The Dual Roles of a CIO During a Pandemic
Already faced with rapid changes to their IT Infrastructure to maintain some level of operation, chief information officers (CIO) have had an opportunity to reinvent strategies to meet the demands of growing companies and emerging technologies, particularly in the last five years. With the onslaught of the SARS-CoV-2 virus and incidence of COVID-19, CIOs have had to take on a secondary role of making massive changes in a short amount of time to allow for remote workers while also thinking about unwinding these changes when organizations hopefully return to a new normal this summer.
The pre-COVID-19 role had the CIO evaluating ways technology can be used within the company and become a more significant part of the business unit. Digital transformation was a topic that many board members shied away from, and the CIO now has the stage to gain support for relocating the data to a cloud environment and developing strategies to improve the business continuity and resumption plan. The CIO’s dual role focuses on current operations while planning for the future of digital transformation and growth.
One emerging benefit in the last five years was the switch to cloud computing, which has made it easier for the transformation to work from home in this new environment. The CIO’s mindset today includes reducing the likelihood of failure and boosting service delivery. The business continuity and resumption plan must be in the forefront and, moving forward, considered as a strategic plan rather than an operational afterthought.
The COVID-19 pandemic is generating a host of challenges for CIOs from large and small companies alike. Amid a health crisis, CIOs must respond quickly and securely, transitioning to a work-from-home environment for their employees. This sudden need for most employees to work remotely exposed areas to various network security issues that in the past were addressed by limiting off-site access to a small number of users. Now, faced with changing operations from a once secured location, CIOs must quickly and resourcefully coordinate efforts to supply remote access to their off-site employees without compromising security. Large and small companies have arrived at a crossroads regarding which decision to address first: implement a solution now and worry about network security later, or improve the business continuity plan now and implement technology for future situations? These recommendations from the CIO must be swift and decisive.
The CIO should keep several questions in mind regarding network security while trying to resolve the work-from-home issues. The questions answered now can make the digital transformation of data a smoother process when the time is right. Initially, CIOs are asking:
- Are there enough VPN licenses, what will the cost be to increase the number of connections, and can the vendor deliver on such short notice?
- What will the strain be on our network bandwidth? Can the internet service provider increase existing bandwidth?
- What does the hardware inventory look like, and what type of hardware can be supplied for the work-from-home user? Several CIOs interviewed voiced they could not get a prompt delivery date for laptops and chose to purchase desktop computers.
- How will the new guidelines of social distancing dictate how the CIO considers the safety and well-being of users who do not have the option to work from home?
Evaluating vendor responses during these difficult times is critical, and their responses to the current situation help determine how vendors could be used in the future. It is beneficial to keep detailed documentation on each vendor used to assist in this crisis, noting the results of their performance in their pandemic post-incident reporting. At the same time, CIOs must plan and resolve current issues with vendors, and they should collect data to help expedite the transition of data transformation to a digital environment.
The CIO must think about how to resume business in this “new normal” and be mindful of how these solutions would look if outsourced.
- How will network security be enforced on these new devices, and how can the organization accomplish network monitoring and see what users are doing to help them remain secure?
- What level of encryption and multifactor authentication should be used?
- How can training the new remote user be efficiently accomplished while dealing with social distancing and quarantine?
- How will the organization provide patch management to remote users and keep anti-virus software updated?
Organizations should follow existing information security policies and procedures and add addendums as they develop new procedures that are required during this crisis.
Bad actors are aware of the struggles IT departments are facing and working overtime to exploit vulnerabilities left unchecked. CIOs have had to balance security and availability in their planning and implementation, and the business could be exposed to data loss, ransomware or malicious viruses. It is necessary to document all changes made to the network, policies and procedures. When the pandemic is over, detailed documentation will be essential to return configuration settings to their original state before the crisis and help plan for future pandemics and disaster recovery scenarios.
During this crisis, the safety and well-being of the IT team, users and vendors assisting the organization have been first and foremost in any decisions made, and the CIO needs to be forward-thinking and ensure the decisions related to technology use continue to be made with a safety-first mindset.
As with most topics related to COVID-19, changes are being made rapidly. Please note that this information is current as of the date of publication. For more information, reach out to your BKD Trusted Advisor™ or use the Contact Us form below.