Duquesne Group Duquesne Group

English version
Recherche et Analyse

Pour éclairer les décideurs dans le domaine de la Continuité d'Activité et de la Sécurité de l'Information, Duquesne Group propose ses analyses et réflexions issues de ses réalisations concrètes en clientèle. Observation critique du terrain par nos experts, contacts permanents avec les principaux acteurs du domaine et expérience vécue dans nos missions de conseil sont nos principales sources. Contactez-nous pour en savoir +
French version
Research

To support decision makers in the management and optimisation of information systems, Duquesne Group delivers in-depth analyses of information technologies, their implementations and their markets. Our research is based on critical observation of the market by our analysts and their on-going contacts with the vendor community, together with hands-on, practical experience from our consulting work. Contact us to find out more


Pandemics, Business Continuity and the Cloud

Analysis by Donald Callahan


Covid-19 is a game changer for business continuity, as well as for the economy and society as a whole.
Nonetheless, it has also unleashed a wave of innovative solutions - leveraging the capabilities of the cloud – built by enterprises and organizations that have to face up to this disaster.



According to the World Health Organization (WHO), Covid-19 is the most dangerous pandemic of the century (since the Spanish flu of 1918) and the biggest challenge that WHO has ever had to face. By the end of 2020, this highly infectious disease - caused by the SARS-CoV-2 coronavirus – was responsible for more than 1.8 million deaths worldwide, including more than 350 thousand in the United States and 65 thousand in France.

In order to slow the transmission of the virus and avoid overwhelming hospitals and emergency facilities, public authorities imposed quarantines on the populations of cities, regions and entire countries, with drastic social and economic consequences.

Last spring, this “lockdown” strategy in France and other European countries seemed to be working. Epidemiological indicators were trending down and quarantines were eased for the summer holidays. Unfortunately, the indicators rebounded sharply in the fall. By the end of October the virus was circulating more rapidly than before and the French Minister of Health acknowledged: “The second wave of the pandemic has arrived, and it is violent”. New sanitary measures - including quarantines and curfews – were imposed, at great cost for companies and people.

The economic damage of this pathogen is already enormous. In France, GDP plunged by almost 14% in 2nd quarter 2020 and unemployment exploded, a disaster somewhat limited by urgent State aid and by Work From Home (WFH) teleworking whenever possible.

Hope has come with the arrival of vaccines, but mass vaccination of the population will take months, extremely contagious viral variants are spreading rapidly and the pandemic is far from defeated... Going into 2021, that’s the situation public authorities, enterprises and all of us have to deal with.

Now, let’s get to the heart of our subject: Pandemics, Business Continuity and the Cloud.
Covid-19 is a game changer for business continuity, as well as for the economy and society as a whole. Nonetheless, it has also unleashed a wave of innovative solutions - leveraging the capabilities of the cloud – built by enterprises and organizations that have to face up to this disaster.

Our starting point: the AWS Virtual Conference

In May 2020, AWS hosted a virtual conference with four clients on their experience with business continuity and the cloud during the early pandemic. The four clients had diverse profiles:

  • Admiral Group: European Damages Insurance Group: represented by Christophe Sanchez, CIO Europe

  • Clevy: start-up specialist in AI chatbots: represented by François Falala-Sechet, CTO

  • Webhelp: international CRM/BPO group; present in more than 49 countries with 65,000 employees in 160 contact centers: represented by Vincent Tachet, CIO

  • D-EDGE: provider of digital hospitality solutions, a subsidiary of the Accor group, D-EDGE offers a range of services (including its booking platform) to 712,000 hotels in more than 100 countries: represented by Pierre-Charles Grob, CEO.

Julien Grouès, Managing Director, AWS France, and Stephan Hadinger, Chief Technology Officer, AWS France, facilitated the conference which, needless to say, is now more relevant than ever.

Synthesis in three themes

For many years, the conversation in the Tech world about “Cloud and Business Continuity” focused mostly on datacenter issues, such as secure data backup and recovery of IT processing in the cloud.

In a pandemic, however, information systems usually still work. The problem is “out of office” access to user working environments, allowing employees to use their applications and data for day to day tasks, but also enabling companies to innovate for their customers in an unpredictable and fluctuating situation.

Our analysis is structured around three main themes:

• Pandemics and Risks in Business Continuity

• Secure WFH Teleworking

• Reactivity to unforeseen events.


What lessons can we learn?

Pandemics and Risks in Business Continuity

Let's start with an unavoidable question: should we consider a pandemic as a business continuity “risk” (in the sense of ISO 22301, the international standard) or rather a “black swan” outside the scope of continuity plans?

The concept of the “black swan” was introduced in 2007 by statistician and epistemologist Nicholas Taleb to describe events that are extremely rare and totally unpredictable, but with very high impact that can sometimes even change the course of history.

According to Nicholas Taleb, Covid-19 is not a “black swan” and was in fact totally predictable. When the virus still seemed limited to China, Taleb and other personalities were already saying that a pandemic was coming. His formal warning appeared in an article written at the end of January, together with researcher Joseph Norman and Yaneer Bar-Yam, an expert in quantitative analysis of pandemics. In March in an interview on Bloomberg TV, Nicholas Taleb said, “We issued our warning that this pathogen should be killed in the egg.” But governments “didn't want to spend the small amounts needed at that time... now they're going to spend trillions of dollars.”

In fact, for many years, experts have been warning about emerging infectious diseases that could turn into dangerous pandemics. We’ll cite just two examples:

  • For the entire past decade, pandemics and highly contagious diseases have been among the top global risks identified in World Economic Forum (WEF) reports

  • In the Lettre de l’Institut Pasteur of September 2012, we can read:
    Due to changes in human living conditions and environmental changes, an emerging or re-emerging disease appears on average every year somewhere in the world.”

Now let’s return to business continuity planning and, in particular, to the crucial upstream work of Risk Assessment. In line with ISO 22301, this step includes the identification of various risks to the continuity of business activities, together with their evaluation based on likelihood and impact. Risk Assessment - combined with analysis of business line requirements - provides the basis for the definition of continuity strategies and solutions to deal with a variety of disruptive events, ranging from simple incidents to full scale disasters.

In the light of the devastation wrought by Covid19, the least we can say is that many companies and organizations radically underestimated the risks of pandemics to their activities.

In our own work for clients, our firm has always insisted on taking these risks into account, despite some internal reluctance. This hesitation was understandable. While threats such as fires and floods are easy to envisage, most French managers simply had no experience of a pandemic like Covid-19, with offices inaccessible and employees in quarantine for an extended period.

The first major lesson for business continuity is obvious: take the threat of infectious pandemics seriously into account during the Risk Assessment process, bearing in mind the warnings of experts that – after Covid19 – other pandemics will come, and sooner rather than later.

More broadly, companies are now facing a profoundly different risk landscape, and many will have to rethink and adapt in depth their business continuity planning, to face this dangerous “new normal”.

Secure WFH Teleworking

For many years, the typical continuity strategy for prolonged office inaccessibility was a properly equipped employee fallback site, either at a company location or with a service provider.

With technological advances, the option of teleworking became more accepted, but serious adoption was hampered by various factors, including regulatory complexities and the reluctance of some managers to let employees work off-site. The arrival of Covid-19 – together with prolonged quarantines - changed everything, setting off a massive rush to WFH teleworking whenever feasible. During the two months of the first lockdown in France, it became the norm for about one-third of French employees.

Let’s consider the experience of Admiral Group.

Admiral Group

According to Christophe Sanchez, CIO Europe, “the continuity plans usually put in place are not necessarily well adapted either to this type of crisis, which forced us to close simultaneously all our sites, nor to an industry like ours subject to strict regulatory constraints on all operational functions and services (call center, sales, customer services).”

During a pandemic with personnel under quarantine, continuity solutions based on the transfer of employees to other sites are (for the most part) useless. Except in special cases, the days of dedicated end user fallback sites - costly to equip and maintain, but rarely used – are over.

Faced with this situation, Admiral Group chose to provide “virtual desktops” for users who could work from home, and to call on Amazon Web Services for help.

We built a solution around Amazon WorkSpaces,” explains Christophe Sanchez. “In just two and a half weeks, we managed to deploy 1200 WorkSpaces in France and Spain, allowing our employees... to benefit from their home workspace... So, on the first day of the lockdown, we were fully operational... (although) we had to adapt our working methods.”

Software tools like Amazon WorkSpaces offer a straightforward way to implement “virtual desktops” — secure, managed, and cloud-based — for employees with different devices, at home or elsewhere.

A key point here is the ease of integration of WorkSpaces with the company's internal network. By using the AWS Direct Connect service, private network connectivity can be established between AWS and the customer data center, be it on-premises or in colocation. Users can access the applications and data needed for their work, whether in the AWS cloud or in the data center. If Internet connectivity is required (for example, for SaaS applications), the user can route the communication through the organization's own Internet infrastructure or rely on AWS direct connectivity.

For comparison, many companies rushed into mass teleworking with the “means at hand”: typically aging and expensive VPN infrastructures based in the datacenter and designed for a limited number of users. These infrastructures have often proven unable to cope with large new numbers of remote users. Even a respected network player like Cisco had to ration the use of its own VPNs! Unlike these traditional VPN infrastructures, cloud based solutions have immediate access to virtually unlimited technical resources. This “scalability” is a hallmark of the cloud.

Although Admiral Group built its solution in record time, it did not sacrifice security to speed. “AWS also allowed us to deploy a solution with a very high level of security regardless of the equipment used. This was a key requirement for us, because we could not compromise on security.”

Mass teleworking with aging VPN technology, however, has proven to be a fertile ground for cyberattacks. According to the general manager of the official “cybermalveillance.gouv.fr” platform: “During the quarantine, there was a sharp increase in malicious acts against large and small businesses.” Companies in other countries have also seen explosions of cyberattacks

In the cloud, however, security has now achieved wide recognition as a strength rather than a problem. User security in the cloud is based on a model of shared responsibility: the service provider (AWS) is responsible for security of the cloud and managed services, while customers are responsible for the security of their own informatiuon systems.

Still, AWS provides help to customers on their responsibilities, including partners, tools, best practice advice, and the support of experts. For Amazon Workspaces, best practice advice ranges from using Multi-Factor Authentication (MFA) to encryption solutions to the default controls in AWS services.

Moving forward in these dangerous times, it’s clear that, when disaster strikes and corporate offices become inaccessible, secure teleworking - based and managed in the cloud - will be a compelling option for many organizations: to enable many employees to work from home (or from anywhere) and help ensure the continuity of business activities.

Reactivity to unforeseen events

When a disaster arrives, uncertainty is the rule and time to react is always short. Even if business continuity plans are in place, expect the unexpected, especially urgent requests from customers.

In addition to flexibility and security for WFH teleworking, the cloud can also help a company respond effectively to unforeseen events in several ways:

  • Accelerating innovation with technologies such as Artificial Intelligence

  • Making available numerous off the shelf “ready-to-use” solutions, for urgent needs following a disaster

  • Allowing the rapid calibration and adjustment of a company’s IT resources and costs, when the disaster also hits its customers and disrupts its business model.

For illustration, let’s consider the experiences of Clevy, Webhelp and D-EDGE.


Clevy

CovidBot from Clevy is a great example of accelerated innovation in the cloud.

Major disasters often create major communication problems, in a fog of misinformation and confusion. This AI based chatbot facilitates the rapid transmission of reliable information, to meet the urgent needs of a wide variety of people.

According to François Falala-Sechet, CTO de Clevy: “Our primary activity is the creation of corporate chatbots to facilitate internal support for employees. With the arrival of Covid-19, within a few days we saw the emergence of a major problem and decided to deal with it. Using our experience in creating chatbots, we developed CovidBot in less than a week — a free, open-source chatbot for the general public — to meet three urgent needs:

• combat disinformation through the decentralized dissemination of official information from health authorities;

• help relieve the congestion of emergency services with a self-diagnostic test developed in partnership with Pasteur Institute and AP-HP (the Paris public hospital system);

• carry out real-time epidemiological surveillance.”

The success of Clevy’s CovidBot in this sanitary crisis is clear. It was launched in mid-March and integrated free of charge on the websites of 120 organizations: local communities, health care organizations and businesses. During the spring quarantine, CovidBot had 400 thousand unique users in France with more than 5 million messages exchanged.

For this prowess in AI innovation, Clevy first capitalized on its own strengths, including:

• Artificial Intelligence algorithms (Natural Language Processing, Deep Learning...) developed for almost 4 years by its data science teams, and also

• Its high-level CSML language, which facilitates modeling of conversations and drastically reduces the time and costs of creating and deploying chatbots (see https://csml.dev)

Nevertheless, François Falala-Sechet adds: “We have been relying on the AWS Cloud since our launch, enabling us to innovate quickly.”

In general, the cloud favors speed of reaction and innovation, both by construction (the platform is virtual) and with higher-level services. In this case, AWS provided invaluable support to Clevy, with serverless architecture technologies and critical expertise to “scale” CovidBot’s real world usage analytics. Let's take a closer look at these two points.

  • Serverless architecture with AWS Lambda

With the arrival of Lambda in 2014, AWS launched a new paradigm for application architecture — commonly known as serverless — that enables code execution without the time-consuming and tedious work of server provision and management. The developer loads the business code and the Lambda platform does everything necessary to run it and scale the resources, not to mention ensuring high availability. The payoff is faster development and deployment, as well as easier maintenance.

The speed of CovidBot development (less than a week!) was certainly due to various factors, both on the Clevy side and on the AWS side. Nevertheless, without being “serverless zealots”, we do believe that this type of architecture — with the AWS Lambda platform — was a smart choice for CovidBot, in a race with a deadly pandemic.

  • “Scalability” for the analytics of usage

The production of a Clevy corporate chatbot does not signal the end of development work, or at least tuning. Thanks to analytical data from real world usage, the Clevy team can further improve the performance and usefulness of a chatbot.

CovidBot, however, is a tool for the general public. it had to scale several orders of magnitude more than a typical corporate chatbot

According to the CTO: “Given the sudden and massive use of this tool, the nature of our data analytics requirements radically changed in just a few weeks, with peaks sometimes at x100 or x1000 in the volume of data that we were used to exchange over the same period. A difference in scale of this magnitude requires an approach that was very different from what we had in place at the time. Internally, we simply didn’t have the skills we needed to solve this problem.”

Time was short and speed was crucial. The pandemic was spreading rapidly. What could be done?

I was completely stuck… but AWS architects stepped in to help me scale my analytics, and we did it quickly, in a matter of days. The AWS teams really went the “extra-mile” to help us solve our problem very quickly, with a scalable and cost-effective architecture.

More generally, new needs may arise in disasters that urgently call for use of AI and other newer technologies. As in this example with CovidBot by Clevy, the cloud can provide a solid but agile platform for meeting these unexpected needs.


Webhelp

When a major disaster strikes a business, restoring or maintaining communication with customers is always a top priority. Many business line activities can tolerate a few days or even more of stoppage, but few companies could accept more than a very short interruption of the activity of contact centers which ensure the first level in customer relationship management.

As a European leader in its industry, Webhelp operates across the entire business value chain, from “customer experience” to social media management to payment services. Its IT strategy focuses on Contact Center As A Service (CCAAS) architectures delivered from private and public clouds. When the Covid-19 pandemic struck, Webhelp's rapid and effective response demonstrated the foresight of its cloud first strategy.

According to Vincent Tachet, CIO of Webhelp: “Because of the quarantines imposed by most countries, our strategy has been to enable a maximum of our employees — client advisors, team managers... — to work from home, while ensuring a quality of service and a level of security as near as possible to what we normally provide from our contact centers.”

And the result?

In the space of 2 weeks, we moved 36,000 employees into teleworking in the 49 countries where we operate, with AWS Cloud services playing a significant role.”

In addition to teleworking, the experience of Webhelp also highlights another major advantage of the cloud when a disaster strikes: the rapid availability of numerous “off-the-shelf” solutions for unexpected needs and especially urgent requests from the company’s customers.

According to Vincent Tachet: “It is quite common for our customers to ask us to use their own solutions, which are usually based on cloud architectures but not always. In the latter case, we had to offer them alternative cloud solutions eligible for teleworking and that could be deployed in extremely short deadlines. We also had to respond to requests from prospects who were unable to ensure the continuity of their customer relationships, because of “on premise” architectures that were not eligible for teleworking.

To move fast, Webhelp leveraged (among others) the off-the-shelf solution “Cloud Contact Center As a Service”: Amazon Connect.

While Amazon Connect is a multi-channel contact center (voice, mail, chat, SMS...), Webhelp focused on the voice channel, considered the most sensitive because of potential audio quality problems in case of insufficient or poor Internet bandwidth. As a result, Amazon Connect enabled Webhelp to activate thousands of “voice” contact work positions in less than 72 hours.

Consider this emblematic example. Webhelp supported the AP-HP (the Paris Hospital System) in the ramp-up of its COVIDOM contact group for monitoring Covid-19 patients (plus people suspected of infection) who could be kept at home. It was a Pro Bono mission with different sections, and AWS helped Webhelp to achieve its goals for fast implementation of a cloud telephony solution, which was made available to Webhelp by AWS free of charge.

The solution allowed volunteers to use a call center system accessible from any PC (in this case their own), and to easily contact patients or people with Covid-19 symptoms. AWS was able to deploy a Call Center service for telephony very quickly (in only 72 hours), an essential point in the customer’s choice of the AWS solution.

As we wrote above, when a disaster strikes, uncertainty is the rule and time is always short. In these situations, the availability in the cloud of numerous off-the-shelf solutions is a priceless asset for organizations facing up to unexpected events and needs.


D-EDGE

D-EDGE's experience reflects the magnitude of the economic disaster of this pandemic, not only for certain business activities (in this case, the hotel industry) but also for their ecosystems. Indeed, D-EDGE is a provider of digital hospitality solutions and Covid-19 has ravaged many of its customers and partners all over the world.

CEO Pierre-Charles Grob explains: “Normally, our business depends on managing more than 20 million bookings for 12,000 hotels, resorts, chains and ‘aparthotels’ in more than 100 countries. Overnight, with the arrival of Covid-19, we had to face a new situation: many more cancellations more than bookings and, what had never happened, the closing of our customers in 90% of the destinations where D-EDGE operates.

While putting employees into teleworking was essential, D-EDGE faced a much more serious crisis than the inaccessibility of offices, with three major challenges:

  • Stay available to customers, often in great difficulty

  • Continue to innovate to meet the new needs of hotel customers and develop technological solutions for the future
.
  • Adapt its costs (including IT costs) to its lower revenue, without degrading its ability to respond to customer demands and to continue to develop innovations for its business.

According to the CEO, “The AWS Cloud has been a key factor in this crisis because it has allowed us to reduce our costs, one of the measures that allowed us to continue to invest in our resources while keeping our teams 100% without relying on government paid partial unemployment.”

In collaboration with AWS, D-EDGE implemented a number of measures of cost optimization — application by application and service by service — resulting in a 30% reduction in global platform costs (according to the company).

In an interview with Stephan Hadinger, Chief Technology Officer, AWS France, in June 2020, CEO Pierre-Charles Grob summarized three key points of this experience for D-EDGE:

• “This crisis reinforced our vision of customer service: we had to adapt to the changing needs of our customers and demonstrate flexibility and agility to meet market challenges

The working methods of our teams have changed with the imposition of teleworking, sustainably without a doubt

• Finally, we are completely integrating into our business and IT vision the variability of structural costs vs. fixed costs, in order to be able to cope with suspension/recovery of activity.

At the end of 2020 the hotel sector was still in terrible shape due to the pandemic and the constraints imposed by public health authorities. In the meantime, D-EDGE continues to optimize and modernize its applications with AWS... to be ready to bounce back as soon as possible in 2021!


Conclusion

Covid-19 is the latest - but certainly not the last – deadly pandemic to strike and disrupt our modern, global and hyperconnected world.

In 2012, the Pasteur Institute was already warning about the causal link between the emergence of new dangerous pathogens and changes in human living conditions and the environment. In September 2020, in the UN's Global Biodiversity Outlook report, researchers predicted a sharp increase in pandemics like Covid-19, due to continuing damage such as deforestation to natural ecosystems.

Nations and international institutions must mobilize and act to confront this growing danger, but all of us are concerned, both as individuals with our families but also as members of society, in companies and public organizations where we work.

Now let’s sum up the practical and operational lessons we can learn from this unprecedented crisis and from the experiences of the four innovative companies presented in this article:

  • Ensure the security of WFH teleworking, as there is no doubt that the stampede to mass teleworking triggered an explosion of cyberattacks. By leveraging tools like Amazon WorkSpaces, with managed, cloud-based “virtual desktops”, users benefit from strong security and immediate access to virtually unlimited technical resources, paid for as used..

    For companies that choose to continue with a traditional teleworking infrastructure, at least audit, reinforce and monitor the security of the entire chain, from home devices into VPNs and the company's internal network. Consider equipping employees who work from home with professional equipment, with the IT department providing management and security.

  • Revisit existing continuity plans, incorporating lessons from the current crisis and capitalizing on cloud technologies and services, not to mention the wide range of “off-the-shelf” tools, technologies and solutions that promote greater responsiveness to unavoidable contingencies.

    As a framework for this vital work, look to ISO 22301, which is the recognized international standard for Business Continuity. Among its advantages, it allows businesses and IT teams to work effectively together, but also to fully involve top management in order to launch and sponsor the work, arbitrate decisions and ensure an indispensable role of on-going control.

  • Take into account the human factor. Organize training both in business continuity (based on ISO 22301) and in the proper use of cloud services and tools. In addition, ensure the awareness of all employees to the challenges of business continuity, the solutions put in place and especially to their own roles in the business continuity of their organization.

    Finally, don’t forget that the pandemic is a crisis for all employees both in their work and in their family lives. Take that human reality into account in the management of the company’s people.

To conclude, we have to say that 2020 was without doubt a hard and tough year for everyone. Still, even though Covid-19 is not yet defeated, and the possibility of more to come can’t be ruled out, we can see that many organizations continue to anticipate and gain resilience, leveraging the cloud to adapt the way they work and serve their customers. As Stephan Hadinger of AWS France said: “Their strength lies in their ability to find solutions and continue to innovate despite the storm.”

On our side, we are convinced that digital technologies, especially the cloud, can help us cope with the pandemic crisis... and also to prepare for new challenges in 2021, a year we hope will be better and happier for all of us and, of course, for our businesses.

Donald CALLAHAN, Duquesne Group
February 2021
Donald Callahan
Samedi 13 Février 2021

Home Home    Mail Mail    Print Print    Zoom + Zoom +    Zoom - Zoom -    Share Share


Dans la même rubrique :
< >

Vendredi 18 Décembre 2020 - 12:14 Pandémie, Continuité d’Activité et Cloud


Duquesne Research Newsletter