Companies with Resilient IT approach technology strategically and proactively. Resilient IT reduces the frequency, severity, and duration of fiascoes. More importantly, it gives you an evergreen lens through which to make important IT decisions for the post-COVID-19 world.
The COVID-19 pandemic seems unending. Some experts say it will be a part of our “new normal” forever; others say it will end next month. All credentials aside, no one really knows what the future holds. This is a new reality for everyone, including the experts. Like any fiasco, we need to make the best judgments we can with the information we have and keep moving forward. At this point, you’ve made it past the initial crisis and got your company to “work” in the current reality of being locked down in our homes, social distancing, and mass concern for everyone’s health.
So, what do we do with our IT now?
Do we cut everything that is “non-essential” to save cash? Experiment with the same stuff “everyone else” is trying? Or, do nothing—which is a more common choice than people care to admit? In all reality, doing nothing and stagnating is not a real option. Your customers and people will demand more. And, if you don’t adapt, your competitors will.
Since our inception, Waident has attracted business owners who demand a strategic, pragmatic approach to IT. They often come to us after some IT fiasco. COVID-19 is just one of a long list of fiascoes. Others include major hardware meltdowns, a damaging hack, broken onboarding processes, an office move, an inattentive MSP vendor dropping the ball, or some other issue that breaks vertebrae in their IT backbone. Firms that rely on IT for business viability—and who doesn’t—need an approach that keeps their employees productive, their enterprises running, and company data safe. Pragmatic businesspeople understand that IT is a powerful business enabler but it is not a panacea and is far from perfect. Their goal is to reduce the frequency, severity, and duration of fiascoes. We call our approach to achieving these outcomes Resilient IT.
Resilient IT is built upon five simple principles that I developed as a corporate CIO:
- A People-first, Tech-second Mindset
- Comprehensive Understanding of System Interdependencies
- Extensive Documentation
- Systematic Preventive Testing
- Proven Troubleshooting Protocols and Processes
Combined these principles create an adaptive, but disciplined approach to IT that is aligned with business outcomes and anticipates the imperfections of both technology and humans. More important today, Resilient IT gives you an evergreen lens through which to make important IT decisions for the post-COVID-19 world.
Pure pragmatism can’t imagine a bold future. Pure idealism can’t get anything done. It is the delicate blend of both that drives innovation. – Simon Sinek
How to Build Resilient IT for Your Organization
1. A People-first, Tech-second Mindset
During the pandemic, I’ve heard too many stories of panicked and misguided companies telling their employees to “just work from home.” They figured that having a virtual private network (VPN) in place and a few people already used to working from home that everyone could do it. NOT! The companies’ IT functions didn’t think through the impact this reactive decision would have on all users with their current IT setup. “Working for a few users” does not mean it’s set up to work at scale for everyone. This is a critical distinction when it impacts a platform that all users in the enterprise rely on. The companies that started with how and what the users needed to do their jobs remotely before the pandemic and, then, configured the IT to ensure it worked, moved to remote users painlessly.
The problem with technology is not stupid people, instead, “It’s all about people, stupid.” When making IT choices, it’s much easier to worry about a server or a computer than the actual end-users. Servers don’t make demands, have opinions, or need education. At Waident, we want our tech people to think like business people. For example, business people worry about how production or delivery changes will impact customers. We want the first thing that IT thinks about when starting a task to be “how will this impact the user?” How will it impact his job, his time doing his task(s), the effort to learn a new approach, or maintain a new piece of tech? By thinking this way, it makes it nearly impossible to do the typical tech-guy thing and reduce his focus to the technology sitting on a desk.
You can begin implementing a “people first, tech second” mindset in your organization today. First, rewrite your IT job descriptions to recruit and hire IT people with business experience and a passion for technology, instead of a tech geek with a long list of certifications and no business acumen. Second, hire support people who think about people first, communicate effectively, and have a sense of responsive urgency. You can take someone with great people skills and get them up to speed on IT more quickly than the opposite. An additional bonus of this approach is getting to avoid the effort of having to unlearn bad IT habits (like IT-focused support who demand to reboot a server in the middle of the business day).
2. Comprehensive Understanding of System Interdependencies
A strong virtual private network (VPN) enabled many companies to keep their employees productive remotely, the enterprise running with few on-site personnel, and company data safe from opportunistic hackers during the pandemic. Resilient VPNs enabled employees to easily get to servers and essential applications remotely while reducing risk to both mission-critical and sensitive data. Companies that neither understood nor tested the interdependencies between their VPN and important applications were surprised by unexpected and unnecessary delays, downtime, irate customers, and reputational risk. By assuming that because an application worked fine in the office that it would work perfectly fine remotely through VPN neglected an obvious and critical weak link in company IT. Resilient IT understands these relationships and tests the functionality beforehand. This foreknowledge affords a firm the opportunity to pivot and explore alternative remote technology options to enable key applications.
Managing IT interdependence is simple but hard. It simple in knowing that IT must think big picture about business objectives, risk, operating scenarios, IT functionality, and software compatibility. All IT people think they are “big picture” thinkers. The hard part is having created a comprehensive view of business tech is, THEN, digging very deeply into the details from multiple perspectives. Determining: How will this affect the business and users? How will this fit within the current infrastructure? What absolutely has to happen for us to achieve our vision? What is the worst thing that could happen to jeopardize our success? What do we not know, not understand, or not have complete information on? How will this work years from now as the business changes and grows? How do we implement in each situation and permutation to minimize disruption and maximize value to customers, employees, and the enterprise?
You can build more Resilient IT today by testing applications under various business and operating scenarios to guarantee that it works as expected before pushing it out to users. Then, document the protocols and processes for each scenario so you’re prepared for anything.
3. Extensive Documentation
During the pandemic, one company took more than a week to get its remote users up to up to full speed. With Resilient IT, it would have taken hours. The company’s problem was the result of IT not having any documentation on its VPN and other infrastructure. Again, IT assumed that since they had a VPN that everything was in place and would work fine. It didn’t. First, the firm had only purchased licenses for 10 users. It now needed 60 to accommodate remote access through the VPN. IT didn’t know this because they had no record of it. It took days just to figure that out. Second, after buying the user licenses, they discovered network configuration issues created by the new VPN volume. Simple documentation could have avoided all of this. (Also, see Principles 1 and 2 above)
To many companies, documentation means having a secret list of basic passwords and IP addresses for users and applications. To us, that definition does not even scratch the surface of documentation. Resilient documentation covers areas like processes and procedures, cybersecurity policies, how to’s for business applications, new computer checkoffs, new hire and termination checkoff sheets, and more. Even the smallest company should have hundreds of pages of documentation. Yes, hundreds!
Want to know how resilient your organization’s documentation is today? Ask your IT for all of your documentation. It’s a simple and powerful way to determine if you, the business person, are in good shape or not. It is a straightforward request and response. After you ask, how quickly do you get something back? If you get hundreds of documents in real-time, hours, or even a day, you are in good shape. If it takes days or weeks and you only receive a few sheets with people and passwords, you’re in trouble. If there is no response, you’re screwed when a fiasco hits. Enough said.
4. Systematic Preventive Testing
Waident has a redundant internet in place and we KNOW it works. It worked fine when we tested it last year and we know that if it isn’t we just need to reboot it to get it working again. What percent of companies do you think had our level of confidence and knowledge before and during the pandemic? Did that approach work for you during the pandemic? Did your corporate internet fail? Did your backup kick in when there was no one in the office to reboot the equipment?
This pandemic has taught a lot of people that you have to be proactive and be prepared for the inevitable fiasco. Worrying, hiding your head in the sand, or feigning unsubstantiated confidence are common but unviable approaches. The best way to be prepared is to develop a big picture perspective, understand interdependencies, create threat scenarios, and do as much testing as you can to ensure everything working as it should. Test your redundant internet. Test your backups. Test your disaster recovery plan. Test anything that can be tested and develop procedures to test it regularly.
Today, you may not know what should be or is being tested currently. That’s ok. If you don’t, you can take the simple action of sitting down, listing all of our key systems, and detailing the scenarios that keep you up at night. Share that list with your IT people to determine what proactive steps and testing protocols can be implemented to ensure that these systems are operational all of the time. Poor IT will hate this exercise. Resilient IT will love this challenge and will probably already have much of it in place. Rest assured that, most likely, everything on your list can be proactively addressed.
5. Proven Troubleshooting Protocols and Processes
A user working remotely during the pandemic could not access his corporate systems from his home wifi no matter what he tried. He knew his computer was fine because he had accessed the network just fine from another non-corporate wifi connection. His “IT cowboy” tech support randomly experimented with his best “ideas” to solve the problem to no avail. The cowboy kept guessing finally lobbing the idea the user’s Internet setup was the culprit and needed to be changed. The change broke even more things and turned a small problem into a big one. In the end, the solution required a simple change to a single setting found quickly through documented troubleshooting protocols.
Effective troubleshooting starts with a systematic approach. I’m not a big fan of “IT cowboys” and my bet is you are not as well. The IT cowboy is the tech geek who believes he is smart enough to jump right in, solve any problem, forego all documentation, and never call for help. You don’t get much more UNsystematic than that approach. Systematic means starting with user impact (See Principle 1), then, the systems affected, then, how that systems’ interaction with the rest of the network (See Principle 2). Oftentimes, troubleshooting requires a rifle shot, not a shotgun. The Resilient IT troubleshooter intuitively accepts Occam’s Razor, that is, the simple answer is usually the correct one.
If your firm’s troubleshooting seems a little excessive and your IT tech starts with something drastic (e.g. replacing all of your equipment), it may be time for you to push back. While you may not understand some of the tech details during the troubleshooting process, the overall troubleshooting process should make sense and feel good to you as a business person. If it doesn’t, stop your IT cowboy and make him think through his troubleshooting steps and start with the simple solutions first.
I am pragmatic. That which works works, and theory can go screw itself. However, my pragmatism also extends to maintainability, which is why I also want it done well. – Linus Torvalds
Resilient IT is focused on the continuous strengthening of IT health with knowledge, discipline, and process to reduce the frequency, duration, severity, and cost of an inevitable fiasco. I trust that you now understand how important a Resilient IT approach is to the success of your business.
The pandemic fiasco may have thrown a wrench into your IT and business operation. Lucky for you, it is also affording you an opportunity to think about your current approach to business operations and how IT enables or hinders your performance. I encourage you to start taking advantage of the five principles. Apply it to the technology you already have in place. Implement it to build stronger IT and greater efficiencies. strike while the iron is hot. You probably have tech projects held up because you “knew” it would be hard to get all your employees to adopt something new. Well, everyone is adapting to something new now, so, use that momentum to implement new IT systems or processes that can make your enterprise more resilient to the constant redefinition of “normal.”
In the short term, you may need to cut costs in some areas to maintain competitiveness. However, now is no time to cut costs without a clear strategic direction. The strategic direction is Resilient IT and the goal is keeping your people productive, the enterprise running, and your data safe no matter what fiasco comes your way—be it a pandemic, natural disaster, economic meltdown, IT vendor collapse, supply chain breakdown, or zombie apocalypse.
Prepare for the next fiasco
In this 30 minute webcast, Resilient IT: Approaching Technology Strategically and Proactively, we will cover:
- The 5 Principles that make IT resilient
- The types of fiascoes you should prepare for
- Examples of Successful IT preparation and Unsuccessful