Cloud- and internet-based solutions are sustaining the remote workforce, but there have been some hiccups along the way.
Zoom and Slack experienced outages earlier this week, interrupting some companies' operations.
Companies are adapting IT infrastructure to handle the increased load at the same time risk management organizations are assessing new solutions or the continuity of existing ones.
"I don't think anyone really sat back and considered the impact to the internet infrastructure of just about everybody suddenly going home to work. You know, the internet's your friend until it's not," said Duaine Styles, SVP and CISO of Globe Life, while speaking during the virtual GRC Summit last week.
Enterprise customers feel the impact of a technology failure just as much as the vendor working to remediate it. With indefinite remote work for knowledge workers, it requires risk assessment with sufficient capabilities to support abnormal conditions — whether at home or back in the office.
There are "certain lessons learned throughout this process of how security needs to work with the business," said Stuart Frost, head of Enterprise Security and Risk Management at the Department for Work and Pensions (DWP) in the U.K. Government, during the panel.
"We're not here to say, 'We're here to enable your business;' we're able to embed with them," — security is woven into every decision, said Frost. Risk management looks at security controls or presents alternative controls that work better with the business. That way, "when it comes to assessing the risk, that design is secure enough."
A pandemic wasn't on the to-do list
When Tamika Puckett took on the role of chief risk officer for the City of Chicago, a pandemic did not top her list of risk assessments, she said during the panel. But Puckett was familiar with cleaning up after a crisis.
Puckett came to Chicago after serving as the director of the Office of Enterprise Risk Management for the City of Atlanta, when it was hit by a ransomware attack. The cyberattack shut down the city for several weeks, leaving city council employees sharing a "single clunky personal laptop."
Continuity of operations and cybersecurity was top of mind for Puckett, and for CROs of other cities. But a pandemic "was probably in that top left quadrant," of a heat map, where it could have high impact but was at relatively low risk of occurring, Puckett said.
Organizations searching for technology in the midst of a crisis are turning to risk management to evaluate projects and accelerate the approval process. "We had to sort the ideas out from those that were a real piece of work that we could get going on. It was extremely difficult, and we had to turn all these around within 24 hours," said Frost.
For Frost, the biggest challenge was dealing with the increased volume of initial requests. "It could be something as simple as being able to print at home," or if the solution already exists. The organization had to overcome, yet adhere, to strict controls and security policies. "It's an entirely new way of working."
Now some organizations are entering their next phase of the pandemic: reentry. "It was a lot easier to close and send people home. It has proven to be a lot more difficult and challenging to turn the switch back on," said Puckett.
As new conditions unravel at different rates, integration of risk management will make sure the processes developed in lockdown are as sustainable as the country emerges from COVID-19, said Frost.
Organizations with established risk management prior to the pandemic likely had an easier time navigating changes, according to the panelists.
"This will not be over soon. And increasing resiliency of your operations is going to be about, from this point forward, using your integrated risk practices to make good decisions," and establish a culture of trust and transparency, said Styles.