As many companies throw away business plans for 2020 and contemplate the fight for survival, Tony Adams, Senior Director and Max Burrage, Senior Manager of Business Transformation at the Hackett Group, look at what you need to do now - in both the short and long-term future.

The global public health and economic crisis triggered by the outbreak of the COVID-19 pandemic has created an unforeseen and unprecedented set of challenges for organisations. IT organisations responded to the unfolding situation by activating business continuity plans, but most of those are designed to cope with the short-term, localised disruption of business activity. Additional actions are necessary to address the gaps and position companies to operate in an open-ended, rapidly changing scenario. 

What IT got right in its response 

Fortunately, the IT sector was relatively well-equipped to handle this crisis. IT has taken a number of approaches and actions to minimise disruption and sustain operations effectively. For example, investments in digital, agile infrastructure - modernised platforms and applications - have kept companies functioning and minimised disruption. Similarly, zero-trust architecture and multifactor authentication have kept companies safe, despite the vulnerabilities of working from home (WFH) environments and a massive spike in villainous attempts to gain access to systems. 

Continuity plans for epidemics and ‘practice’ WFH days have minimised worker frustration and unpleasant surprises and most third-party providers have demonstrated that they can deliver services during extended WFH periods. Prescient stockpiling of user devices and advance warnings to drop-ship suppliers provided the right tools at the right time to support widespread remote working. Relatedly, scalable service desk capacity managed the spike in calls from employees unfamiliar with remote access processes and tools.

As we all know, deployment and training for collaboration tools like Teams and Zoom have enabled teamwork to continue and group discussions to flourish. Ultimately, IT leaders’ standing team meetings have kept employees informed, helped manage their anxiety and brought a regular cadence to their days. Meanwhile, virtual team ‘happy hours’ have sustained a sense of family.

Response leadership

IT leaders correctly focused initially on people’s health, safety, equipment and tools to enable them to work from home. As this condition continues, leaders are starting to broaden their focus to employee engagement, sense of mission and camaraderie. The associated challenges of hiring and onboarding staff have also risen. 

Although IT offers little comfort at this time, IT leaders are also seeing new or heightened stakeholder appreciation for IT’s capability and importance. This can be leveraged to advance IT’s agenda, but this will require care and circumspection. On the bright side, the digital IQ of the entire organisation has risen manifold and this will reduce resistance to - and most likely accelerate - digital transformation initiatives that improve agility, scalability, security and productivity. 

  • In the immediate future: businesses must continue to keep employees informed through virtual town halls and similar activities while striving to avoid distracting, unfocused overcommunication. Wherever possible, be transparent over continuity plans, actions and timelines and crowdsource solutions for ongoing WFH support. This will require collapsing the leadership hierarchy to accelerate information sharing and adding cadence and opportunity for reprioritising via short, regular team meetings. Businesses should continue to promote healthy behaviours, camaraderie and engagement with workers’ home lives, be that children, pets, or anything else and offer flexibility regarding work schedules. It also helps to reinforce how IT employees’ work advances the company mission in this crisis to offer a sense of purpose.
  • In the near-term: businesses will need to assess their IT and business digital transformation plans and commit to accelerating areas that will improve remote working, agility, responsiveness and efficiency. They must also work with HR to set up remote recruiting and onboarding processes and leverage positive stakeholder perception of IT’s role and performance, to push for funding and timing of highly relevant initiatives previously resisted. It is also important to anticipate post-mortems and collect data and opinions that will be needed.
  • In the long-term: this crisis has emphasised the importance of prioritising digital deployments, particularly around key post-virus capabilities such as cloud for agility and security; AI / analytics for performance, liquidity and supply-chain visibility; and zero-trust cybersecurity to support more remote access. Businesses must also work with peer leaders and experts to plan how employees will return to offices and how operations may be permanently modified for post-virus reality.

Business continuity 

Working from home is now a sustained reality for most IT staff and office workers. The good news is that IT’s business continuity plans largely succeeded, leaving IT leaders feeling relieved and proud that so much went right despite the unprecedented scale of impact, which no plan anticipated.

Now, it’s time for IT to look at strengthening plans to work even better during a similar catastrophe. Leaders must also look to technologies that will reduce the impact of a similar catastrophe, allow increased capacity and look again at the use of manual workers, offshore and outsourced providers. 

  • In the immediate future: IT must accelerate equipment purchases because of supply scarcity, shipping delays and an anticipated rise in prices. For obvious reasons, IT must also adopt touchless hardware deployment and ensure all company employees have necessary licenses and access to collaboration tools. Businesses need to develop and regularly review critical IT staffing requirements for continuity and test with scenarios that include losses due to illness. Similarly, businesses which haven’t already done so should develop methods that limit the need to be on-site for technology deployments - for instance, using local providers and video or even VR training tools. Just as in the office, it remains important to assess staff productivity and any issues around meeting deadlines. 
  • In the near-term: IT must adapt performance metrics to ensure that they are relevant to work-from-home factors such as access and processing times and service desk performance. IT must also improve neglected or shaky foundational applications and platforms to ensure stability.
  • In the long-term: IT needs to incorporate lessons learned into a corrective action program to revise business continuity and business resiliency plans. Businesses must increase and accelerate the automation of manual processes to increase resilience and capacity, reduce reliance on individual workers and exposure to potential continuity risks associated with services delivered predominantly by people.

Risk management 

The coronavirus presents substantial workforce risk from direct illness or the need to care for sick family members. IT leaders should be prepared to fulfil essential duties with the loss of up to half of global staff. Security protocols must encompass an environment where the majority of workers connect from home full time for an indefinite period.

There must be reviews and education sessions on rules for accessing and using company systems and IP remotely. IT must also be prepared for the possibility of bad actors taking advantage of the crisis. The balance of 2020 will be one of financial risk for the enterprise and austerity for IT.

Even as they freeze budgets and hiring and slash costs, IT must plan to meet the inevitable demand for new, accelerated automation, security and remote access investment and new skills to help position the enterprise to rebound from a position of strength.

  • In the immediate future: IT must ensure that all company employees have licenses and access to collaboration tools, regardless of role or group. The department must also develop and review critical staffing requirements for continuity and test scenarios that include losses due to illness. As a preventative measure, IT should develop methods that limit IT needs for travel and need to be on-site for technology deployments, again potentially turning to local providers and video or VR training tools. IT must educate employees on evolving virus-related phishing and hacking threats and home environment vulnerabilities. Decision-makers should reassess technology project pipelines and determine which to accelerate, delay or stop, given the current circumstances. 
  • In the near-term: businesses should accelerate investments in infrastructure resilience against future pandemics and cross-train IT staff for better resiliency in a crisis. Unfortunately, businesses should also update their IT contingency plans for the potential of a deep, extended recession.
  • In the long-term: IT should identify opportunities to update security policies and practices. They may also need to amend contracts for variability in the scope and demand of services and their charging model. Financially, it will be important to re-evaluate contracts and defer costs that are not essential to operations in the balance of 2020 and develop or revise IT cost control or reduction plans for 2020-21. 

Managing IT in uncertain times

Uncertainty about the development of the coronavirus globally, infection rates, government responses and duration of the pandemic are high. IT leaders must consider that short term fixes are liable to become longer-term solutions. After the immediate response, which involves invoking business continuity plans (BCPs) and the necessary improvised responses, a longer-term plan must be developed that anticipates the possibility of future pandemics and drastic measures to contain them.

IT must also look ahead to how the business will endure a recession, recover and thrive in whatever the new normal will be for global enterprise. This IT-led, technology-enabled transformation may involve automation, company interdependencies, the role of a broadening service-provider ecosystem, the ability to work remotely and securely, as well as enterprise agility.