In-Depth

6 IT Lessons from the Remote-Work Trenches

Insight Enterprises shares what it learned after IT teams responded to the pandemic shift.

• By Gladys Rama
• 10/14/2021

How to change an organization from one running legacy technologies and on-premises applications to a well-oiled, (mostly) remote machine was a big challenge faced by Insight Enterprises.

Tempe, Ariz.-based Insight is a Fortune 500 global systems integrator with roughly 13,000 employees worldwide, including in the EMEA and APAC regions. Last spring, as municipalities around the world began issuing stay-at-home orders to slow the spread of COVID-19, Insight grappled with how to keep its operations going even as it closed its own headquarters' doors.

With clients in nearly 20 countries, Insight would soon have its hands full, helping customers adapt to the unprecedented business disruption that the pandemic would wreak. But first, it had to find a way to get all of its own employees online, including in one country where people typically don't have Internet-connected devices besides a mobile phone. The company had to get devices and connections to a newly mobile workforce in a short space of time.

"Quite literally overnight, the country went into a lockdown," said Juan Orlandini, Insight's chief architect, in an interview with Redmond. "We had 800 of our teammates that all of a sudden we had to provide devices for. And we had to provide many of them hotspots because they didn't have Internet coming into their homes. We had to do that almost literally overnight. We got it done in 48 hours."

Here were the biggest "lessons learned" from Insight's experience.

1. Get Ready To Scale
To accommodate the volume of employees switching rapidly to remote work, IT systems will need to have the ability to stretch and support more users than perhaps were initially intended. That lesson was particularly evident as Insight adopted the use of virtual desktops via virtual desktop infrastructure (VDI) services.

"We weren't ready for, all of a sudden, thousands of users having the VDI desktop infrastructure that we'd sized for," Orlandini said.

Insight's clients had a similar problem, and sometimes had to choose VDI use only where it could be securely operated, he explained. This rapid scaling-up for on-premises environments was no easy feat, Orlandini said.

"It's doable if you had the foresight or the luck to have built it appropriately," he said. "It is much simpler to do in a cloud environment where those resources are available to you."

2. Businesses Will Have To Get 'Nimble'
Nimbleness comes with the cloud. Moving most or all of a customer's operations online often means that its potential market can expand, as well.

Orlandini cited the example of a regional health care provider. Prior to the cloud, its expansion strategy would have likely involved acquiring other small players in the same area. Since the pandemic, however, with telemedicine becoming more the norm, there's an opportunity for the provider to expand its customer base beyond its immediate locale.

The key for a business to take advantage of such an opportunity, according to Orlandini, is to become more "nimble." That means accelerating digital transformation projects and, inevitably, moving operations to the cloud.

"Traditional IT systems were not built or designed originally to be that kind of nimble," he said. "Traditional IT is built around, 'Let's make sure that it's secure, cost controls, all those other kinds of things.' Whereas in the cloud, you can experiment much more freely. More resources are available. More innovations are there for you to consume very easily. This is a place that fosters innovation."

3. Not Everything Has To Go on the Public Cloud
There is such a thing as becoming too nimble too fast, so decide what goes to the cloud. Consider a "hybrid" approach.

Orlandini observed that in their early rush to digitize operations, some Insight customers undertook massive lift-and-shift migrations to the public cloud, only to seriously lose track of how much that was costing them.

"Because they did not take the time to properly plan or properly write code according to the way that the public cloud should be used, they're looking at their monthly bills and going, 'Oh, my gosh, what do I do?'" he said. "So cost controls have become one of the top tracks that we have been spending time on."

It goes without saying that a slow, methodical cloud migration is preferable to the "emergency migrations" that were likely rampant at the start of the pandemic. It's also important, according to Orlandini, to consider hybrid environments as a very viable option. Not every workload has to run in the public cloud.

"Our clients are doing quite a bit of hybrid cloud work," he said. "The new normal appears to be that people are going to be working in a hybrid model for the foreseeable future, where you're going to have workloads running both in the public and the private cloud."

4. Security, Always Security
Pre- or post-pandemic, security is always the most important pillar of any organization's IT operations. But the unique circumstances of the pandemic, which forced a lot of organizations to go digital much faster than they may have been prepared for, have significantly upped the stakes.

As they moved to the cloud, organizations' attack surfaces have gotten much bigger, Orlandini explained. At the same time, security may be less top-of-mind for IT administrators who are currently focused on doing "extraordinary things" just to keep the lights on.

"And the evil doers out there have come to this realization, and that's why you're seeing a lot of these breaches," he said.

He added: "We've been spending quite a bit of our time with our clients making sure that they have the right security stance and the security protocols, that governance and compliance are set up, so that they can be secure regardless of if they decided to go all public cloud, hybrid [or] private cloud. It doesn't matter -- you still have to have all of the same kinds of things in place."

5. Don't Forget Backup and Recovery
Ransomware is having a banner year, hitting high-profile targets like the U.S. fuel pipeline company Colonial Pipeline. It's a lesson for having good backup and recovery resources.

The Colonial Pipeline attack, orchestrated by the DarkSide ransomware group, affected some of the company's IT systems, forcing it to temporarily halt operations and causing disruptions to the fuel supply along the East Coast. Notably, Colonial Pipeline paid the attackers' bounty, estimated to be $4.4 million, in exchange for the return of its network files -- despite conventional wisdom that says, "Never pay."

In the end, the ransom payment was moot. The U.S. government was able to recover some of the money and, crucially, the decryption software that Colonial Pipeline got in the exchange was useless, anyway.

"The hackers gave them the decryption tool. They found out that that the decryption tool was so slow that they still relied on their backups to bring them back online," Orlandini pointed out. "The only way they got back to operational status is because they have good backup and recovery technology."

The emphasis should be put on recovery. Data recovery is now more critical than ever, with attackers becoming emboldened by the slapdash state of many companies' security postures amid the rush to remote work.

"IT needs to come to the realization that [ransomware attacks] are not 'if.' They're 'when.' And when that does happen, how do I mitigate and minimize the blast radius of the damage that gets done? That blast radius might take out your entire IT system, but if you can recover very quickly, then you don't have to have your CEO be on the front page of The Wall Street Journal."

6. Be More Developer-Forward
An organization's digital transformation isn't complete, Orlandini suggested, until they carry that transformation over into the way they write code.

"A lot of our clients are going through that journey with their own internal IT systems," he said. "It's like, 'How do I make it be cloud-like, but still retain some of those attributes we always had as part of IT? How do I take those attributes that I've had in IT and extend them to the public cloud?'"

The nimbleness that businesses are looking to achieve in this new everything-digital landscape will require more cloud-native development, as well as a more developer-focused mindset, he said.

"It's microservices, stateless, containerized, scalable, resilient -- all sorts of different things," Orlandini said about cloud-native development. "Traditional IT was not built with those attributes, so traditional IT shops for those clients of ours that have decided to stay on-premises that want to adopt these agile methodologies -- they have to change their IT infrastructure to be more developer-centric, developer-forward."

He added that such a DevOps switch is "a big transformation for a lot of our clients."