COVID-19 – Confidential CIO Connection

The CIO Association is the voice of the CIO. Right now many of us are being asked to be prepared to potentially support an unprecedented number of organizations employees working from home. Are you prepared? Can our infrastructure even handle this load? Have you been asked to participate on the Risk Mitigation Committee? Let’s use this blog space as a place for sharing, Chatham Rules style, so we can learn from each other and benefit from the collective intelligence of our membership.

Please also contribute to this survey so we can share the answers anonymously on this page.

13 thoughts on “COVID-19 – Confidential CIO Connection”

  1. Am I prepared? My answer is “it depends”. I assume most us already support a work from home process already. I do and can most likely handle an increase in additional support. Where I feel I may be at risk is in the event of an extreme situation i.e. a full office/plant/warehouse closure. Focusing on the office closure, did anyone create a runbook for this as a result of the floods in 2013? Or is ‘no physical access to the office’ part of your company ERP? Two operational gaps I know I have are printing and providing service desk support.

  2. Our organization is maybe an outlier since 75% of our staff are already road warriors and have VPN for remote access and everything else is within the O365 tenant (SharePoint, OneDrive and Teams). Since the majority of the workforce is remote in that nature, the other 25% all have laptops anyway with remote capability and we are managed by an outsourced provider. I would say we are quite ready for any situation that would require people to be remote for an extended period of time. Printing as Gerry mentioned would be something of a challenge, however I’m pretty sure Government’s would relax the rules on things like digital signatures should the need arise.

  3. I have been wondering if Microsoft/Office 365 has the capacity to support what could be unimaginable traffic, or if our integrated telephony will fail first. During the Calgary floods of 2013, when I was at Suncor Energy, we could only support 20% of our workforce remotely for the eleven days our head office was inaccessible. We mitigated that by saying only Mission Critical people were allowed remote access, everyone else was on spontaneous vacation (not really a viable option for a three-month lockdown). I remember I couldn’t dial into conference calls on my mobile phone, and making a simple mobile call frequently failed as all the lines were jammed, but landlines worked. I kept my landline for years longer than I should have because of flood lessons. Lots has changed since then (hopefully there are far fewer data centres in corporate basements at least) but have CIOs been able to effectively advocate for the budget to provide full, extended remote workforce support in an emergency?
    Never waste a crisis; maybe this is the budget increase opportunity we have all dreamed about.

  4. Excellent comments and considerations. At TC I only have licensing and infrastructure to support around 84% of the workforce through both a CItrix and VPN solution. We have 20% of our workforce who will need to come to work I.e do inspections and keep the transportation sector situational Center operational. We would have to communicate to employees that mission critical users would get the priority for system access if we had to work remotely. We are currently finalizing our comms and BCP plans so that they are all ready should we be told to stay home.

  5. Our plans allow for 80% of staff to work remotely purely through Citrix – though laptops are being deployed starting next quarter. The biggest issue for us is not for staff to work from home, but how long can this reasonably be expected to last?Our planning was for events like a flood, inclement weather or a pandemic of a few weeks but with medical experts suggesting the mutation and re-infection rate is growing this could be another challenge. Who will be the one to make the ‘all-clear’ call?

    Another item that we are planning to communicate is how people can work from home. For many this will be new and they may not think of different aspects – proximity to wifi, a good ergonomic location, how to handle highly confidential/sensitive information, and how to handle standard paper-based processes that currently interoffice mail, ink signatures, etc. I won’t get into how we plan on delivering medical and rehabilitation services…

  6. Being a K-12 school district, working from home isn’t a plausible option for the vast majority of our employees (teachers specifically). Our business units however, should function somewhat normally as we have been on the O365 platform for several years.

    My concern, however, is with our ability to quickly and easily share information with our ~6000 employees. Having lived through the Calgary flood of 2013, I know that email and telephone “fan-outs” are somewhat limited; especially when we get into crisis mode and new information is hitting people at an unmanageable rate. It’s simply too slow. Being on the O365 platform, Teams seems like the perfect solution, but we’ve never used it at scale. It works great with 5 or 10 people, but I assume scaling that up to thousands introduces new challenges that I am not yet aware of. On the other hand, never waste a good crisis, right? This is an opportunity to shift the organization away from our reliance on email as the primary method of communicating.

    Does anyone have experience with Teams at a large scale? Maybe this assumption is completely off base?

  7. We just had a tabletop exercise with the scenario of COVID-19 hitting our campus. The statistic that caught my attention was that we should expect 30% of our staff to refuse to come to work based on unsafe work. This includes instructors, facility management staff, security, etc. The discussion quickly turned to, how do we handle a reduction in workforce like that? It is understandable why Italy chose to close schools and universities for 2 weeks. Our knowledge workers (those that sit behind a keyboard all day), can work remotely using O365 and VPN’s. It’s the other staff that need to be here, we have a go-generation plant that needs to be manned 24/7, that I am concerned about supporting.

  8. As part of our last computer refresh, we have replaced essentially all of our desktops with laptops. The only people left with desktops are some IT employees who need a more powerful system on a regular basis (and these people also have access to a laptop) and a few contractors or students.

    Roughly half of our employees already have VPN, and we have starting deploying VPN to all remaining employees (along with instructions on how to setup, and use, our recently deployed Two-Factor Authentication solution). A number of our employees Telework on a regular basis (either from home or as part of business travel).
    We are also in the process of provisioning all of our employees on Cisco Jabber (the “softphone” equivalent to our Cisco IP Phones), which can be used on laptops and smartphones.

    We have already migrated to O365. The rest of our systems are in a hybrid Cloud architecture: we use a number of SaaS solutions and our on-prem data center is configured as a “private cloud”. We are figuring out plans and requirements for access to our data centre (which can be monitored and managed remotely).

    Last year we doubled both of our internet line bandwidth, which are configured as active-active. We are in the process of setting up load balancing between the 2 lines.

    The recent “snow storm” event in Ottawa was a good test, with a large number of employees teleworking without any issues.

    I am part of the Security and Emergency Planning Team.

  9. In a post-secondary institution, my concerns are similar as to Rob’s. We currently support virtualized desktops that can be accessed through multi-factor authentication from any web browser. That has helped with costs ensuring we are not providing laptops or CPUs that must meet specific criteria. My team is currently located in the hospital, as well as are many of our Faculty members. This provides another layer of fear on top of this crisis, as when folks are sick, many show up in the emergency room and so are on premise where my team works. An interesting side-effect of the ability for individuals to work remotely has been raised regards to this past year’s cold snap. Some of my team wanted to work remotely due to the cold weather. Perhaps in a smaller office this would be encouraged or understood. In a highly unionized and large environment, this is not a simple cultural change and may have broad negative impacts and unintended consequences. To have the Faculty prepared to work remotely to self-quarantine during Covid-19 is one thing, to move to a fully realized remote workforce brings a whole other level of challenges. It will be very interesting to see when we are through this crisis if organizations policies regarding working remotely change as a result.

  10. Hot tip: Schedule your remote meetings for x:45 so everyone is trying to join at a time the lines are least busy

  11. We have signed up to the Webex offer from Cisco so we can remove a lot of the VC trasffic off our network. Has worked great so far. We bulk loaded from AD to Cisco and all staff and contractors were onboarded that way.

    We are forcing laptop users to use the VPN and leaver space for those that need citrix to RDP.

  12. In Alberta all schools and daycare centres are closed so work-from-home is almost mandatory for anyone with family in the Daycare-to-High School space, and many people will be dealing with home schooling situations. The collateral implications may be that home technology (laptops, tablets, ISPs, printers, etc.) will be servicing home, school system, and workplace uses, and quite possibly multiple services for each category. (i.e. Both public and post-secondary school systems, multiple work environments if both parent are working or in the gig economy, …) If these homes are using Microsoft environments with shared equipment and software, and many are, there may well be quite a bit of confusion over which Microsoft Account am I using? Which one should I use? Where did I save those files? ….

    I have found this article helpful in explaining how Microsoft approaches distinguishing its personal and business/organizational accounts – It’s a couple of years old and about a 10 to 15-minute read, but it is well-written, easy to read, and quite understandable. It may be a useful resource to your help desk personnel if they get calls from remote workers about how to handle such situations? It might even be helpful for your remote workers who are now more involved in managing their own technology and environments.


  13. In a couple of on-line conversations I have had over the past few days, my legal friends have commented that home/remote workers need to be extra vigilant about what sorts of devices might be “listening” to their conversations. I think the lawyers are concerned because there are strong elements of client privilege, privacy, and security associated with their work. This article appeared on Wednesday and highlights these concerns and actions we can encourage to help manage it:

    Is this awareness helpful for your organization’s workers?


Comments are closed.