When the coronavirus hit eastern Canada, it was an all-hands-on-deck moment for the staff at Hastings Prince Edward Public Health. Besieged by questions from nervous residents, the information technology staff scrambled to set up a virtual call center in just two days, staffed by employees who were suddenly forced to work from home.

IT Systems Manager Tom Lockhart had his hands full building the call center, but one thing he didn’t have to worry much about was accommodating employees working from home. That’s because seven years ago the company scrapped its client/server network in favor of virtual desktop infrastructure, a technology that delivers the equivalent of a desktop computing experience over a network, with most of the processing taking place on a server.

VDI renders the desktop client essentially irrelevant; the IT staff takes care of patches, updates and administration. Users can log on from any supported device and pick up where they left off. VDI was an early form of cloud service, although Hastings Prince Edward Public Health runs it on its own infrastructure using software from Nutanix Inc.

“The way we designed IT is so that we can deliver it from anywhere; we don’t have to have bodies onsite,” Lockhart said. “There’s IT staff available to respond to requests, but it’s pretty much all virtual.”

The agency’s experience is typical of many organizations that are leaning on cloud infrastructure to simplify an unprecedented pivot of entire workforces to working at home due to coronavirus-related lockdown orders in many U.S. states. In many cases, organizations had no more than a day or two to effect the shift.

Organizations that already have much of their processing loads in the cloud say the shift was accomplished with relative ease. Those that are still largely using on-premises infrastructure aren’t saying much, perhaps because they’re still scrambling to adapt to an environment their resources weren’t meant to handle. Analysts and companies that provide cloud-based computing and software say they’re getting a crush of calls from such businesses.

The impact of the coronavirus on IT organizations has been “tremendous,” said Baird Cowan, chief technology officer for enterprise technology services at the California Department of Consumer Affairs. “We had to onboard hundreds of laptop users to our virtual private network and create an entire VDI environment in a week.”

Sensing opportunity, SaaS and service providers have been mustering resources to accommodate a sudden wave of demand from organizations they see as post-pandemic prospects. “The ability to mobilize and still be 100% operational is a powerful experience,” said Jen Jackson, vice president of customer success at Serenova LLC, a provider of cloud-based contact center software. “These are ‘all-hands-on deck’ scenarios.”

“Our service provider customers see opportunity in this crisis,” said Rich Petersen, president of JetStream Software Inc. “Enterprises are postponing large capex purchases and looking to cloud-based services to sustain their business operations.”

And nearly everyone believes the pandemic will accelerate the march to the cloud. “Every IT director is going to get a phone call that says we want to be in the cloud now,” said Ian Campbell, chief executive of Nucleus Research Inc. “We will see a mass migration.”

Cloud stress test

IT managers who were interviewed said they’re generally pleased with the responsiveness of cloud vendors in a chaotic situation. Several said they’ll think twice about bringing processing back in-house after the worst has passed. The California Department of Consumer Affairs got its Microsoft Azure Windows Virtual Desktops up and running in a week. “We had a crash course,” Cowan said, and will be expanding cloud usage in the future.

“If anything, this is creating more urgency about cloud migration because staffing a data center and putting infrastructure in place is risky,” said Craig Lowery, a research director in the technology and service provider group at Gartner Inc. “IT managers are seeing the benefits of having an Amazon or SaaS provider take on that risk.”

“It’s perhaps that one single significant moment in time that changes everything for cloud communications,” said Dan O’Connell, chief revenue officer at Dialpad Inc., a developer of business messaging and conferencing systems based on the voice over internet protocol. “It pains me to say it, but the situation is good long-term for us as a business.”

Companies that made the early investment in moving core applications into the cloud are in a better position to adapt to disruption than those that concentrate users on an internal network, noted Phil Hochmuth, a program vice president at International Data Corp. “They’re just physically moving where people work as opposed to having to reinvent and entire office with a distributed architecture,” he said.

“Companies can conduct business as usual from home because cloud data centers manage processing power, connectivity, memory, storage and access to applications and programs,” said Hillery Hunter, chief technology officer of IBM Cloud at IBM Corp.

Organizations with significant on-premises infrastructure “are going to have to make some hard decisions,” said Serenova’s Jackson. “Those that have quickly adjusted to an interim cloud solution must make a call on reverting back to on-premise solutions or continuing down a cloud-first path for the future.”

IBM Corp. Chief Information Officer Fletcher Previn sees the experience as validating the value of hybrid clouds, which “allow us to take advantage of the control plane of public cloud while maintaining agency over our data.”

Pivot in place

At Mead & Hunt Inc., an architecture design and engineering company, about 90% of its 900-person workforce is now working from home, up from less than 4% before the pandemic, according to CIO Andy Knauf. The shift has been smooth thanks to the company’s aggressive adoption of cloud services, a move that accelerated after a flood in 2018 that shuttered its headquarters in Middleton, Wisconsin.

“Our office services were shut down by that flood, but all the remote people could work just fine,” Knauf said. “I made sure that if something like that happened again, everyone would be able to get their work done.”

Mead & Hunt adopted a cloud-based VDI system from Workspot Inc. along with Panzura Inc.’s multicloud file system across 28 locations. Between the two services, “people have the same environment at home as in the office,” Knauf said. “They’ve been telling me they can’t believe how easy it’s been.”

A 30-year IT veteran, Knauf contrasts how the company would have handled a similar crisis a few years ago when most infrastructure was on-premises. “It would have been tragic,” he said. “We’d have had to do layoffs.”

Cloud providers have kept mostly mum about the impact the pandemic is having on their businesses, but anecdotal evidence suggests it’s significant. Microsoft reported a 775% increase in use of its Teams collaboration software in Italy in the month following the imposition of strict shelter in place orders, for example. It also said usage of Windows Virtual Desktop tripled and usage of its Skype VOIP service rose 70%.

Zoom Communications Inc. said daily users of its cloud videoconferencing platform shot up from 10 million in December to 200 million in March, in part due to the 90,000 schools that took advantage of free or discounted service. Usage of Avaya Inc.’s Spaces videoconferencing service is up 700% since January, said Simon Harrison, the company’s chief marketing officer. Traffic to Cisco Systems Inc.’s WebEx videoconferencing service soared as much as 80% the week that lockdowns began, the company said. And Akamai Technologies Inc. saw traffic more than double on its content delivery network in the March compared with a year ago.

Early concerns that the internet itself would buckle under the weight of millions of new homebound users have failed to pan out. Centerfield BBN LLC’s BroadbandNow internet service provider comparison site reported that 44% of 200 cities it analyzed experienced network degradation during the week of March 15 from the 10 weeks prior. However, most saw speed declines of less than 20%.

Streaming video providers such as Netflix Inc. and Google’s YouTube have throttled back video quality to reduce bandwidth consumption, but those measures are considered precautionary. “The internet was designed to work in a degraded state,” said Gartner’s Lowery.

Unlike VPNs, which can become overwhelmed when usage exceeds budgeted capacity, cloud providers can allocate processing among multiple regional data centers. “Those systems are built for distribution and high availability,” Lowery said. “This is the type of crisis where cloud’s core value proposition really shines.”

For instance, the performance of Google’s infrastructure remains “as high as it was before the pandemic,” John Jester, vice president of customer experience at Google Cloud Platform, wrote in a blog post.

Microsoft said it has put a “few temporary restrictions” on usage of its Azure cloud service, such as limiting free offers, but “we have not had any significant service disruptions,” according to a blog post. That said, The Information reported this week that Azure had trouble serving some large customers even before the COVID-19 pandemic.

On-premises frailties

All that said, the pandemic has exposed some of the inherent frailties of traditional infrastructure. One is the physical problem of staffing data centers with people who must avoid contact with each other or may even be ill. Cloud-scale data centers are more automated than those in the typical enterprise. Most cloud providers also have multiple regions, which enables them to shift workloads on the fly to equalize capacity.

Another is reliance on virtual private networks, which are encrypted “tunnels” that connect remote devices to a network for remote access. VPNs can be resource-intensive and require frequent tuning. They also have capacity limits. “Most VPN deployments aren’t ready to scale to an entire workforce routing traffic through them,” said Rajiv Gupta, senior vice president of cloud security at McAfee LLC. That can cause significant performance problems.

Distributing VPN service across multiple communication paths can ease the performance burden, but the tradeoff is less visibility because traffic is brokered through partnerships with other VPN providers. For that reason, companies in regulated industries tend to steer clear of them.

Volterra Inc., a provider of distributed cloud services, estimates that the vast majority of the financial services and ecommerce companies it encounters use centralized VPNs. “This is becoming a problem for 95% of them,” said CEO Ankur Singla.

“Moving from [local-area networks] to VPNs is the pain that the laggards are feeling right now,” said IDC’s Hochmuth.

Perhaps an even bigger problem is that VPNs have been widely discredited as a security risk because they only regulate access to the perimeter of the network. The weaknesses of protecting devices rather than applications is causing many companies to consider identity-based or zero-trust protection.

Most cloud providers offer a wide range of secure access options, including connections to corporate VPNs, and can take the administrative headache off beleaguered IT staff. “I think remote access will migrate more to the cloud, especially after this crisis,” said Volterra’s Singla. “Current hub-and-spoke architectures just don’t work anymore.”

The bottom line: “Companies that were behind before are now behind the curve,” said Chris Port, chief operating officer at Boomi Inc. “The impetus is now more urgent than ever, especially if workforces remain remote and distributed.”

New perils

But for organizations that aren’t accustomed to supporting large remote workforces, the sudden shift to the cloud can introduce new complexities and even perils.

In their haste to get users back online, IT organizations run the risk of cutting corners. When enabling VPN access to an application that had previously been used only by office-bound workers, “typically there’d be a long security review with penetration testing,” said Ben Goodman, senior vice president at cloud identity management provider ForgeRock Inc. “People don’t necessarily have the time to do that now.”

Indeed, said Val Bercovici, CEO of cybersecurity firm PencilData Inc. foresees a COVID-19 “Cyber Echo Effect” coming as result of bad actors exploiting unpatched security vulnerabilities and neglected data compliance mandates.

“The cloud could be very easy to set up if you just hit ‘next,’ ‘next’ and ‘finish,’” said Gani Zebersky, CEO of managed service provider Wheelhouse IT, a brand of Tekz Group LLC. “But people that go into the cloud too quickly and don’t look at their security posture are the ones I’m most concerned about.”

Attackers know this and they’re stepping up their activities. Check Point Software Technologies Ltd. said it has seen the number of daily coronavirus-related attacks grow from a few hundred to more than 2,600 per day since February.

“We’re seeing a lot of phishing attacks masking as COVID sites or people trying to portray themselves as the Centers for Disease Control of the World Health Organization,” said James Carder, chief security officer at LogRhythm Inc., developer of a security information and event management platform.

Barracuda Networks Inc. said the volume of COVID-related spear-phishing attacks, which are a targeted form of phishing, grew nearly eightfold between February and March.

Phishing attacks are especially worrisome when employees are connected over a VPN because the malware they trigger could migrate back to the corporate network. The risk is magnified during a crisis because email that appears to come from a trusted information source is more likely to be noticed. “Everyone is so eager for information that it creates an attractive attack surface,” said ForgeRock’s Goodman.

IT organizations also have less visibility into what employees are doing online when using SaaS services over the public internet, making it more difficult to detect activity that might indicate the presence of an intruder or malware. “With direct internet accesses, data sent to the cloud falls out of visibility and becomes vulnerable,” said Rajiv Gupta, senior vice president of cloud security at McAfee. “Sharing within the cloud and to external parties also falls outside of visibility and control.”

LogRhythm’s Carder points out as well that “if you’re funneling through your operation you’re protected by your own firewalls and intrusion detection; if you go remote you’ve pretty much blind.” SaaS providers offer logging and traffic monitoring features that “are the same or better as those in the enterprise, but you have to be using those services,” he said. Companies that have made a hurried shift to the cloud may not be aware that they’re even available.

Many organizations that have had the time to familiarize themselves with cloud security options believe their data is safer in someone else’s data center. “Cloud actually improves our overall security posture because it provides a number of highly scalable mechanisms against denial-of-service attacks and greater visibility into cyberthreats,” said Fletcher Previn, IBM’s CIO. “It also makes it easier to drive configuration consistency across our IT estate.”

Corporations are also now engaged in the largest bring-your-own-device experiment in history, and many may find themselves underprepared to support unfamiliar home computers and other access points.

“U.S. companies and agencies are struggling… as they send workers home and find that they don’t have a handle on dealing with unknown personal devices that will now be used to do business and retain sensitive corporate data,” Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers, said in a published statement. She cited a 2015 IAITAM report that found that 17% of U.S. Securities and Exchange Commission laptops weren’t in their designated locations and 22% had incorrect user information.

IDC’s Hochmuth thinks the crisis will spawn a surge of interest in tools that help organizations better get a handle on their end-user computing assets as well as in VDI. “Even companies that have done well moving applications to the cloud are still managing PCs like they did in the 1990s,” he said.

What the future holds

One of the few silver linings in a crisis like this is that it forces people to plan ahead for the next big disruption. “This busts up norms,” said Gartner’s Lowery. “It’s a good time to make changes stick.”

Among the changes to business and the workplace that futurists expect are a renewed focus on business and supply chain resilience, greater receptivity to remote work arrangements and a more vigorous embrace of cloud-based collaboration technology such as videoconferencing.

Many businesses are discovering that home-based workers spend more time on the job and get more done than those who spend an hour or two in rush hour traffic every day. NordVPN, a VPN service unit of Tefincom S.A. reported that people using its service from home worked on average of two hours longer per day than at the office. For U.S. workers, the average increase was three hours.

Flexible arrangements are becoming even more important as a younger generation enters the workplace. A survey by collaboration platform Wrike Inc. found that millennials are 44% more likely than baby boomers to say that they could do their job just as effectively from home as in the office.

“Folks are settling in, adjusting and getting in a rhythm and are able to be pretty darn productive working from home, in some cases even more than we previously saw with lengthy job commutes,” said Bill Miller, CIO of storage software provider NetApp Inc.

Although hard times are ahead economically, many experts expect companies that have a large part of their computing infrastructure already in the cloud will bounce back more quickly than others. Those that survive the pandemic will ramp up their migration plans more aggressively and, in the process, improve the agility and resiliency of their organizations. “Business needs elastic expansion capabilities, and this crisis has brought that to the forefront,” said Chad Hodges, executive vice president of MSP Enterprise Networking Solutions Inc.

The greatest lesson of the pandemic, however, may be that shared human experiences are more important than partisan political bickering. Even while hunkered down in their homes, people have used cloud technology to invent clever ways to connect, ranging from virtual cocktail parties to yoga sessions. At the end of the day, said IBM’s Previn, “the biggest challenges have been making sure our 350,000 people know that we stand united.”

By forcing us apart, the coronavirus may paradoxically have the effect of bringing us closer together. That would be the brightest silver lining of all.

Image: DataWorkX/Pixabay