With many staff now working from home full time, COVID-19 has demanded an exceptional response from our IT and communications systems. Wireline looks at how this shift may shape the future of the ‘Modern Workplace’.
Whether it’s a family Zoom meeting, a conference call via Microsoft Teams or just arranging a shopping delivery, ICT has been an essential piece in ensuring our safety and aiding the fight against coronavirus. For many businesses, it has also meant a rapid roll out of equipment and software to support digital access for staff working from home.
For the energy sector especially, which has been cautious in its adoption of new digital technologies, this is likely to be a pivotal adjustment. While recent years have seen improvements in the capture and harnessing of data – big and small – many parts of the industry still rely on manual processes to inform things like maintenance and record keeping.
Such rapid change brings with it challenges in terms of equipment, security and – perhaps most of all – ensuring end users are engaged and empowered to make use of it. Wireline canvassed the OGUK Heads of IT and Service Organisations Cyber Security (SOCS) Forum to learn how organisations have made this particular digital switchover a success.
“I think what it demonstrated is that generally speaking IT are pretty good in a crisis scenario because it’s what we do – we just get things sorted out.”
Making remote working work
For many organisations, remote working and the so-called ‘Modern Workplace’ has already been embedded for some time. Alan Norrie, IT user enablement lead at TAQA –a proponent of these technologies – says that on the whole, the business was well set up to respond. Only a handful of disciplines dependant on physical workstations required a laptop to be provisioned, followed by arranging additional home working equipment such as docks and monitors.
The challenge was in adjusting home working across the company en masse. Some work was needed “to bulk out remote access solutions and prepare for far more home workers,” he says, and to establish effective routines for home workers. The next phase involved helping staff through various smaller issues: “Some specific assistance was required to help our people be as effective as possible – this could be basic support with home broadband or how to use specific toolsets to aid collaboration. This has allowed us to ensure the majority of the workforce received a positive experience,” Norrie continues.
For Repsol Sinopec Resources (RSR) UK head of IT and digital, Martin Ogden, it has been proof of IT professionals’ ability to deliver: “I think what it demonstrated is that generally speaking IT are pretty good in a crisis scenario because it’s what we do – we just get things sorted out.”
Martin says RSR had a very short window to deliver equipment to staff in the weeks preceding lockdown – in this case around 170 new Surface Pro machines. Far from technical issues however, the biggest problem his team encountered was simply tracking down people to hand them over. Notably, he says that the transition was already planned for later in the year; the advent of the pandemic simply accelerated the roll out.
Other than requests for peripheral equipment, he also believes staff engagement has been good. The use of Microsoft Teams in particular – which had not seen extensive engagement prior to this – has been encouraging: “You go into lockdown, everyone’s using it to do conference calls, collaborate on documents, and after a week we’ve got 15 teams. We’ve now got 65 different teams, and lots of positive feedback,” he adds.
For Premier Oil, working across multiple global offices presented varied challenges. Group information services manager David Edwards explains: “In the UK, the scenario of supporting all office staff in working from home mode was not one the business had ever contemplated. Our disaster recovery plans extended to catering for up to 40 key staff, with ensuing business continuity always assuming that one of our two main UK locations (London and Aberdeen) would be available as temporary workspace in which displaced staff could work.”
In other Premier offices across Southeast Asia and Brazil, the response varied according to the location. While Indonesia implemented a UK-style lockdown, the impact in Vietnam was less severe, allowing the office workforce to split into three cohorts to maintain distance – one at home, one in the existing office and one in new temporary office space. Brazil also followed a home-working policy, co-ordinated by staff in the UK.
While remote working was available, David says a scale-up was needed to meet demand across the board, with the exception of geological, geophysical and reservoir engineering (GGRE) staff who could work remotely via an existing portal. “Fortunately, we had just adopted a cloud-based firewall service,” David says, “Part of whose attraction was a highly flexible and scalable, secure, remote access gateway. This has proved ideal for all our laptop users, who although mostly not familiar with the new log-in process, adapted well to using it.”
The concept of scalability is a common thread for those organisations who have reported successful transitions to home working. Alan Norrie notes that TAQA had already moved services to Microsoft’s cloud-based Office 365 package and an always-on VPN, meaning the move to remote working for many was relatively seamless.
He adds: “The IT working environment was designed iteratively from the ground up, which took longer to deliver but remote access was baked in at the start. This has really helped during COVID-19 and additional ‘bolt-on’ technology has not been required. The concept of simplicity has been key to make something easy to use.”
For Schlumberger, a move in recent years to more software-defined infrastructure proved advantageous, especially as it moved to scale up connection capacity as the volume of remote staff services grew. Global network services operations manager Maged Elmenshawy explains: “If you have a traditional internet connection in a data centre, internet service providers [ISPs] were saying ‘OK, we can get extra capacity to you in a month.’ But we have these software defined ports where we could allocate 10GBps in a matter of two days.” Repurposing these ports offered additional infrastructure to dynamically add new services according to demand.
Similarly, the widespread move to cloud-based services can also help balance network capacity. Maged observes that while full VPN services remain popular for providing security and oversight, it can be more efficient to offload some safe services to reduce congestion. He adds: “When you have such a large mass of people working remotely, it’s much more efficient from a capacity and performance perspective that they are able to reach cloud-based services directly through the internet. So there is some evolution in remote access design and infrastructure to offload large-volume, low-risk traffic.”
“Whilst the overall level of cyber crime is stable, the proportion of phishing attacks related to coronavirus has increased.”
IT security is of course a key priority for most businesses, but even more so when staff may be logging in on new hardware across various locations and connections. To help guide safe and effective response, the National Cyber Security Centre (NCSC) – the UK’s independent authority on cyber security – has prepared six cyber security questions for businesses to consider including the kinds of technology they use and whether they need cyber insurance. This includes advice specifically aimed at businesses who have had to adapt quickly to the impact of COVID-19.
An NCSC spokesperson explained to Wireline: “It’s important employers can offer secure home working and the NCSC has published actionable advice on setting up new user accounts, helping staff look after devices and ensuring VPN technology is up to date. The NCSC has also published guidance on using video conferencing services securely.”
They continued: “Whilst the overall level of cyber crime is stable, the proportion of phishing attacks related to coronavirus has increased. Phishing is a common tool and we strongly encourage organisations to follow our guidance on setting up multi-layered defences, including how to block spoof emails getting through and to help staff members with identifying attacks.” See the boxout overleaf for more.
With phishing being one of the primary security concerns for Schlumberger as well, the IT team helped feed into a new app called Coronavirus Stay SAFE, designed to support staff working through the pandemic. Although primarily assembled by HSE teams, cyber security governance manager Simon Tong says that this was also a great opportunity to help with cyber security messaging: “With people working remotely in a new environment we were concerned about information overload. When you think about how large organisations respond to the pandemic, you don’t want the average user being inundated with messaging from everywhere. The app serves as a hub for the latest HSE and cyber security updates to help our employees stay safe during the pandemic.”
This raises an interesting avenue for future staff engagement. Given the existing emphasis on safety within industry, including cyber security best practices together with HSE principles could be a route for building greater knowledge amongst personnel – particularly as home working looks set to become the norm for the foreseeable future.
Phishing scams are likely to affect every business, and each will company have its own policy on how to report and deal with these attempts.
The NCSC’s Suspicious Email Reporting Service also allows individuals to take personal action against dodgy emails. If you receive something that doesn’t look right, you can forward to firstname.lastname@example.org and the NCSC will analyse whether it is malicious and act to remove sites if necessary.
In the first two weeks, the public reported 160,000 suspicious emails, some of which were coronavirus-themed, resulting in more than 300 fake sites being taken down.
The NCSC also supports individuals. Its recently launched Cyber Aware campaign provides six steps everyone can take to protect their accounts and data online. More information can be found at ncsc.gov.uk/cyberaware/
OGUK has also created dedicated cyber security resources for the oil and gas industry. To request an information pack, contact us.
“For the survival of the industry here we need to look at every efficiency we can. That involves embracing IT, taking some risks in how we approach IT – a more agile approach – and learning a lot from other industries.”
Planning for the future
With these initiatives now rolled out, IT managers are also reflecting on lessons for future scenarios. David Edwards of Premier was emphatic around the benefits of planning as far in advance as possible, adding: “Get more notice! Having one ‘practice’ day was crucial; two or three would have been better though.”
Beyond practice, also make sure your IT support is adequately supported. David adds: “Stay close to your service desk – ours did a brilliant job dealing with a huge spike in low-level/simple calls but were unnecessarily concerned they were failing to meet expectations. The thing to expect is that a large proportion of your staff may never have logged in remotely and need to know what to expect.”
There are of course opportunities to be seized during this time, particularly as modern workplace IT concepts have now been brought to the foreground of every business. Alan notes: “COVID-19 will hopefully strengthen the benefits of IT as no longer conceptual, but based on real experience,” he explains. “We will continue our drive to simplify and where possible make services that we offer accessible from a multitude of access methods. Embracing newer technologies and challenging the way that IT is delivered has been essential to providing the offering we have, and we’ll continue with this approach into the future.”
David is similarly optimistic, and hopes that the past few months will spur action on Premier’s standardisation program: “Our strategy already was to head for an anytime/anywhere mode of operation, but COVID-19 will probably accelerate plans for that. More tactically it has also provided an opportunity to spark digital initiatives to overcome some logistic hurdles.”
The experience of deploying IT quickly and across entire business units may even stoke support for smaller, targeted, projects in future. Martin notes that the ‘fail fast’ mantra of the tech industry does not transfer easily to the engineering-led disciplines of oil and gas. “My view is that [we should focus on] looking at much smaller building blocks, and how we get data in near or real-time from an operation directly into a system and then push that data wherever it needs to go.” These small low-risk steps, he hopes, may pave the way for more ambitious transformations and greater efficiencies.
For Maged, a future with more remote working and greater digital connectivity raises new questions for businesses to examine. “Do we consider how we might alter the IT infrastructure if there is reduced occupancy in the office, and then what kind of policies do you set?” he notes. “If you’re asking people to work from home, what is the industry standard for that?” In particular, companies (and users) will need to consider ‘last mile’ problems like household bandwidth and work environments. As a result, he adds that building awareness and developing best practices for maintaining a home working space will be key topics of discussion in the months to come.
Low commodity prices inevitably mean tighter budgets. But Martin is keen to press the importance of not underinvesting in these targeted projects which could have far-reaching implications in terms of business effectiveness and cost reduction. In this regard, he believes every potential avenue should be explored: “For the survival of the industry here we need to look at every efficiency we can. That involves embracing IT, taking some risks in how we approach IT – a more agile approach – and learning a lot from other industries.”