by: VMware Physical Security and Resiliency Director, Americas Micheal Fitzgerald, VMware Program Manager Junaid Misbah, and VMware Business Resiliency Sr. Manager Narinderjit Singh
The cloud era—combined with the proliferation of remote workers and devices—has delivered a variety of unprecedented advantages to the modern enterprise. It also created a whole new set of challenges, especially when it comes to potential crises that could threaten a company’s ability to compete globally.
More than a decade ago, VMware implemented an emergency management plan that incorporated disaster recovery and overall continuity. Then in 2016, VMware teams re-examined this landscape and rolled out a comprehensive resiliency program with full support from executive leadership to guarantee the program’s ongoing success. The program includes business continuity, crisis management, disaster recovery, and emergency response—with members based in every region. In four years, VMware IT set up total of 62 crisis management teams (CMTs) across major sites. See Figure 1. CMT and crisis management as a service (CMaaS) frameworks were developed to ensure cross-functional teams and site leadership are best prepared to deal with any challenges.
Figure 1: Overall view of the VMware resiliency program engagement model.
Within VMware, the resiliency program oversees numerous crisis mitigation areas including geopolitical, events, epidemics/pandemics, products, threat actors, and human-made/natural disasters (wars, floods, volcanoes, etc.) to name a few.
The best-laid plans
It began by developing crisis management plans, trigger lists, process flows, roles and responsibilities, and response plans for identified risks. Dashboards for resiliency readiness and CMT readiness were built for all 62 major sites across the globe. These quantified the impact on the associated business and operations, scoring them on a ten-point scale and focusing on sites that needed attention.
Business and operation teams identified requisite key personnel and bought into their need to work from anywhere. This involved ensuring all stakeholders worked off of laptops exclusively to guarantee unconstrained portability in an emergency, which proved invaluable when the pandemic hit. VMware IT made it a priority that every member received the required support and guidance, especially when creating, updating, and owning their business continuity (BC) plans. These plans are evaluated twice a year (or if any major changes occur) with each team’s point of contact to maintain smooth operation and avoid duplication of effort.
Likewise, there are quarterly validations of CMT program managers, chairs, and functional leads. This involves revisiting roles and responsibilities to make certain everyone is ready to respond and/or manage any given situation—and empower them to make independent decisions and effectively manage any situation.
Since even the best-laid plans can go awry, there are annual CMT tabletop exercises and simulations focusing on the top risks/situations to validate and refine program initiatives, all based on worst-case, real-world scenarios. IT also performs unannounced/surprise exercises to validate BC plans and seek out improvement opportunities.
Lastly, we take into consideration the unfortunate reality of tunnel vision inherent in internal programs. Our teams continually work with external industry advisors to understand where our efforts stand in terms of readiness compared to industry standards and ISO guidelines.
Reality hits: the ultimate use case
While no team member ever envisioned a crisis as devastating as the COVID-19 pandemic, we were prepared for it.
We created regional CMT teams to offer geo-specific management for COVID-19 challenges. Enterprise data operations (EDO) teams provided reports on daily badge-ins for all global sites. Partnering daily with Physical Security in the early days, we monitored deviations around personal protective equipment (PPE) requirements, tailgating (letting someone in a building without badging-in), and social distancing for all 110 sites globally—and generated weekly reports including site-level activity, clinical risk by site based on external data (CRA), productivity metrics, and more. These were sent to site leadership and CMT leaders to best inform decision making.
Other efforts included legal monitoring of local health department requirements and government guidelines (still in use), working with the VMware corporate medical advisor (CMA) to best understand the constantly changing landscape of COVID-19, and regularly deploying new processes and protocols to meet changing requirements—an example of which can be found in India where a VPN pool was deployed over a weekend for contact center colleagues to comply with the Telecom Regulatory Authority of India’s (TRAI) directive. Globally, similar efforts were adopted for a seamless transition to work-from-home setups using VMware technology.
There’s a lot more to this topic than is presented here. That’s why we encourage you to contact your account team to schedule a briefing with us on this topic. No sales pitch, no marketing. Just straightforward peer conversations revolving around your company’s unique requirements.
And check out these associated blogs that provide more depth on these topics:
How VMware manages disaster recovery
Lessons learned from disaster recovery plans
How VMware takes the threat out of threat actors
The new world of physical security
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. To learn more about how VMware IT uses VMware products and technology to solve critical challenges, visit our microsite, read our blogs and IT Performance Annual Report and follow us on SoundCloud, Twitter, and YouTube. All VMware trademarks and registered marks (including logos and icons) referenced in the document remain the property of VMware.
