With the rapid spread of COVID-19 we have witnessed many organisations scrambling to deploy technology to support a workforce that has traditionally worked from the office. IT systems including networks, data storage, applications and security were provided for employees working in a structured office environment. Organisations had many months if not multiple years to consider their requirements, budget and plan for their IT systems. The global COVID-19 pandemic has torn this apart with organisations sending staff home and raising the proverbial office drawbridge.
Some have been prepared, where remote working was the norm. For many consulting & global technology firms, employees working remotely on the road is what they do. The difference is that they have had the luxury of time to design and implement IT environments to support a remote workforce.
The past month or so, in particular, has seen a rapid rise in organisations subscribing to cloud-based services such as ZOOM Cloud Meetings, Virtual Desktops, online data storage and to a lesser extent enhanced cybersecurity services. IT infrastructure and solutions have been hastily bolted on, and into existing environments without the usual planning, due diligence and risk assessment.
Yes, organisations have moved fast (‘cloud speed’ is a marketing term we hear a lot of) – they had to. No option not to. But what looked like a few dollars per user for Service A, a couple more for Service B and so on is quickly adding up to a looming disaster for many organisations. In the short-mid term, the impact is likely to be financial with reputational damage resulting from unintended consequences likely to have a longer tail and potentially a bigger and more severe bite!
Visibility is Critical – All is Not as it Seems
Many organisations lack real visibility into their traditional IT environments. Moving to a hybrid environment combining the old with the new (cloud) compounds the issue. This is where traditional CAPEX based environments, which by their nature were relatively easy to forecast collide with cloud-based subscription or consumption models. The ‘headline’ cost per user or widget and ease of deployment can lull organisations into a false belief that the cost basis is also known and therefore easily forecast.
We tend to see two major financial issues develop over time:
- Unused or abandoned cloud resources. It is extremely easy to provision a new service. These can be centrally procured, often in a matter of minutes through IT or your purchasing team, via a business unit’s (non-IT) budget or even on individual employee’s credit cards. Over time as staff leave, projects close down, and priorities change organisations can unwittingly be paying for resources that they are no longer utilising.
- Unanticipated/excessive consumption or usage charges. In addition to the static per-user cost, there are often hidden costs such as download costs (referred to as ‘egress’) that can rapidly accrue. This occurs when you move or copy data from one place to another. Before you know it you may find your organization paying cloud providers an extraordinary amount in usage fees.
Compute, network and storage are usually billed very differently such as hourly, by bandwidth or capacity – small inefficiencies add up quickly at scale.
A Sophisticated Adversary Will Seek to Cause Harm
Financial concerns aside, over the longer term the risk of reputational damage is a very real possibility. Hastily deployed services and solutions whilst getting the organisation through the mass transition to remote working will likely not have had the usual architectural rigour applied. We are not saying this is wrong, as it is currently sink or swim for many. We do however advocate going back and reviewing the deployment as soon as is practical though.
Two critical risks may manifest themselves:
- Customer Experience (Cx) – If you get the experience wrong there are ramifications that build over time. Cumbersome, slow or flaky connectivity and applications will wear your employees down and add stress to what will be an already anxious workforce. In the short term, your clients and trading partners will likely cut you some slack. Over the mid-long term though a consistently poor interaction or experience is likely to hurt.
- Cyber Attack – Connecting new cloud-based services opens or extends your network providing additional entry points for your adversaries. While you can hopefully trade your way out of the financial issued identified above, surviving a highly publicised cyber breach may not be recoverable. You are fighting an increasingly automated adversary who is not encumbered by corporate politics and has almost unlimited and cheap computing power at their disposal. They will seek to take advantage of vulnerabilities introduced with the recent deployment of a mass remote workforce.
Either way poorly planned, deployed & managed cloud services heighten the probability of an excessive and unbudgeted financial spend as well increasing the likelihood of negative reputational damage – both internal, and external to the organisation.
Thankfully, mitigating the above risks is not overtly difficult. In today’s world, with resources in play from your existing on-premise data centres through to multiple public cloud services it is imperative that you have the complete picture. You need to be able to monitor, optimise and secure your entire IT landscape.
There are monitoring tools and services available that do a very good job at addressing the above. Depending on your environment and circumstances hybrid cloud monitoring software such as NetApp Cloud Insights can go a long way to mitigating the risks addressed above. Having extended the boundaries of your network to include employees living rooms and home offices you need to ensure that your cybersecurity solutions are able to secure users from threats and risky applications. A good approach comes from Palo Alto Networks Prisma Access which allows users to safely access cloud and data centre applications as well as the internet regardless of their location.
Infrastructure Monitoring Services
You can acquire software solutions such as those mentioned above to mitigate the increased risks introduced by the rapid shift to remote working or leverage a third-party managed service such as our Infrastructure Monitoring Service which provides real-time data and insights into all aspects of an organisations complex on-premise, hybrid or multi-cloud IT environment. Our Rapid Deployment Team (RDT) can have you up and running remotely in no time to provide some additional peace of mind in these troubled times.
You should act now and contact your IT service provider to ensure you have mitigated any recently introduced risks. Alternatively, for a second opinion or to discuss further, please contact us for a virtual coffee.