at pace and write cheques that perhaps with some planning and modernisation agendas would have been less impactful.

[3] What is the state of contingency planning for IT and how does this compare to the state of contingency planning physical assets?

I think events like this give everyone a wakeup call. There is no doubt that IT has become the lifeblood of many organisations as it enables work to be done whether it be the ability to run programmes and software, manage warehouses, plan inventory, collect cash or any other myriad things that define business. In the past, the ability to recover and ultimately continue business was a board level imperative but there is no doubt in my mind that the cloud has diminished the corporate paranoia that exists around this and with that it seems to have drifted off the radar. The pandemic asked some hard questions about the contingency put aside for events such as these and many were left wanting.

[4] What specific changes should businesses make (and what changes are businesses making – any examples?) to ensure their systems are proofed against future shocks.

I am not sure you can prepare for any eventuality, but you can ensure that you understand your exposures by going through a series of scenario planning and modelling exercises. There are a number of macro factors that you should understand as a business in the event of a major disruption and as such you build process to mitigate based on your risk appetite. In general we have seen a number of recent events catch the laggards unaware with systems that neither have the right level of capacity to cope with surge or the security to protect against malicious attacks. These are own goals in the scheme of things and demonstrate a lack of understanding by senior board level stakeholders of the implications of not ensuring that they understand their IT landscapes. Prevention is better than cure.

[5] COVID-19 poses little threat to most people with healthy immune systems. If we apply this idea to computer networks, what does a ‘healthy system’ look like?

The analogy is somewhat tenuous as the two things are completely different. However, comparisons can be drawn in the following:

1. The health of the individual and that of the network are determined by what they come into contact with. So firstly make sure that entry and exit points in a network are protected and any potential gaps are plugged. So who you come into contact with and how that contact manifests is critical to ensure that health of the individual or network is maintained. That means patching regularly, applying security updates regularly and keeping systems up to date.
2. Isolate problems. As with Covid you need to isolate infected areas of your network as soon as possible and make sure that contact is minimised. The key is not to allow transmission across boundaries so that adjacent networks or subnetworks don’t become infected.
3. Diagnostics. Perform regular testing to determine the health of the network and ensure nothing malicious has got in; ensure you have contingencies and rigorous procedures for dealing with an outbreak.

[6] With technologies including AI and quantum computing rapidly developing, will this mean we can develop new digital antibodies for more resilient post-pandemic IT environments?

I am sure that many clever people are looking at predictive analytics and techniques for trying to ensure that we are able to foresee the future. The challenge of course, as discussed above is that you don’t know what you don’t know. There is no holy grail and perhaps we should be focussing on fixing the issues that we know that can protect us from some of the more obvious threats. I think we get carried away with the next silver bullet as an industry and as technologists we tend to lean towards these vs doing the basics well; so while we are away looking for the unicorn answers we are missing out on doing the genuine, robust and excellent fix in flight.