January 27, 2022

Volume XII, Number 27

Advertisement
Advertisement

January 26, 2022

Subscribe to Latest Legal News and Analysis

January 25, 2022

Subscribe to Latest Legal News and Analysis

January 24, 2022

Subscribe to Latest Legal News and Analysis

Coronavirus and the “100% Work-From-Home” Scenario: Review Agreements with Vendors of Remote Access Technology

As part of the response to the outbreak of COVID-19, many organizations are working on contingency and business continuity plans that include an all-employee “work-from-home” scenario.  If it becomes necessary to implement such a plan, all employees of the organization will access the organization’s networks and systems remotely. Unfortunately, many organizations that are testing these plans are discovering that that their remote access technologies may not be able to handle, without significant degradation in performance, the volume of activity this will generate.  Indeed, given the complex host of business applications and collaboration tools that many businesses employ, many entities may not be fully ready for their entire workforce to access their systems remotely without first checking in with their vendors and IT personnel.

This is understandable. Except for the case of those businesses that always operate “virtually” — without any fixed offices — most organizations build their remote access infrastructure (including the related telecommunications, security, videoconferencing, collaboration and other software tools that are involved in remote access) based on an assumption that only a portion of an organization’s employees will use remote access at any given point in time.  For example, contractual service level commitments (in which vendors promise certain levels of performance of their systems) often assume a simultaneous user base being a subset of all employees of the organization.  Further, SaaS-based services that are priced based on a specific number of “simultaneous users” may not anticipate all, or substantially all, of the company’s employees using the service at the same time.

Organizations should be reviewing their agreements with the myriad set of vendors that provide software related to remote access. These reviews should evaluate what commitments, if any, are included in those agreements that may be helpful in what may be this unprecedented “100% work-from-home” effort.  To the extent contractual deficiencies or other issues are identified, early engagement with vendors can be helpful.  For example, in the event service level commitments appear insufficient to meet anticipated demand, an early discussion with the vendor may result in an increased allocation of the vendor’s resources to that customer.  And while some SaaS service agreements priced by the number of simultaneous users may allow customers to exceed simultaneous user limits (with a premium true-up at a later date), others impose hard blocks on usage in excess of contract limitations.  To the extent these issues are identified in an agreement, customers are best served by engaging with the vendor in advance – to avoid premium true-ups or interference in service.

Of course, to the extent some of the relevant software is not SaaS or cloud-based, but, rather, is hosted locally on-premises, simultaneous user capacity may be, in part, a function of hardware resources available on site.  In this case, additional planning may be necessary, which might include bringing in additional hardware or a SaaS-based resource as an alternative or supplement.

It is clearly important for companies to try to enable a smooth employee experience in the 100% work-from-home scenario. If employees find it difficult to connect to an employer’s system, it will inevitably lead to decreased efficiency and loss of productivity. Perhaps even worse, employees working locally on their own devices without connecting to their organization’s network may be transmitting sensitive business information, trade secrets and personal information in an insecure manner.  Some of that information may be stored on local devices in an insecure form.  To the extent access to that information is compromised, whether in transit or at rest, an organization may ultimately be dealing with a data breach or loss of valuable information.  Cybercriminals will not be curtailing their efforts to access valuable data during the outbreak, so cybersecurity should remain a priority in any remote management plan.

© 2022 Proskauer Rose LLP. National Law Review, Volume X, Number 69
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Jeffrey D Neuburger, Proskauer Rose Law Firm, Technology Attorney
Partner

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law...

212-969-3075
Advertisement
Advertisement
Advertisement