[ISN] Avian Flu: Can IT Handle a Pandemic?

From: InfoSec News (isn@private)
Date: Thu May 04 2006 - 22:26:57 PDT


By Larry Dignan 
May 4, 2006 

VeriCenter Chief Technology Officer Dave Colesante is a rare bird.

Unlike many IT executives, Colesante has actually thought about a
potential avian influenza virus, or bird flu, pandemic and reckons his
company, which provides technology services, is relatively prepared if
the virus becomes transmitted through human contact.

After all, Colensante's 225-person support staff is used to managing
VeriCenter's seven data centers from home.

And that's a good thing if a bird flu pandemic hits, because the
federal government would encourage "social distancing" to prevent
further illness. According to the Department of Health and Human
Services, a severe bird flu pandemic would make 30 percent of the
population, or 90 million people, ill and result in 2 million deaths.  
Companies would have absentee rates of about 40 percent. "You would
have to set up to remotely manage IT," said Colesante in Houston.  
"You'd have to leverage connectivity."

The big question: How many companies are prepared for a bird flu
pandemic? An AMR Research study released May 2 found that 68 percent
of companies with more than $1 billion in revenue aren't ready for a
pandemic. An earlier study by Deloitte & Touche concluded that
two-thirds of companies aren't prepared for a pandemic.

Among the issues: How do you manage a work force at home? What workers
would be on site in data centers to swap servers and manage power? Can
companies rely on Internet access in employees' homes?

Those questions are likely to pick up for technology workers and
others involved with business continuity. Through April 27, the World
Health Organization tracked 205 cases of bird flu that led to 113
deaths. On April 28, a mild form of bird flu was found at a live-bird
market in New Jersey. Meanwhile, public awareness—not to mention your
boss' - could be stoked by "Fatal Contact: Bird Flu in America," an
ABC movie airing May 9.

"This is just now becoming a hot button issue," said Henry Fieglein,
chief innovation officer of thin-client company Wyse Technology, in
Austin, Texas. Fieglein, who was the global director of infrastructure
and security architecture at Deutsche Bank, led a task force to
prepare the bank for a pandemic. According to Fieglein, the bank is
exploring thin-client technology that would extend into workers' homes
to securely re-create on-site technology such as telephony and trading
applications. Deutsche Bank said in a statement that its business
continuity plan can "cover a wide range of contingencies, including
pandemics," but officials declined further comment.

While preparations are fluid, there is one bright side: We have time.  
"An avian flu pandemic is not coming tomorrow, and the disease is
probably a ways off," said Alex Tabb, principal at The Tabb Group, a
New York-based consultancy to financial services firms. "But that
doesn't mean you don't plan now."

M. Lewis Temares, CIO and dean of the engineering school at the
University of Miami, said it can't hurt to bring bird flu preparations
to the forefront. "Companies aren't paying attention to this at all,"  
said Temares. "It's like Y2K - no one worried about it until right
before Y2K. Most don't have a plan."

Companies remain mum about bird flu preparations, but they note the
risks. For the fiscal year ended April 24, bird flu was mentioned in
annual and quarterly reports 388 times, according to regulatory
filings with the Securities and Exchange Commission.

Where's the Return?

Tabb said the biggest reason companies are quiet about their planning
is that they are just getting started. In addition, it's hard to
generate a return for something that may never happen. Given the
uncertainty, Tabb said executives need technologies that will deliver
a return even if a pandemic doesn't occur.

"The main thing to determine is what you have lying around today that
can be reused in the case of a pandemic," said Tabb. "Being pragmatic
is important if you are going to have your staff working from home."

The lack of a short-term return on bird flu planning means many
companies are viewing a pandemic scenario as an extension to current
business continuity plans. "We have our hurricane playbook as far as
contingency planning goes, and we'd probably amend that for bird flu,"  
said George Chizmar, vice president of IT at Apple Vacations.

Colesante said VeriCenter's plan is to make sure its most valuable
technology tools are ready in case bird flu breaks out.

Fieglein advised that companies schedule work-at-home days to test

Among the technology tools that will be necessary in a pandemic:

* VPN: "The VPN is the most important technology to create a redundant
  tunnel so workers can tunnel from various locations securely," said
  The challenge: It has to be tested so it can handle a crush of
  at-home workers, he said.

* Desktop support: Some workers will use their home PCs. Companies
  will need to keep desktop applications standardized and maintain

  The challenge: Security could be an issue. "It's easy to
  say employees will work from their house, but less secure if they
  don't have the same level of software protection they have at work,"
  Colesante said.

* Identity management: Steve Ross, global leader of Deloitte's
  business continuity management practice, said a pandemic would force
  companies to cross-train workers on technologies. Perhaps an auditor
  has to fill in to manage a database.

  The challenge: A company will need technologies to track and
  provision worker roles and access permissions quickly, most likely
  from afar.

* Citrix MetaFrame: One way around standardizing applications would be
  to allow workers to tunnel into applications through software from
  Citrix, Tabb said.

  The challenge: Bandwidth constraints could hamper performance.

* Thin clients: Fieglein said Wyse has discussed streaming software
  that would deliver applications remotely to PCs. Deutsche Bank is
  already a Wyse hardware customer.

  The challenge: Companies would need to build the centralized
  architecture to support thin-client use in the home.

Ross said those technologies only go so far because some productivity
will be lost. "People are used to working together, and if you
separate them, it may not go as well," he said. "Teleworking is a
major issue, and there are problems with social distance."

Wild Card: Cable and DSL Access

Of course, all this planning isn't going to help companies if
so-called last mile access to workers' homes falters.

Tabb said companies with workers at home will rely on cable and DSL
providers for connectivity. "If a massive number of people have to
work from home, that last mile is going to get clogged quickly," Tabb
said. "There will be congestion if industry has to move significant
data back and forth."

VeriCenter's Colesante said his workers also have wireless cards that
connect to cellular networks to use in case of DSL or cable outages.

The rub with all that telecommuting: Someone has to pick up the tab.  
"You need a continuity policy that dictates how a company approaches
broadband," Tabb said. "Should the company reimburse broadband for
those that aren't connected?"

Add that to the long list of bird flu planning yet to be done. "No one
wants to tempt fate and say we have all of this covered," said Ross,
in New York. "Especially when they haven't really started to consider
the implications."

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu May 04 2006 - 23:00:40 PDT