As I write this piece in June 2020, the world has been facing the COVID-19 outbreak for nearly seven months. Millions have been infected; hundreds of thousands have died.1 Millions more people have lost their livelihoods, at least in the short term. In discussing the successes of information technology in ameliorating the impact of the disease on society at large, we must never let those statistics be far from front-of-mind.
With a little distance now from the onset of the pandemic, there are a number of trends made more obvious by the IT community’s response to this pandemic. We need to absorb the lessons learned to be prepared for a recurrence of this global disaster or the arrival of another one.
Work From Home
Perhaps the most important trend has been the shift in the way many people work.
Information technology has enabled a semblance of normal operations during the pandemic2 by eliminating the necessity for people to travel to their offices3 and work in close proximity. They do their jobs in their homes, made possible by portable computers, cell phones, virtual private networks (VPNs), high-speed connection to the Internet and, of course, the Internet itself. Indeed the acronym “WFH,” or work from home, has entered the popular vocabulary.4
It seems obvious in retrospect; of course people would distance themselves from others and work remotely. But it was not obvious in prospect.5 It is not so many years ago that the technologies that have enabled WFH either did not exist or were not so widely utilized that we could rely on them. For example, although Zoom Video Communications was founded in 2011,6 it feels as though Zoom exploded on the Internet for every businessperson and student just in time for the pandemic. When was it that everyone had a personal computer, a cell phone and WiFi? Or does everyone have them, even now?
At Home at Work
As working from home has changed the nature of work, so it has also changed the nature of home. It may be someone’s castle, but for many, home was never designed to be their workplace. Perhaps those who have a suburban house, with a room set aside to be an office, have sufficient space for an at-home office. The residents might work at the kitchen table or they may have a desk, a high-speed Internet connection, a printer and a storage area for paper files (remember paper files?). But urban folks living in a one-bedroom apartment, with Internet connectivity designed for games and movies, find it more difficult. And, if that bedroom is shared with a significant other? Is the apartment sizable enough to allow two people to work both productively and amicably?
The IT community needs to be cognizant of the realities of those people who are not equipped for residential toil in the age of WFH. There is quite a bit of evidence that working at home may outlast the pandemic. Some have given precedence to equipping their homes for child rearing, not the daily nine-to-five (remember nine-to-five?). Others have just graduated and joined the workforce. Still more—too many more—simply do not earn enough to afford a suitable office in their homes. The IT community cannot in conscience simply assume that the cost of working from home will be borne by the workers.
THE IT COMMUNITY CANNOT IN CONSCIENCE SIMPLY ASSUME THAT THE COST OF WORKING FROM HOME WILL BE BORNE BY THE WORKERS.
The Internet and the Data Center
The Internet was designed not to break,7 and it did not. But it did bend. Speeds got slower; connections became less reliable, and faces and voices disappeared from online meetings. Sometimes, those working from home lost access to the Internet altogether because, though the Internet itself does not fail, the last mile from the Internet service provider (ISP) to the home sometimes does. If WFH is to become the contingency plan for pandemics and other serious disruptions, then the IT community must consider end-to-end connectivity so that workers can maintain productivity. It is not enough to keep the enterprise’s data center up and running; users must be able to reach it and use it reliably over time.
Notably, the pandemic has emphasized several trends that were ongoing well before COVID-19 had ever been encountered. Those who operate organizations’ data centers and keep their infrastructures running have no need to be physically near the systems they support. So during lockdowns, the techs work at home, too. Instead of being down the hall from the data center, they are across town or even further away.
Nonetheless, there is always a need for so-called “touch labor.” A circuit pack has to be replaced, a power blip investigated, a switch flipped. Before the pandemic, I had not heard of this need as a rationale for movement of systems to the cloud. But the value of having a faraway staff available for these sorts of tasks became much more apparent.8 In these disastrous times, public cloud providers have already made the hurried travel to a disaster recovery (DR) site unnecessary for many.9 In the difficult days we are living through, the IT community should focus on accelerating the trend toward migration to the cloud.
Cybersecurity in the Pandemic
Since this is the Information Security Matters column, I should note that as I see it, cybersecurity seems to be effective through the pandemic. Or more properly, serious cyberattacks seem no worse than before,10 faint comfort indeed. Before COVID-19, there were more than enough reasons to fear that there would be a significant increase in cyberattacks.11 With everyone working remotely, the guardrails provided by the employers’ workplaces (whatever they were) have been taken away.
Why, then, hasn’t the incidence of cyberattacks exploded? A few thoughts: For those using VPNs, the threat of an attack is no greater than if they were on an ethernet connection in an office building. Maybe attackers can target central enterprisewide systems more easily than lots of individual personal computers. Perhaps there is more end-point protection installed than we realize. Or it just might be that the bad guys are as frightened of COVID-19 as we are and are taking time off. Whatever the case, we cannot be confident that the relative calm will continue.
The IT Community
Throughout this article I have referred to the “IT community.” Who exactly am I talking about? In general, I mean anyone who makes a living in developing, implementing, operating or controlling applications and infrastructure. That is a lot of people, to be sure, and it is difficult to prescribe how any group that large should think, much less act. And yet, we who have made information technology such an intrinsic part of the world we live in owe it to ourselves and our fellow citizens to begin the conversation about IT during and (we dearly hope) after the pandemic.
At the risk of sounding too rah-rah for the home team (remember home teams?), I would like to suggest that ISACA® and everything/everyone it represents is the proper forum for that conversation. Let us all raise it in our publications, training, chapter meetings and research. Then, bring the rest of the world into the discussion.
Endnotes
1 Coronavirus Research Center, COVID-19 Case
Tracker, Johns Hopkins University, Baltimore,
Maryland, USA, http://coronavirus.jhu.edu/
2 I should temper my statement a bit. I bring to
this discussion the perspective of a US citizen
who lives in New York City, which, for a time,
was the global epicenter of the outbreak. There
may well be other locations with greater
disruption and less capacity for information
technology to reduce the impact.
3 Note that those whose jobs require them to
work in places other than offices were not so
fortunate. I am not sure if information
technology could change the lot of waiters,
gardeners and taxidermists, but an IT
community that has made the world safe for
cute kitty pictures must have some ingenuity to
spare to improve the lives of factory, meat
processing and transportation workers.
4 If a pop culture term has reached the Harvard
Business Review, then everyone must be using
it. Giurge, L. M.; V. K. Bohns; “Three Tips to
Avoid WFH Burnout,” Harvard Business Review, 3 April 2020, http://hbr.org/2020/04/3-tips-to-avoid-wfh-burnout
5 To cite one example among hundreds: Alba, D.;
C. Kang; “So We’re Working From Home. Can
the Internet Handle It?” The New York Times, 16 March 2020, http://www.nytimes.com/2020/03/16/technology/coronavirus-working-from-home-internet.html
6 US Securities and Exchange Commission, Zoom
Video Communications, Inc., registration, http://www.sec.gov/Archives/edgar/data/1585521/000119312519107178/d642624ds1a.htm
7 Fishman, C.; “The System That Actually
Worked,” The Atlantic, 6 May 2020, http://www.theatlantic.com/ideas/archive/2020/05/miracle-internet-not-breaking/611212/. This is an excellent, nontechnical overview of
the way the Internet has been operated during
the pandemic.
8 Miller, R.; “In Spite of Pandemic (or Maybe
Because of It), Cloud Infrastructure Revenue
Soars,” TechCrunch, 1 May 2020, http://techcrunch.com/2020/05/01/in-spite-of-pandemic-or-maybe-because-of-it-cloud-infrastructure-revenue-soars/
9 Ross, S.; “Do You Need a Disaster Recovery
Plan,?” ISACA® Journal, vol. 2, 2017,
http://h04.v6pu.com/archives
10 Center for Strategic and International
Studies, Significant Cyber Incidents,
http://www.csis.org/programs/technology-policy-program/significant-cyber-incidents,
undated but incidents from May 2020 are
listed. Unsurprisingly depressing reading.
See inter alia.
11 Mooney, G.; “The Cybersecurity Risks of
Remote Employees Working From Home,”
Progress, 17 March 2020, http://blog.ipswitch.com/the-cybersecurity-risks-of-remote-employees-working-from-home
Steven J. Ross, CISA, AFBCI, CISSP, MBCP
Is executive principal of Risk Masters International LLC. Ross has been writing one of the Journal’s most popular columns since 1998. He can be reached at stross@riskmastersintl.com.