India Inc. had never faced a pandemic. Early March signalled changes are in order with fears of coronavirus spread. Fewer paid heed. The consequence: Enterprises are haltingly coming to grips with a combined jolt of nationwide lock down, employees’ remote working needs and lack of business continuity plans.
Well all wasn’t lost for everybody. Keyur Desai, CIO, Essar Ports and Shipping and his colleagues picked up on the initial signals and were gearing up for one of the most unanticipated challenges in recent times. While in conversation with ETCIO, Desai had only one mantra to quote repeatedly: Preparedness.
The current pandemic crisis and a strong message from the government about the complete lock down of India brings one perspective to all organizations: Remote working.
Top management of Essar guides business continuity, IT plays a vital role in the execution. Desai ensured three of the major efforts within the organization were planned and implemented in the last two-three weeks.
“Secure remote working is a key aspect. Second, this calls for preparedness for video conferencing tools, etc. This actually helps to ensure that your end users are in touch with their respective teams,” Desai said.
Fortunately, Desai didn’t have to plan on an immediate basis. “This was one of our strategies to have right, secured remote working options and solutions. While we weren’t prepared for this level of pandemic, we always had a buffer.
Right now, we have two different remote working solutions for our end users. We have started using SSL-VPN solutions and adding a layer of security, thereby ensuring a particular solution, applications and codes are opened up in limited buckets and to relevant end users,” he revealed.
Desai believes that while the last moment rush to get the licenses upgraded was always difficult, the preparedness gave a head start.
Third, an overall communication plan is important. “We figured out the right contact of each and every IT stakeholders, and the right escalation metrics where the end users are constantly shared in case of any situation or any requirement,” he adds.
Risk management in coronavirus crisis
Generally it is advised that the overall risk management strategy be more of a top-down approach. Desai opines that cloud solutions should be given more weightage.
“Cloud infra solutions will play a vital role. The dependency on the existing data center is reduced,” says Desai.
The overall monitoring aspects too need to be focused on. “While we have taken managed security service from our internal organization–AGC Network, however as there is complete change in the overall work culture, looking at the current situation, we need to have a different layer of monitoring to ensure the connected business applications are secure,” he adds.
Desai believes that the overall risk to the data has increased manifold as almost all organizations have opened their remote working solutions and options for their respective stakeholders.
“Also, ensure timely communication about phishing attacks. There will be bombardment of phishing emails with malicious attachments. So people should be aware of it and should verify the authenticity,” he adds.
Handling spikes in network
Three weeks ago, when there was a hue and cry of what is coming at us, Desai had a quick brainstorming session with the key stakeholders.
“We figured out–while the overall network bandwidth utilization also depends on the overall work balance–now as people work from home and connect from the external source to connect back to the network, we actually could gauge the percentage of bandwidth. Though the last minute bandwidth upgrades were a task, we had buffer bandwidth for any surge or any critical anomalies to be catered to,” he says.
Change management policy
Essar has a robust change management policy, ensures Desai. For any change to be affected, there is a series of approvals needed from portals where users place requests. That is processed by the change management board.
“In this scenario, where right stakeholders are connected and constant discussions to ensure critical decisions are taken on the fly, all these policies are recorded. Again when we move back to routine, those recorded changes are regularized. Any changes in the overall policy need to be taken care of and any policy will need amendment which was not properly documented earlier,” Desai said.