As we enter the second month (from an IT perspective) of our COVID-19 pandemic response we thought it useful to reflect on what we have observed and our predictions for what’s next for IT.
Black Swan vs. Gray Rhino
Mark Staples, Senior Vice President and Chief Information Officer at College of Charleston used the terms “Black Swan” and “Gray Rhino” to describe how we saw the onset of the COVID-19 Pandemic.
A “Black Swan,” coined by Nicholas Taleb, describes an event that comes as a surprise, has a major impact on an industry or world, & is often inappropriately rationalized after the fact with the benefit of hindsight. “The Black Swan: the impact of the highly improbable.”
A “Gray Rhino,” coined by Michele Wucker, unlike highly improbable black swans, gray rhinos are highly probable, high impact, yet neglected threats. “The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore.”
The COVID-19 pandemic is a “Gray Rhino” from the perspective of IT. We have been talking about pandemics since H1N1, SARS, and Ebola. It was only a matter time before the impact of a deadly pandemic was felt in the US. IT departments should have done some level of preparedness, even if non-IT management didn’t take past threats seriously.
Strategic, current, well-prepared companies and IT organizations executed their plans, rapidly turning their response into “business as usual.”
For Harvard Partners‘ clients, and others we talk with, work-from-home quickly became business as usual. This was not a significant obstacle for our clients.
We lose sleep over two things. Home, local, and state technology infrastructure failures and IT staff health and mortality. While mostly out of our control, we need to account for this as we consider how to revise Business Continuity and Disaster Recovery plans with lessons learned from current experiences.
Long-term work-from-home was never seriously anticipated. We need to quickly consider how to deal with the failure (Disaster Recovery) of the home networking environment. This is not simple.
With companies’ dependence on technology business risk now equates to technology risk.
Many client projects seem to be proceeding. Companies not directly impacted by COVID-19, and still generating revenue, are attempting to continue with their IT plans.
We see layoffs, furloughs, salary reductions, and late payments from our clients. We are starting to see client staff impacted, directly or indirectly, by the virus. It is important to be sensitive to the human factor involved with this situation. As IT people, we traditionally worry about death of systems and not people.
Technology Services and Applications
When we do IT Assessments our high-level methodology focuses on People, Process, and Technology. We look at Pandemic response using the same approach. About two to three weeks prior to the World Health Organization (WHO) declaring COVID-19 a pandemic, we drafted specialized COVID-19 Pandemic Response plans for each of our clients. As most had reasonable Business Continuity plans, this was about creating Pandemic triggers (WHO stages) and company responses.
During the first two weeks we focused on making sure people and processes were in-place and were working correctly. Once client staff was sent to work-from-home we turned our attention to technology availability, adoption, and obstacles. We identified the following technologies as being most critical and most challenging.
We judge clients as being in good shape when we see critical technologies and applications working flawlessly and their focus being turning challenges into mainstream technologies.
“You Can’t Manage What You Can’t Measure”
At Harvard Partners, we pride ourselves on fact-based decision making. Certainly, an interesting concept to apply during a Pandemic where the most credible fact is there aren’t a lot of facts.
Clients are looking for a way to measure external impact so they can do some form of planning.
From a business perspective you need to separate fact from emotion to produce quantitative metrics. From a people perspective, you need to measure qualitative, emotional, responses.
Performing risk analysis using local data produces better results than working off Federal and State data. The idea is to measure your response relative to conditions where you are doing business.
Very early, Harvard Partners identified COVID-19 as an impactful pandemic. We pushed our clients with early response plans, training, coaching, and actions. They experienced little business impact.
We are now using the death growth rate as an indicator of when we start down the other side of the curve. Why the death rate, you might ask? From our point of view, it seems to be the least contested number. We know it is probably an under estimation, but we are looking at trends, so it should be fine.
Technology Winners and Losers
While we believe it is a bit early to make predictions, Harvard Partners’ clients are asking our opinion as to what will change when this is over. We have started considering those technologies enabling successful and rapid pandemic response and those hindering IT’s ability. Coincidentally, these technologies, and the people and processes used to select them, are some of what drives high-performance IT organizations.
Our cloud clients fared much better than those relying on old, traditional, on-premises data centers, phone systems, and desktops. Besides the flexibility to access from anywhere, our clients easily scaled to accommodate their whole firm in a work-from-home situation. When staff returns to the office, they will scale back down.
While Harvard Partners has its roots in the Financial Services industry, we pride ourselves on learning from other industries. No one industry or IT department has a monopoly on getting this right. Here are a few industries currently impressing us.
Colleges and Universities
The ability to rapidly mobilize, implement large-scale collaboration, quickly train large groups of people, partner with vendors, openly share knowledge and best practices across institutions, and implement strong incident management and communications allowed colleges and universities to send thousands and tens of thousands of students, faculty, and administrative staff home in about a week. Combine this with college IT departments a fraction of the size of corporate IT departments, and it is a feat worth celebrating.
A discipline barely established and without much traction leveraged existing solutions and end-user transformation to turn a minimally viable alternative to a person-to-person doctor visit into an important solution.
Managed Services Providers
The Managed Services vendors used by Harvard Partners all mobilized quickly. Anticipating client’s needs, they rapidly scaled up Help Desk operations and reassigned engineering resources providing more resources and tiers of support to assist users in the transition from office to home.
There are plenty of other examples of organizations demonstrating the creativity and flexibility to transform IT in support of changes in business operations. Companies success during this Pandemic is mostly due to IT’s success.
What Surprised Us?
While Harvard Partners knew enough to push clients early, we were surprised by some current outcomes.
People’s rapid acceptance and flexibility to work-from-home was totally unexpected. While there were naysayers, most people figured it out within a day. We shouldn’t be surprised as we saw something similar during 9/11, although it was only for 3 – 5 day duration. We never practiced multi-day, week, and month work-from-home scenarios before and it turned out our planning worked!
Unexpectedly, staff desperately wanted to work in the office, even at the risk of death. This forced IT departments to consider the human aspects of Business Continuity. Not everyone wanted to work from home.
We observed executives unable to “take charge.” It wasn’t a lack of leadership, but a lack of training in incident/crisis management. This became a detriment when simple decisions became complicated and quick answers took days of debate. We had one client where, after a month, we still can’t tell who is in charge.
As Business Continuity experts we never expected certain business functions would come to a dead stop (e.g., Business Development) and others would be at capacity. We assumed a Pandemic would impact all groups the same way. The same was true for segments of the economy being devasted rather than everything being devasted. We had to adjust our planning to these special situations.
Responsiveness of state and local government was a pleasant surprise, while the federal government confusion was a shock. We were forced to track conditions and regulations within each state in which our clients are domiciled and doing business. Some Continuation of Operations (COOP) plans needed to be tweaked to accommodate conditions in different geographic areas. A bit of a challenge and a bit of a moving target, but not impossible. This was the same behavior during the Boston Marathon Bombings on a very single, local level.
For those companies leveraging offshore resources we were surprised by the inability of those resources to be productive. No one considered the requirement for offshore resources to also work-from-home. Most secure connectivity between US companies and offshore resources occurs directly between an offshore company office and a US company data center. Security is controlled end-to-end. Send people home and connectivity is lost, and work can’t be done. Not all Harvard Partners’ clients have offshore resources, but most of their vendors are impacted by this.
The number of clients continuing existing projects and starting new, cloud-based, projects such as cloud migrations, desktop-as-a-service, and cloud telephony was pleasantly surprising. It spoke to confidence in IT, technology, and vendors with whom we partner.
Predictions For The Future
We are constantly asked the question about what is going to happen when this is over and how should IT best prepare. It is early to know all the answers, but we see certain patterns emerging and have identified the Harvard Partners “Top 10” list of post-pandemic changes IT departments post pandemic.
- Rewrite Business Continuity and Disaster Recovery plans with more operational detail and more attention to cybersecurity. These plans need to be thoroughly tested and testing will be frequent, more comprehensive, and for longer durations. Greater scrutiny will be placed on results and remediation.
- Work-from-Home will be the dominant Business Continuity solution. The distributed workforce will be a reality for many companies as it reduces business risk.
- Disaster Recovery and Cybersecurity for the work-from-home environment will need to be created.
- Bring your own device (BYOD) approach to client technologies will probably be replaced with company issued laptops and other devices. IT’s inability to manage home environments is one of IT highest risks currently.
- What Y2K was for 1980’s/90’s technology, COVID-19 will be for 2000’s/2010’s technologies. Legacy technologies will be rapidly replaced with those supporting secure cloud, remote access, software as a service, and collaboration. Hardware sales to businesses will drop off.
- Supply-chain alternatives will be factored into Business Continuity planning and companies will move toward maintaining inventory of critical hardware, such as laptops. Licensing for work-from-home products will no longer be a small percentage of production levels. Companies will not wait for a crisis to make sure they have proper capacity.
- Cloud, Office 365, Software-as-a-Service, and Desktop-as-a-Service projects will be in high demand. Delivery will lag demand as resources skilled in these technologies will be sparse.
- Incident Management and “Command and Control,” which fly in the face of company cultures, will become prevalent and well-rehearsed.
- Video conferencing and remote, cloud-based, desktops will become prevalent with 7×24 Managed Services providing availability and support.
- Laptops will replace desktops.
Tactical IT Organizations Will Become Strategic
In order to deliver these changes and recognize the importance of technology in business continuance, IT will need to change in the following ways:
- CIOs/CTOs will be given an equal “seat at the table.” CIOs and CTOs must embrace the change and learn to behave as business leaders. The CIO/CTO role will be redefined with less of a focus on technology and more on business enablement and risk mitigation. In larger IT shops, many CIOs/CTOs already define themselves as business people. This will change IT in small to mid-sized shops.
- As it is recognized IT is critical to the business, so too will IT risk be seen as more impactful to the business. IT will be judged differently, and business leaders will have more of a say in IT risk.
- Cloud and Managed Services will become mainstream, and IT organizations will be forced, by business leaders, to stop rejecting them. IT will argue this adds risk while business leaders will argue it reduced risk. Business leaders will win as they cite competitors having their IT in the cloud.
- Expect local concentration of IT staff to be discouraged and regional diversity via consultants and managed services vendors to be the norm. This reduces IT risk.
- CEOs and Presidents will engage “Big Think” organizations to assist IT in planning and making these transformations. IT will not be happy.
- Traditional concepts of “the office” and meetings/conference rooms will change. Work-from-home will start to replace the acquisition of additional office real estate for companies. IT will be challenged because they can’t control the work-from-home environment.
- Business customers, who are technology naysayers, will adapt to paperless statements, online deposits, etc. The motivation will be much stronger than “going green.” This will drive companies to become “digital.” IT leadership will be forced to change behaviors within their companies to reflect this digital shift. IT might not have the skills for this transformation.
- IT budgets will increase but IT staff will decrease during a depressed economy. IT must become creative in order to innovate under these conditions.
- For traditional IT departments these change will come quickly and be very difficult. IT will not be happy.
Thoughts on IT Preparedness
COVID-19 will, most likely, impact us in waves. People will be impacted at different times and in different places. Testing is still far from capacity and manufacturing of a vaccine for all is at least a year away. This could go on for a while.
High demands on IT and non-IT staff to be better prepared for work-from-home scenarios should be expected as we near the end of the first wave. We will have learned a lot, and companies will want to use the end of one wave to fix what is broken.
Start thinking about Disaster Recovery plans for critical and non-critical work-from-home staff. As an example, what happens if internet fails in a locality? The work-from-home Internet vendors need to be considered business vendors and should have identified risks and risk mitigation plans.
Cybersecurity policies, procedures, and standards need to be developed for work-from-home staff. Consideration of cybersecurity tools useful for work-from-home scenarios is also needed.
CEOs talk. Those IT departments not using Office 365 and the cloud will be pushed by their CEO’s and Boards. IT should get ahead of this. If you are not already there, start planning your move to Office 365. Don’t burn internal resources to make this happen. There are many companies with the skills and experience to do this right the first time.
“Digital Transformation” is the key to IT’s success during a pandemic response. CIOs and CTOs must plan and lead the charge towards moving organizations and customers away from a physical presence (e.g., offices, paper statements, paper checks, printed documents, pen-based signatures, etc.) being the only option for business survival. The notion you can be 100% digital has been challenging for most IT leaders.
There will be double-digit unemployment rates and some form of recession. Plan for how this impacts IT. We recommend being prepared for IT staff reductions.
Start building a new IT/Technology Strategic plan, responsive to the current reality, and cognizant of external and internal business changes. Don’t base current strategic plans on past plans. The world has changed.
COVID-19 created a new business as usual.
Paperless statements, ATMs, online and mobile banking, online classrooms, telemedicine, work-from-home and other methods of a “digital organization” will become closer to the norm. People, of all generations, will learn and use these technologies.
It is time to move past our “pandemic responses” and prepare for this new norm. This will happen rapidly.
IT needs to be on top of the “tectonic shift” occurring within businesses driven by technology. IT leadership has the burden of rapidly evolving their organizations.
This shift is occurring during times of high unemployment, business failures, and sickness and death. Even the best of IT organizations will be challenged to get what they need to meet new business demands.
IT needs to adapt, plan, prepare and communicate.