As part of the response to the outbreak of COVID-19, many organizations are working on contingency and business continuity plans that include an all-employee “work-from-home” scenario. If it becomes necessary to implement such a plan, all employees of the organization will access the organization’s networks and systems remotely. Unfortunately, many organizations that are testing these plans are discovering that that their remote access technologies may not be able to handle, without significant degradation in performance, the volume of activity this will generate. Indeed, given the complex host of business applications and collaboration tools that many businesses employ, many entities may not be fully ready for their entire workforce to access their systems remotely without first checking in with their vendors and IT personnel.
This is understandable. Except for the case of those businesses that always operate “virtually” — without any fixed offices — most organizations build their remote access infrastructure (including the related telecommunications, security, videoconferencing, collaboration and other software tools that are involved in remote access) based on an assumption that only a portion of an organization’s employees will use remote access at any given point in time. For example, contractual service level commitments (in which vendors promise certain levels of performance of their systems) often assume a simultaneous user base being a subset of all employees of the organization. Further, SaaS-based services that are priced based on a specific number of “simultaneous users” may not anticipate all, or substantially all, of the company’s employees using the service at the same time.
Organizations should be reviewing their agreements with the myriad set of vendors that provide software related to remote access. These reviews should evaluate what commitments, if any, are included in those agreements that may be helpful in what may be this unprecedented “100% work-from-home” effort. To the extent contractual deficiencies or other issues are identified, early engagement with vendors can be helpful. For example, in the event service level commitments appear insufficient to meet anticipated demand, an early discussion with the vendor may result in an increased allocation of the vendor’s resources to that customer. And while some SaaS service agreements priced by the number of simultaneous users may allow customers to exceed simultaneous user limits (with a premium true-up at a later date), others impose hard blocks on usage in excess of contract limitations. To the extent these issues are identified in an agreement, customers are best served by engaging with the vendor in advance – to avoid premium true-ups or interference in service.
Of course, to the extent some of the relevant software is not SaaS or cloud-based, but, rather, is hosted locally on-premises, simultaneous user capacity may be, in part, a function of hardware resources available on site. In this case, additional planning may be necessary, which might include bringing in additional hardware or a SaaS-based resource as an alternative or supplement.
It is clearly important for companies to try to enable a smooth employee experience in the 100% work-from-home scenario. If employees find it difficult to connect to an employer’s system, it will inevitably lead to decreased efficiency and loss of productivity. Perhaps even worse, employees working locally on their own devices without connecting to their organization’s network may be transmitting sensitive business information, trade secrets and personal information in an insecure manner. Some of that information may be stored on local devices in an insecure form. To the extent access to that information is compromised, whether in transit or at rest, an organization may ultimately be dealing with a data breach or loss of valuable information. Cybercriminals will not be curtailing their efforts to access valuable data during the outbreak, so cybersecurity should remain a priority in any remote management plan.
Proskauer’s cross-disciplinary, cross-jurisdictional Coronavirus Response Team is focused on supporting and addressing client concerns. Visit our Coronavirus Resource Center for guidance on risk management measures, practical steps businesses can take and resources to help manage ongoing operations.