Nothing supercharges innovation like necessity. And as we all know, the COVID-19 pandemic has caused instant, radical shifts away from “business as usual” and caused IT and cyber organizations to innovate on the fly. Obviously, the most prominent of these changes has been the work-at-home phenomenon.
Of all the scenarios that organizations typically contemplate as part of their business continuity plans, you’d be hard-pressed to find anyone asking, “What do we do if nobody, anywhere in the world, can come in to work?” Some companies plan for regional work-from-home scenarios caused by natural disasters, geopolitical events and other disruptions, but the concept of everyone, everywhere, working from anywhere, was not on the radar screen. And yet, that’s exactly what hundreds of thousands of organizations worldwide faced when it became clear that social distancing was the only defense against the pandemic.
At this point in the coronavirus crisis, we have seen a number of organizations do this well. However, it’s not without some significant effort to quickly stand up secure and reliable remote capabilities, connections, and communications. The interesting shift is how organizations will take the lessons learned during this time - what works and what doesn’t - to inform a potential “next normal” in remote working. What did they quickly put in place that, with more time and strategic consideration, could be a transformative approach to doing business in the future?
Two Stages of Enablement
When work-at-home first became a reality, IT and cyber teams, alike, were in an intensely reactive mode. They did everything they could to maximize capacity and enable remote access to employees, because system and application availability was the single most important factor for keeping businesses up and running. And, for the most part, they succeeded at creating a remote-working architecture that is “good enough” to get through this first stage of the crisis. But now that some countries are easing social distancing guidelines, these teams need to think about the next stage: What happens after the pandemic? Are there new processes in place that will survive long-term? Will remote working become a standard operating procedure, or will we return to corporate environments?
These are important questions to ask, because some of the process innovations created out of necessity for COVID-19 will turn out to be better than the ones they replaced. And, one changed process often leads to others – for example, banks initially needed to enable employees to work from home, which then required that loan approvals, account activations, wire transfers, and so on become securely enabled for remote employees. For many companies, some of these cascading processes are working well enough to survive and become enhanced for standard practice after the pandemic – including work-from-home initiatives.
Cyber teams will need to understand how organizations will function in the post-COVID “next-normal.” They need to take stock of all of the business processes they need to support, and rethink what cyber resilience really means. Once that’s done, they can reevaluate security architectures and operations to map to their digital footprint in the next normal.
Areas for Acceleration
COVID-19 has already caused acceleration in several cyber-related areas. For example, while there was already a healthy pace of cloud migration prior to the pandemic, many organizations accelerated their journey to the cloud when remote-work policies came into effect, so they could deliver the dynamically scalable systems and high availability that workers and customers need. Securing those virtual work processes is critical to productivity and overall integrity of the cloud environment. This trend will continue – particularly with the prospect of another COVID-19 spike in the fall - and with it will be an acceleration of related cybersecurity initiatives, including:
Cybersecurity Enables Business in the Next Normal
Cyber organizations are accustomed to playing “catch up” in their day-to-day existence. They tend not to be involved in the initial design process for new digital systems or technology implementations, and often have to go in post-deployment to implement proper security controls and cyber risk management. In this context, the pandemic has simply created a magnified version of the reactive world to which cyber teams are already accustomed, but with that also comes opportunity.
The overnight digital transformation of the workforce has shown organizational leaders how cyber is a critical business enabler of speed and scale, and shouldn’t be perceived as a deterrent to progress. When done correctly, a secure-by-design approach enables organizations to quickly and effectively stand up new systems, innovate with confidence, and adapt to new challenges without introducing undue risk. As economies open back up, the focus will be on stabilizing and strengthening many of the solutions and processes rushed into place. This will be accomplished by being more thoughtful and strategic about their deployment, developing the support, security and infrastructure around them, and fully understanding the impact they will have across their organizations and partner networks.
Of all the accelerations caused by COVID-19, the most important could be the acceleration of people’s understanding of the impact of cyber. Cyber is everywhere - from our work to our homes, in the businesses we count on (like our schools and grocery stores), to the innovative research and development efforts behind introducing new vaccines. This vivid realization should inform more thoughtful, more secure, and more effective decision-making across organizations in the future. And that, at least, is one positive outcome of this pandemic crisis.
Emily Mossburg serves as Deloitte’s Global Cyber Leader. A 20+ year cybersecurity professional, Emily has supported a range of clients and industries helping them to transform and evolve their cyber programs. This includes implementation of new processes and solutions in areas such as data risk, incident and breach response, and cyber resilience. Prior to this role, Emily was the Advise & Implement Solutions leader for Deloitte’s Cyber practice in the United States where she led the development and delivery of cyber solutions designed to better align cyber risk strategy and investments with strategic business priorities, improve threat awareness and visibility and strengthen ability to thrive in the face of cyber incidents. Emily is a recognized leader and authority on cybersecurity and was recently named one of the “100 Fascinating Females Fighting CyberCrime” by Cybersecurity Ventures.