What is the role of a Technology Guardian in a crisis?
We’re clearly in the midst of a crisis now – and we really don’t know how long it will last. As I wrote in my previous post, life is pretty stressful and scary for many of us, and the world is changing around us in ways we never imagined.
While work may be on a crisis footing, home life is equally stressful with worries about sickness, family, friends, job security, educating and entertaining kids (according to Forbes there are 862 million kids out of school worldwide).
We know that just like people in other roles, Technology Guardians may be worried about job security, particularly in organisations that have temporarily closed or have reduced activities due to government-mandated lockdown. You may be worried that cost-cutting will impact you, or even wondering whether the business will survive.
Examples of Technology Guardians, Consumers and Decision Makers
Source: Snow Software 2019
Delivering value through uncertainty
Whether still working or furloughed, many Technology Guardians might be concerned about articulating their value during a time of crisis, and are rightly being cautious about issuing warnings about software audits, license compliance, technical debt, non-standard technology or shadow IT. When organisations are in reactive mode, actions are about survival. Decisions about which parts of the business can work from home are about whether it is practically or technically possible – keeping people safe takes priority over cybersecurity, cost or contractual and licensing obligations at this stage. However, we’re all well aware that the changes that have been made in response to the crisis will highlight known issues with technical debt, lack of VPN capacity, securing home-based workers and similar issues that have historically been accepted risks or dealt with using workarounds.
There are four main phases during which Technology Guardians can contribute to crisis-management. Most of us have made it through phase 2 and into phase 3. We now realize that we may be in this for the long haul.
Phase 1 – Planning for a crisis
You’ve probably already got a business continuity plan (BCP) that’s been used in this crisis, and hopefully contributed to it. Technology Guardians are integral to business continuity planning– in fact, everyone involved in ensuring technical resilience, IT continuity planning, disaster recovery or crisis management should consider themselves to be a Technology Guardian – after all, we are all trying to ensure that the digital technology within our organisations can be identified, located, classified, authenticated, authorised, paid for, secured, and used to generate value for the organisation, today and in the longer term.
Your organization is likely to be reviewing phase one once the situation is more stable.
Phase 2 – Supporting the crisis response phase
The initial crisis response is about what is technically possible. In the current crisis, this has been about maximizing the number of roles that can be carried out remotely and enabling them. It has involved strategies such as:
- relocating office-based equipment (workstations, peripherals and even furniture) to employees’ homes;
- enabling access to business systems from personal devices;
- employees buying devices to use at home;
- implementing new collaboration tools;
- expanding access to existing collaboration tools and cloud-based services.
These activities have primarily been about working out who needs what, what we’ve got and how we can get everyone up and running as quickly as possible. At the same time, managers have been making staffing decisions as to who is going to be furloughed or dismissed. In this situation, providing data about what technology individuals need to be able to work, and whether this can safely be provisioned remotely at speed is key.
Phase 3 – Managing the uncertainty
Last month Jelle Wijndelts wrote about some of the activities that ITAM and SAM teams should be focused on as most of us moved from phase 2 to phase 3. As we settle into this phase (and come to accept that it is likely to continue for some time) we need to focus more on enabling the ongoing changes needed to adapt to new and changing circumstances.
- Keep track of changes – for the ITAM and SAM teams this is likely to involve mapping changes in technology usage patterns as organisations adapt and change the way that they work. For example, as well as moving as many people to remote work as possible, many organisations have switched their delivery model to primarily (or completely) online. Others have had to make changes to physical working environments (e.g. grocery stores where screens, queuing systems and security have been put in place).
- Highlight the cost impact of changes, whether immediate (for cloud-based solutions billed monthly based on usage metrics) or upcoming (contract anniversaries). While some costs will increase, use of some systems may reduce (even if temporarily), and decisions on cloud migration or the replacement of legacy systems may be accelerated to facilitate new ways of working.
- Identify risks that have been introduced as a result of the urgent action (licensing, commercial, financial, reputational as well as security), classify and prioritise them, and provide remediation options. This includes ensuring that workarounds are either removed (where returning to the previous setup) or replaced (where new ways of working are being retained or different ones being implemented). The risk register should be updated regularly – vendors such as Zoom are already working to mitigate the risks identified due to the rapid increase in adoption of their service, as are the organisations that use it. As one security specialist told me:
“It is crucial at the moment to understand what software is being used – particularly new solutions implemented at speed to enable changed ways of working – and identify vulnerabilities so that we can manage these and ensure that our employees are as secure when working from home as they are when working on-premises with our standard products.”
However, as the initial activity settles down and organisations start to model scenarios for how they might operate as the pandemic and associated economic impact develop, organisations are going to need data to help them understand the options and their implications. James Denena, Snow Software’s CFO, wrote about this from a CFO perspective recently, but you will also need to support decision-making on ways of working and technology investments. According to one CIO:
“With budgets being scrapped overnight, we have been tasked by board members to understand the capabilities of the IT roadmap and how we can manage projects and funding in future – without automated and robust technology intelligence, that would be a manual exercise involving collaboration with teams who are already overstretched in the current environment.”
Phase 4 – Return to business as usual
You’re probably all too well aware of all the debate around ‘back to normal’ or ‘the new normal’. We don’t know what ‘Business as Usual’ will look like, or when we’ll get there. In the meantime, the way forward is for us all to accept that we’re working with uncertainty and keep good records so that when the situation stabilizes we’re in a position to provide the necessary data.
Make an Action Plan
While some crises are localized, and others short and sharp, the current pandemic has introduced so much uncertainty that even what would previously have been considered short-term planning is impossible. We are all largely in reactive mode, trying to navigate our organisations through the changes as they occur – business closures, movement restrictions, supply chain disruption and constraints, as well as with the mental and emotional toll this is taking on us, our colleagues our customers and our suppliers. We need to be agile, responsive and creative in collaborating with our peers to find solutions that support what is needed now, while also maintaining good quality data to allow us to have a clear view of what we have changed, when and why and make business decisions about our technology strategy, budgets and commercial relationships as we start to adapt. In a recent conversation with an IT Asset Manager, they explained:
“Mature SAM & ITAM teams, with good quality data in their systems, are helping their organisations to understand and reallocate costs where necessary. Ways of working have changed overnight and with good data, we are able to identify which applications are being used and whether this use is in line with contracts and license agreements.”
The primary role of Technology Guardians in these situations is to ensure that decision-makers have the data they need to make effective business decisions in the difficult circumstances that they are faced with.
What to do if you’re still working:
Engage with stakeholders, listen, ask them what they need to know, respond quickly with ‘good enough’ reports to help them make decisions. Help them understand what needs paying for (particularly where you’ve taken advantage of time- or functionality-limited offers designed to support crisis-management), what could be cancelled (systems scaled back or no longer used due to new ways of working, or services implemented as short-term solutions), and to understand the change in usage patterns both through the crisis to date, currently and for different future scenarios.
What to do if you’re furloughed:
In this case, you’re obviously not working, but if you’re reading this, then you’re one of many people keeping an eye on what’s going on and planning for their return. Where only some team members have been furloughed, then we recommend simply keeping up with industry and discipline news and trends, and maybe doing any free training courses that are available at the moment. If the whole team has been furloughed, then spending time thinking about what information you are likely to have on your return, and where the gaps might be, will be invaluable. On your return to work, engage with stakeholders to understand what support they need and establish what data you have that can help them. You may also need to flag up issues or opportunities that haven’t occurred to them while they’ve been involved in the day-to-day crisis management with a reduced workforce and limited data.
If you’re looking for more resources and best practices to help during this time, be sure to check out our Essential Resources Center.
#StayHomeSaveLives