Why (and How) IT Should Re-Evaluate Its Business Pandemic Planning
The business pandemic planning you did in the spring was likely not the most secure or sustainable.
If you’re like many IT pros when the COVID-19 pandemic first hit, you scrambled to help your organization transition to remote work in response to the pandemic. In your haste to maintain business continuity, your business pandemic planning may have included some things that weren’t exactly ideal--loosening firewall settings, for example, or tossing systems into the cloud without fully evaluating the cost and performance implications.
You knew these were not best practices. At the time, however, you didn’t feel too badly about taking these shortcuts because you thought they were short-term solutions--that the pandemic would come under control and that IT systems would return to normal soon enough.
That didn’t happen, of course, and now you’re confronting the reality that it may be years before the way employees work--and the way IT systems need to run to support them--look like they did at the start of this year. Even if some or all of your users are currently back in the office, you need to be prepared to transition them to working remotely again, should the need arise.
This unfortunate business pandemic planning reality is not within the power of IT pros to change. However, what IT pros can and should be doing is evaluating the strategies they developed to support remote workers earlier this year, and making sure they enable success for the long haul. Many of the strategies that IT teams implemented early in the year, when the pandemic seemed like it would disrupt on-premises operations for only a few weeks, are not sufficient to support remote workers and protect business operations in the face of indefinite disorder.
Here’s a look at how to assess the IT strategy you developed for pandemic planning, turn temporary shortcuts into long-term solutions and ensure your organization is ready to respond to any remote-work challenges it may face in the coming months and years.
1. Review your network perimeter.
In the rush to allow employees to work remotely, the perimeter that separates your on-premises resources from the internet at large may have become weaker. You may have loosened your VPN configuration to make more systems available to remote users. Or perhaps you disabled the VPN entirely and made some resources public-facing, so that your users would not have to contend with the challenges of installing and configuring VPN clients at home to connect to the office.
You probably already know that these configurations are poor from a security perspective. It’s critical to enforce a strong perimeter between local resources and external networks. Requiring a VPN to connect remotely is a basic best practice toward this end, but you should also make sure that connecting to the VPN doesn’t give every user unfettered access to your entire internal network. Instead, configure the VPN so that only those resources that employees need to work remotely can be accessed through the VPN gateway.
More generally, make sure firewall and routing rules lock down access to your network from external hosts. Today, virtually no workload other than web applications that you serve to the general public should be directly exposed to the public internet.
Enforcing these configurations may require that you educate your users on how to connect remotely with more rigid network settings in place, but they’re critical changes to make. You can’t operate indefinitely with a weak network perimeter.
2. Audit your data.
Another temptation some IT teams may have given in to early in the pandemic was allowing their users to take liberties with how and where data was stored. Some employees may have been allowed to copy data onto portable disks. In other cases, employees may have downloaded sensitive business data to their personal devices while working remotely, without understanding the security and compliance implications of doing so.
Now is the time to audit the data configurations your business has in place and make sure they are not exposing the organization to critical security risks. In general, there is no good reason for business data to be stored on private devices or portable disks. It should instead be restored to secure file servers running in your own data center or the cloud.
3. Find a remote-workstation solution that works.
For many companies, the path of least resistance for keeping employees working early in the pandemic was to allow them to use personal devices to log into their on-premises workstations using a protocol like RDP. This approach eliminated the need to purchase new devices (which have been in short supply during the pandemic) on which employees could work while out of the office, and to migrate applications and data from in-office workstations to remote devices.
This strategy worked in a pinch, but it may not be the best solution over the long term. Not only does RDP pose some security challenges, but there may be better ways to give remote workers access to workstations. Cloud desktops, for example, allow employees to access their workstations using the same procedure, whether they are working in the office or at home.
4. Revisit your video conferencing strategy.
The pandemic transformed Zoom from a relatively obscure video conferencing solution to a platform that even the least geeky office worker now knows and (sometimes) loves.
At the same time, Zoom and similar solutions turned out to be plagued by security flaws that few IT teams had seen coming. Still, many companies continued to rely on these platforms because keeping their employees connected was their main priority.
Given that it may now be years before a majority of meetings are no longer conducted using video conferencing, it’s worth re-evaluating the remote-meeting tools your company has in place. Maybe you’ll find an alternative platform that offers lower costs or better performance than the one you defaulted to at the start of the pandemic. Or perhaps you’ll choose to keep your current solution in place, but will lock it down by enforcing rules such as disallowing file sharing and requiring meetings to be protected with passwords by default.
5. Rethink your cloud strategy.
The pandemic has become yet another reason to migrate workloads to the cloud, where they can be accessed easily from any location. If you’re still stuck in the pre-cloud era, now is high time to explore a cloud migration strategy.
But even if you are already making heavy use of the cloud, you may find it valuable to revamp your cloud strategy as part of your business pandemic planning. For example, perhaps you’re currently using a conventional public cloud architecture, but would benefit from migrating to a hybrid cloud solution that gives you more flexibility to move workloads between your own data center and the cloud without fundamentally changing the workload configuration. There may also be new types of cloud services, like cloud desktops or hosted productivity suites, that would provide the flexibility you need to develop a resilient IT strategy.
Conclusion
If you made changes to your IT systems during your earliest business pandemic planning that you’re not proud of, you’re not alone. At the time, keeping businesses running as employees worked from home was the order of the day.
Nonetheless, chances are that whatever you set up in the spring is not optimal from a cost, security or performance perspective. Because it may be years before you can fully restore the on-premises IT operations you had in place before the pandemic--if they ever come back--now is the time to ensure that your pandemic-era IT strategy will protect your business’s interests over the long term, not just for the short-lived disruption that we all once hoped the pandemic would cause.
About the Author
You May Also Like