Security measures taken to combat impacts of COVID-19 on businesses will have long-term implications

The COVID-19 pandemic has unleashed an array of cyberattacks that threaten the health of our virtual systems, including but not exclusive to those in healthcare, banking and government agencies. Cyber criminals are capitalizing on widespread weaknesses with attack vectors in the form of spam, phishing scams, ransomware and malicious URLs. As the number of infected persons soars, so does the number of cyberattacks, but despite the short-term effects of combating threat actors, in the long term, the world will emerge more secure and better prepared, armed with lessons learned from strategies implemented and tested during the pandemic.

Malicious actors target victims through various tactics and ploys

Hot zones of cyber vulnerability have typically been localized or within a specific organization. While such attacks have disastrous ramifications in their own right, never before has the number of threat vectors been so far-reaching. As the COVID-19 pandemic forces the majority of the global workforce to stay home, employees have had to create makeshift ways of working while longer-term solutions are devised. The surge in the number of individuals working remotely and the strain that places on existing infrastructures is an underlying cause for a large majority of these attacks.

Many corporations and individuals are turning to user-friendly and feature-forward solutions. In particular, Zoom has seen a rampant surge in daily users, from 10 million in December to 200 million in March, as what was once meant for use by businesses is now also being used for daily work life and personal communication. Unfortunately, the company did not have the adequate levels of security infrastructure to support this surge, resulting in self-proclaimed “Zoombombers” infiltrating private corporate meetings, Alcoholics Anonymous meetings, online learning environments and more. The company was quick to issue a statement and plan to address these issues, with Zoom CEO Eric Yuan stating in a blog post, “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.” Yuan added that over the next 90 days the company will “[enact] a feature freeze … shifting all of our engineering resources to focus on our bigger trust, safety and privacy issues” and release a transparency report, similar to reports shared by tech giants such as Facebook, Google and Twitter.

In addition to hacking into and taking command of private meetings, threat actors are masquerading as legitimate organizations with the intention of collecting highly personal information, such as a COVID-19 safety portal allegedly from the World Health Organization and a fake disease prevention waitlist portal. Additionally, a Venmo-like interface was recently discovered in the form of an emergency fund to generate relief dollars for those in need, and the Better Business Bureau has received numerous reports of individuals acting as U.S. Department of Health and Human Services and other government department employees, instructing text message recipients to click on a link for a so-called mandatory online COVID-19 test.

COVID-19 preparedness: Looking back to achieve perfect vision for tomorrow

Finger-pointing from the vantage of hindsight

Last year, nearly 18 years after the 9/11 terrorist attacks, three former Department of Homeland Security secretaries urged the U.S. government to place cybersecurity at the top of the national threat list. The call to action was issued prior to any knowledge of a looming pandemic, and adherence to such a call may have prevented some of the COVID-19-related impacts we are currently seeing due to insufficient resources dedicated to cyber preparedness.

The exploitation of widespread weaknesses by threat actors is not a novel concept, and while there are many critics who argue that more could have and should have been done, quick to quip that hindsight is 20/20 in 2020, it is unlikely that a disaster of this scale could have ever been predicted.

Puerto Rico: A country at risk over the years

Natural and man-made disasters alike have left vast portions of the population open and vulnerable to cyber threats, siphoning much-needed funding, halting progress toward rebuilding and preying on society during times of crisis.

Puerto Rico is a glaring example, seemingly unable to catch a break when it comes to the vulnerabilities faced due to natural disasters. The country struggles with an unrelenting recession, and this baseline of economic disrepair coupled with an ongoing series of natural disasters has made it a target of cyber criminals. Most recently, in February the government of the U.S. island territory reported it lost more than $2.6 million after falling prey to a Business Email Compromise scam. It is unclear whether the funds that were slated for reconstruction efforts will ever be recovered.

Lessons learned from Hurricane Sandy

Hurricane Sandy, the deadliest storm in recent history to pummel the coast of the Atlantic, killed 233 people in eight countries, affected 24 U.S. states and was responsible for $64 billion in damage. One security operations team analyzed traffic for the three months directly after Hurricane Sandy, and the data showed a significant drop in network traffic access across clients located in New York City for the two weeks during and after the storm. As network activity declined significantly, the number of attacks surged. Massive power outages left the financial hub of downtown Manhattan vacant, and without the vigilance of IT security supervisors, one of the world’s largest troves of financial information was hit by attacks that crippled some operations for months.

The business continuity plans (BCPs) and disaster recovery plans (DRPs) to house data in New Jersey were fatally flawed, as weather patterns are state-agnostic, and much of the backup data housed in New Jersey was also compromised. Hurricane Sandy quickly became a litmus test, and despite the devastation, BCPs and DRPs became a top priority in major organizations’ funding strategies. As the American Bar Association Cybersecurity Handbook reads, “If a client’s disaster recovery plans cannot pass the ‘Hurricane Sandy test,’ such plans might also fail if cyber incidents caused prolonged disruptions.” While companies’ contingency plans developed post-Sandy were well thought out and undoubtedly have helped to deter many potential attacks, these plans were not designed with the ramifications of a pandemic in mind.

One can hope that lessons learned and tactics put in place today will make the COVID-19 pandemic of 2020 the last time we are left to wonder “What if?” with such regret. Post-coronavirus, each demographic variant, including geography, industry and economic subsector, will have its own chapter in the “pandemic handbook,” as permutations of situation and effect are infinite.

2020 will be challenging for IT services vendors that are slow to adjust their business models to address rapidly changing market needs

IT services revenue will retain its low single-digit growth trajectory through 1Q20 before it begins to decelerate due to COVID-19

IT services year-to-year trailing  12-month revenue growth, at 2.2% in USD, was up 30 basis points sequentially in 4Q19 and down 400 basis points against the year-ago compare. During 4Q19, benchmarked IT services vendors continued to invest to expand their portfolios and resources to enable business transformations through next-generation technologies that support enterprisewide transformation initiatives across front-, middle- and back-office functions. Lingering growth challenges in traditional IT service areas; competitive pressures in growing IT service areas such as digital, cloud and cybersecurity; and unfavorable market dynamics tied to rising macroeconomic uncertainties and pockets of tight spending slowed vendors’ revenue performance in 4Q19.

Average profitability for benchmarked vendors contracted 80 basis points year-to-year to 11.2% in 4Q19 as some vendors continued to find it hard to balance addressing revenue pressures with investing in portfolio expansion, talent development, organizational restructuring and service delivery improvement such as through automation, AI and platform-delivered services.

In the 3Q19 IT Services Vendor Benchmark, TBR predicted a correction in economic performance in 2020 that will stall digital transformations and slow growth for IT services vendors and consultancies. TBR’s expectation is that IT services revenues will continue to grow in 1Q20 following a flat trend over the past four quarters; however, we anticipate revenue growth will begin to decelerate in 2Q20 due to the COVID-19 pandemic, which spread more widely in February before accelerating its impact in March and April. As widespread business disruption occurs in Europe, the U.S. and Asia Pacific due to COVID-19, it will affect customer demand for IT services in 2020.

TBR’s IT Services Vendor Benchmark details and compares the initiatives of the largest global IT services vendors and tracks their revenue and performance. The report includes information on market leaders, vendor positioning, the IT services market outlook, key deals, acquisitions, alliances, new services and solutions, and personnel developments.

COVID-19’s early financial impacts: Cloud and SI vendors

Insights from TBR’s Cloud and IT Services teams

Join Allan Krans, Patrick Heffernan, Kevin Collupy and Boz Hristov as they discuss how the COVID-19 outbreak has impacted 1Q20 earnings in the cloud, IT services and consulting markets. While the world has been significantly disrupted by COVID-19, the impact on technology vendor revenue and cost structures has thus far been the subject of speculation, but without many facts. With 1Q20 earnings being released by most vendors in mid-April, we will get the first real glimpse into the financial impact for technology vendors. Join TBR to hear our interpretation of the financial results from leading vendors including Amazon Web Services, IBM, Microsoft, Google, Capgemini, Accenture, Infosys, DXC Technology and SAP and challenges facing these markets and firms.

Don’t miss:

  • 1Q20 financial performance overview of cloud and IT services markets
  • Vendors faring better and worse in the current environment
  • Short-term and long-term impacts of the COVID-19 virus
  • Potential changes to 2020 and future market forecasts in the cloud and systems integration (SI) markets
  • Business strategies emerging in reaction to the COVID-19 pandemic

People and productivity: PwC’s approach to helping clients cope with COVID-19

Who is working from home? Do they have everything they need? Can they stay connected? Are they OK? Companies around the world have been struggling to answer those questions in recent weeks as the COVID-19 virus became a global pandemic and suddenly forced many workers, and their employers, to adjust to remote working. As human resource policies, security concerns, connectivity and productivity have all been challenged, PwC U.S. rolled out a solution to answer the most basic and pressing question: “Are you able to work today?” With a simple interface, a quick and anonymous process, and with security and privacy baked in, PwC’s solution helps clients quickly determine what percentage of their workforce is enabled to work effectively and what percentage has issues with technology, mobility, supplies or well-being. If widely adopted, the solution should pave the way for a second PwC product: an application designed to help track and trace employees in the event of someone contracting COVID-19. In TBR’s view, these paired solutions demonstrate a concrete and immediate response — from idea to launch in five weeks — to some of the issues facing global companies during the pandemic and should set PwC’s clients up to better understand and manage remote working productivity in a post-COVID-19 world. 

First: Confirm status

Every company needs to know whether its workforce can be productive on any given day — an issue that hardly seemed critical or hard to measure at the start of 2020. Now, getting a daily picture of potential productivity has become an ongoing challenge for many companies navigating COVID-19, raising questions around what percentage of the workforce can be expected to be productive. On April 1 PwC launched a solution, Status Connect, to address that challenge while still conforming to privacy and security standards. At its core, the solution allows administrative professionals within an organization to know what percentage of the workforce in any specific geography and/or business group has an issue preventing them from working effectively. With that information, particularly as daily responses turn into trends, a company can deploy additional resources where needed, forecast potential slowdowns, and gain insights into what kinds of underlying problems hold back the company’s overall productivity.

Initially the solution offered employees only two choices, technology and other, in essence to gauge what is challenging their ability to work effectively, but PwC has already expanded the choices to technology, mobility/travel, business supply and well-being. PwC leaders noted that some clients already adopting the solution anticipated needing a more complex set of options to gain meaningful insights, until PwC explained the richness of data insights available across a large population based on a simple user experience. As the firm continues developing Status Connect, it is adding gamification to enhance the sense of community and drive adoption and commitment to using the solution every day, as well as daily custom broadcast messages and company customizations. Notably, the firm has implemented the solution across some parts of the U.S. member firm, but not yet globally.

As TBR has previously noted: “With risk permeating every business conversation and PwC accelerating investments in digital-related offerings, including PwC Connected Solutions, which sits within its Risk and Regulatory Platform business, the firm has prepared for the next wave of opportunities. Trading on trust remains at the core, especially as the politics of data continue to disrupt PwC and its clients. Becoming customer zero keeps PwC consistent with peers, while pulling in risk differentiates, particularly against non-Big Four competitors. But the firm creates a good use case for embracing digital when it comes to managing risk.” PwC is not immune to COVID-19 and all of the workforce management implications that come with it. Adopting the solution internally is certainly the proper next step as the firm strives to protect its spot in the market as the shift to digital operations elevates the strategic importance of risk and compliance functions.

COVID-19: Life between trapezes

Economic activity currently appears more in cessation than recession. It is as if the world is suspended, untethered between two trapezes. As activity resumes, we know inquisitive humans will turn to easy-to-assemble technology to meet the emerging business demands and consumer pain points materializing daily. We will see a flurry of IoT-enabled endpoint applications that will spur new demand. Increased interconnection will pressure networks, with businesses and service providers looking for easy-to-deploy provisioning using traditional compute as the underpinning infrastructure. In short, whatever Horizon 2 and Horizon 3 concepts are being dissected by the strategists will be fast-tracked for trials if they can address the near-term business, social and policy pain points being magnified for us in this once-in-a-century crisis.

In the current climate, strategy really nets down to agile thinking: the ability to make tactical shifts necessary in the heat of the moment to keep operations sage, secure and adaptable. Compute is far more ubiquitous today than in prior economic downturns, and, as such, the problems that can be solved from the practical applications are equally as ubiquitous. Multi-enterprise collaborations built on top of open platforms will create opportunities.

Pervasive compute represents a fundamental difference today compared to the recent economic jolts of the 1987 stock market crash, the dot-com bubble, or Sept. 11. For example, Sept. 11 gave rise to business web conferencing as business travel stalled. Today, with consumerized IT, we are seeing the rise in social conferencing keeping families and friends connected on inexpensive compute devices. We have likewise certainly seen broad shifts in where compute cycles reside since the banking crisis of 2008-2009 when cloud was just beginning to gain market traction. As such, when looking at the implications of COVID-19 on compute, we really have to evaluate an entire suite of compute instances including, but not limited to:

  • Traditional data centers
  • Cloud computing data centers
  • Edge computing or micro data centers
  • Colocation data centers

Traditional centers: Delayed refresh cycles with pockets of modernization opportunities

The short-term outlook for those focused on selling silicon into enterprise data centers is to expect a steep stall out on the refresh cycle rhythm of business. Executives across virtually all industries will put the hammer down on discretionary spend, and a server refresh will be hard-pressed to move forward until the business fundamentals improve to the point where leadership will not want to conserve cash.

However, pockets of opportunity should persist.

  • COVID-19 pressures the traditional “fortress” data center given the need for remote monitoring and management of the data center. Those needing to make the pivot over to greater remote monitoring will be looking for the equipment required to augment that existing infrastructure, whether it is to turn this remote monitoring over to existing staff in work-from-home mode or to take advantage of remote managed services in the event staff illness depletes existing capacity.
  • Networking capacity expansion to accommodate the surge in remote work has been well documented.
  • Colocation (COLO) center compute could well be repatriated back to the data center due primarily to worker safety issues pertaining to entering and exiting COLO centers to perform whatever smart hands work is required.

Cloud computing: The RPMs on the flywheel should spin faster, requiring capacity build-outs

Cloud computing, especially for the exascale cloud providers — Amazon, Azure and Google, or “Amazurgle” — has been well documented for having seen demand surge due to COVID-19. These surges have come from the rapid move to remote work and the uptick in collaboration and video conferencing application usage as well as increases in consumer use of various streaming video platforms these exascalers underpin. This all points to data center expansions and build-outs by the exascalers. This will increase chip demand, but more chips will flow to the ODM market than to the OEM market based on exascaler preference for these lower-cost, built-to-spec systems.

Furthermore, enterprises reluctant to migrate to the cloud will be forced to as part of their business’s continuity planning around the need to keep their IT staffs at home or to shut down data centers where employees exposed to COVID-19 have been working. In this way, COVID-19 will accelerate the prevailing trend of more application migration to cloud. Not all activity moving to cloud under these unique conditions will revert back once the crisis abates. The current economic environment merely accelerates a trend that has been largely anticipated as hybrid multicloud integrations have become more automated and secure.

An offset to this demand surge will be lower transaction volumes in some industries. E-tailers will certainly spin the meter faster, but online travel, hotel bookings and their adjacencies will slow. Ultimately, TBR expects the exascalers’ revenue will grow as a variety of factors, though societally disruptive, positively impact the need to move more compute to the cloud.

The edge will likewise accelerate

Edge compute has more issues influencing demand and activity. There will be the near-term surges to accommodate the need for added remote compute and networking cycles within enterprise. Additionally, we expect to see the rapid assembly of new use reference architectures for a host of point-of-sale configurations as customer and worker safety concerns begin to be addressed with technology-enabled solutions. This demand will not be a one-for-one contribution. Edge deployments need the “killer app” to have enterprises commit to the infrastructure purchase in much the same way that mobile voice put smartphones in people’s hands. As such, some of these rapidly assembled solutions will only be layering an additional app onto an existing edge configuration with new end-point devices being tied into the compute instance.

But in the midterm, TBR expects to see a rapid increase in the reference architecture designs for additional edge services that will pull more software and specialty devices and have a minor, cascading impact on the edge above and beyond the prevailing activities that have been taking place.

The downdraft will be seen in the verticals most seriously impeded by reduced human movement such as the retail and hospitality sectors. Healthcare, on the other hand, will certainly see spikes in new configurations for patient screening within the existing medical infrastructure.

Colocation centers: A still maturing space addressing foot traffic

Few anticipated a human virus as a threat to COLO operations, but recent articles indicate the novel coronavirus can challenge current operating practices. The comings and goings of enterprise employees who may have the virus can lock down COLO centers until sanitation teams can decontaminate the space. Workarounds consist mainly of additional screening of the customer technicians entering the facilities. We anticipate there could be additional remote monitoring done by customers of their COLO instance, potential construction retrofits for better isolation and portioning, and additional services COLO providers can offer to minimize human traffic within the centers.

The need for dedicated cloud interconnections will not abate as more business and streaming activity demands distributed compute across cloud data centers for geographic density. Micro data centers under cellular towers are edge applications that will increase in popularity and potentially take some share of wallet from COLO centers. But, like the cloud and the edge, we expect the COLO segment to weather the current economic climate better than others.

As the COVID-19 tsunami crests, will new opportunities be in the offing?

No one still gainfully employed has navigated a business through a pandemic. No employee with less than 12 years of experience has even worked in an economic downturn let alone a cessation of business activity. Senior leaders will be well served by staying close to their middle management executives to help them stay measured and calm. Companies with sufficient cash to take the long view can use this slowdown to invest in employee training and education on digitally transformative business applications and devices to upskill staff to handle the pent-up business demand when the economy re-engages.

The world as we knew it on New Year’s Day 2020 will not return, but the world that will emerge will be better in the long term. The companies that have been at the forefront of digitally transforming their operations will have better operating methods for the near-term impact; services firms with templated frameworks will have near-term opportunities to help late majority businesses make the leap to the digital world; and from the current tactical firefights will come scalable solutions benefiting society as a whole. As a world, we are suspended between trapeze bars, reaching for the Fourth Industrial Revolution on the horizon.  

The bar is sturdy and well within the grasp of those businesses stewarded by steady hands in these unsteady times.

Please contact TBR for reuse of this content.

Cognizant withdraws revenue guidance due to coronavirus

“IT vendors — especially those exposed to the most volatile sectors such as industrials / manufacturing, retail and travel — will see a challenging period, says Boz Hristov, Professional Services Senior Analyst, Technology Business Research.” — InfoTechLead

Indian IT sector may take a heavy hit as Covid batters US and Europe

“Boz Hristov, Professional Services Senior Analyst, Technology Business Research, Inc, said IT vendors — especially those exposed to the most volatile sectors such as industrials/manufacturing, retail and travel — will see a challenging period. The financial services sector will face headwinds, especially banking and capital markets, and less so insurance. This will further pressure Indian vendors that are significantly dependent on that sector, he added.” — The Hindu Business Line

Efforts underway to bolster cash flow in face of COVID-19 pandemic

“‘The contractors with more ‘progressive’ partnership/alliance strategies will be able to ‘unite the clans’ in their subcontractor network and quell any trepidation by sharing as much of the risk and the risk-management as possible,’ Technology Business Research Senior Analyst John Caucis told me. Caucis, who watches public sector IT for the market intelligence firm, pointed back to how that group of integrators has to varying degrees embraced alliances with technology providers of all sizes well before the COVID-19 crisis began.” — Washington Technology

COVID-19 outbreak allows SAP and SIs to work on their relationships

COVID-19 delays the already slow process of taking S/4HANA customers live

For decades, service partnerships have been of utmost importance to SAP (NYSE: SAP). Migrating customers onto S/4HANA is a key part of SAP’s growth strategy, and none of those deployments happen without the involvement of partners. At the end of 2019 SAP reported a total of 13,800 S/4HANA customers; however, most of those customers are not yet running the solution live in production. As SAP has clearly noted, the time lag between when customers sign up for S/4HANA and when they actually deploy it is due to the business processes changes required, rather the technology challenges involved.

Although SAP and its services partners have been working to increase the number of trained resources available to help customers navigate business process changes associated with the upgrade to S/4HANA, the current lack of skilled resources has been a persistent and enduring problem. The COVID-19 outbreak has exacerbated the issue for SAP and partners, as 42% of IT decision makers in a recent TBR survey indicated they would be delaying existing projects due to the virus’s impact. The rollout of S/4HANA is among those existing projects that will be delayed, slowing the shift to live production for the majority of the 13,800 contracted S/4HANA customers.

The COVID-19 outbreak has certainly stressed the networks, the IT support staff at most enterprises, and the employees themselves as they adjust to new work-from-home (WFH) realities. In addition, traditional IT services deployments, such as upgrades to existing SAP instances or a move to SAP Business Suite 4 HANA (S/4HANA), and nontraditional technology-infused consulting engagements, such as design thinking sessions or agile enterprise workshops, have come under new pressures, including requiring creative solutions to carry out engagements that have not been postponed or outright canceled. The new challenges around deployment and execution are accelerating, in TBR’s view, industrywide trends around partnering, forcing consultancies, IT services vendors and technology providers to reconsider the strength of their alliances, address the gaps and shortfalls made evident by the COVID-19 pandemic, and take advantage of the opportunity to serve a broader client base as the global economy recovers.