Skip to main content

The response to a global crisis – four phases of CIO activity

(Image credit: Shutterstock.com / Pressmaster)

It is now 12 weeks since the UK workforce was told in no uncertain terms – “Unless you are a critical key worker, you must work from home”. That was the catalyst for the most seismic change in working patterns in modern times – according to the Office for National Statistics – the proportion of the workforce that were regularly working from home went from just over 5 per cent in 2019, to 48 per cent according to the Business Impact of Coronavirus (BICS) survey carried out in early April. The herculean efforts of IT teams and their leaders, communications providers and individual employees that enabled this to happen has been really impressive – and at the time most of us were too caught up in delivering against unprecedented deadlines to really appreciate the scale of the achievement. But as time has progressed, as a result of conversations with many of our customers, along with leading technology vendors and analysts, a common pattern has emerged and I have identified four key phases of the response.

Phase one – “Holy crap”

Even the most comprehensive business continuity plans did not anticipate the scale of the challenge presented by the almost total “lock-down”. Most plans that included pandemic flu contingencies were based around the proportion of their workforce being unable to work, or regions being impacted – not the whole UK. Most scenarios foresaw situations where snow or flooding might prevent access to a site for a few days, or even that a single site might be destroyed by fire. But no access to any offices? At all? For months on end?  I’ve not spoken to a single CIO who had that on their list of disaster scenarios.

I’d categorise the immediate need in Phase One to be “We just need to be able to answer the phones and respond to emails”. Some pretty blunt tools were used to achieve this – diverting telephone numbers to mobile phones, scrambling some additional laptops or Chromebooks out to previously desk-based employees.

Obviously, many organisations already had a sizeable number of employees who worked remotely some of the time. The ONS suggests that about 12 per cent of the population occasionally work from home – that’s about 4 million. They already had laptops and mobile phones, almost certainly Virtual Private Network (VPN) access into company systems, and many had access to telephone and conferencing service through apps on their laptops or mobiles.

But the gap between 12 per cent and 48 per cent is huge – and that scrabble – often for the first tool that came to hand – was by and large successful. Obviously, there were some environments that were a lot more challenging than back office and knowledge workers – we’ll come on to contact centre later…

Phase two – Can we do this a bit better?

Phase one was – by necessity – quick, and by and large effective. But in Phase Two I started to see CIOs think “Things are going to be like this for some time – how can we make things a better – our people more effective, and our services as near normal as they can be?”

This was where we started to see the widespread deployment of “soft-phones” – app-based access to the company telephony systems and contact centres, enabling employees to make and take calls from home as if they were in the office. That led to the next hardware scramble – the challenge to get hold of headsets and personal audio speakers – which were almost as rare as toilet-roll and flour in early April.

Of course, telephone calls are important – but phase II saw the start of a change that I personally believe will be irreversible – the change to “video first”. We’re used to seeing people when we talk to them. We know what the inside of our colleagues’ houses look like. We’ve seen their kids, their spouses and their pets. We’ve done the same with many of our customers, our business partners – not to mention “people off the telly”.

Cloud-based video services such as Microsoft Teams, Cisco WebEx, Zoom, Avaya Spaces have become as much an everyday tool as our phones, laptops and pen and paper. These companies also played a huge part in helping the world transition to working remotely – all the ones I’ve mentioned above introduced free or heavily discounted services and they were used everywhere from our homes, to News at Ten, to Parliament to Buckingham Palace.

A lot of organisations also had to scramble to increase secure remote access to their networks and systems. While many business applications can be access directly over the cloud, using the internet rather than the corporate network – some still require authentication on the internal network and additional Virtual Private Network (VPN) licences and internet capacity was needed.

Contact centres presented a particular challenge – while some of the newer cloud-based “Contact Centre as a Service” offers allow agents to connect directly over the internet using only a browser, that does not apply to the vast majority of installed seats. For the lion share of contact centre agents, enabling remote working invoices a software client to be installed on the agent’s PC and a VPN connection back to base. And that’s just to get voice working. And then once the customer can talk to the agent, the agent also requires access to business applications they need to service customer requests. Couple this with the fact that the majority of contact centre agents will not have a company laptop, support contact centres was the biggest and most complex scramble for a lot of organisations. Sourcing laptops, PCs, headsets, monitors and associated licences was a major project for many. Couple this with the fact that many most overseas BPO partners were simultaneously experiencing similar if not even more severe lockdowns than the UK – the pressure on contact centres has been enormous.

Phase three - “Ah – I forgot about that..”

Now here, I am being a little tongue-in-cheek – IT professionals, CIOs, Data Protection Officers and CISOs did not “forget” about security during the scrambles to keep businesses function in the immediate aftermath of the lockdown instruction – but many made pragmatic decisions to enable services to be up and running quickly – at the expense of perhaps the more belt-and-braces approach to cybersecurity.

Mass homeworking presents many challenges – how do you ensure the relevant security patches and upgrades are deployed? How do you protect data in the less rigorous security environment of the home WIFI network? how do you adhere to PCI, GDPR and other standards without many of the physical control measures that are commonly in place? Add to that the “coal-out-of-the fire” effect of having employees working on their own – does that make them more likely to click on the very plausible looking link to “COVID-19 ESSENTIAL UPDATES” that could put your entire network at risk?

Phase Three is where many business are now – making sure there are adequate controls and tools in place to protect employees, networks, systems and data in a new world where networks and data are spread right across the UK in flats and houses, attics and “shed-offices”. Advanced endpoint protection, DNS filtering, two-factor authentication and anti-malware have been some of the most useful tools in the CIOs armoury at this point.

Phase four – Never again!

I detect two distinct aspects of this final phase. “Never again will we be caught out like that” is a common theme – business continuity is unlikely to feature in the “if we’ve got budget left-over” category anymore – it is going to be front and centre. It will inform all aspects of IT strategy – network architecture, cloud vs on-prem, browser vs thik-client etc. All IT procurement will provide for business continuity, and internal digital transformations will be accelerated.

But the second, and more enduring impact of this whole crisis for IT and the world of work is that “things will never be the same again”. Phrases like “The New Normal” are used so frequently that they themselves seem old-hat. But some things are clear – we have proved, beyond doubt, that organisations and function with spectacularly higher levels of remote work than ever before. We will move – at least as enter the transitional stage of a phased return to the workplace – from a situation where an employee has to justify working from home, to one where they will have to demonstrate a genuine need to be in the office. In the medium-term at least, the office will be the place we go to meet and to collaborate – not to “work”. Social distancing on its own will necessitate a re-imagining of the workplace. But I believe in ultimately office space will have fewer desks (hot or otherwise) and more facilities for staff to meet with each other, with customers and with business partners. There will be a need for hybrid working – supporting groups of employees working in the homes collaborating with employees in the office at that given time. This will require additional technology and physical infrastructure in the workplace, as well as a lot more time given to scheduling and coordination.

As to Phase Five – that remains to be seen. For the hundreds of thousands who have lost their lives and the millions who mourn them, for the children whose education has been interrupted and for everyone impacted by the economic disruption that is clearly to come, musings about the future of work are of little importance. But collectively, and globally - we have proved beyond doubt the old adage that work is not a place we go – it is a thing we do.

Rufus Grig, Chief Strategy Officer, Maintel