Kalaivani Vadivalu

TU 6414
PART 2: IT MANAGEMENT STRATEGY

1. A)
Inability to access to office environment from home
One of the biggest challenges was inability to access the office environment from home.
Since we were imposed with strict restraining order to work from home, this sudden and
unplanned move had caused many of us to crack our brains on how to get our work done. The
added difficulty is some of our systems such as SAP and CRM are only configured to be
accessed from office environment. Although the Virtual Private Network (VPN) was
available, due to its limitation only restricted persons were given the access. Furthermore,
employee had to have a laptop to be able to have this access. As an interim solution
employees took turns to return to office to get work done as not everyone allowed in the
office at one time. Customer calls and disputes were gradually increasing as most of them
have started to work from home and they were not getting their Astro Service. Operations
efficiency and productivity were decreasing as work was getting delayed and open issues
kept rising. On the other hand, the IT leads were cracking their heads on the possible risks if
the Astro’s back bone system; CRM and SAP were allowed to be accessed from home as
these systems contains highly sensitive data.

Data Violation
With the flexibility having access to the systems and applications from home, Astro
encountered another issue where sensitive data were exposed and violated by an irresponsible
employee. The employee vandalized the terms and policy by exposing Astro’s confidential
data to unreliable source. In this case, the employee used the ID of another employee who
have resigned but ID is yet to be deactivated in the system. Data and information leakage is
not tolerable in Astro. This is against the PDPA policy where Astro regards the customers’
data as highly private and confidential. These unwanted circumstances have caused
reputational damage to Astro. Legal actions were taken by the authority and management to
get a closure to this case. In long run, if precautionary measure not taken to curb this activity
from recurring it can cause financial crisis and lost in revenue. Furthermore, customer will
have doubt on Astro’s privacy policy. Operations may also be affected as data patching may
take time and system will be down for maintenance. This also causes the organization
additional cost for damage repair which may not be in the budget.

Increased time in issue resolution due to working remotely

Another challenge that Astro faced during the pandemic is delay in issue resolution ever since
the introduction of new services, functions and technology to support the work from home
environment. Therefore, it was crucial to the IT personnel especially the Helpdesk Team to
support the employees in this configuration and set up. With new tools and services
connected to users’ application and data, it literally was a platform for new issues. IT
Helpdesk being the frontline faced a stressful situation daily in order to troubleshoot and
resolved these new bugs and defects to enable users to get access to their data. This resulted
in a sudden spike in calls and tickets while the Helpdesk themselves are still getting used to

1
Kalaivani Vadivalu
TU 6414
PART 2: IT MANAGEMENT STRATEGY

the new remote environment and tools. Resolution Time increased in general, and First Level
Call Resolution decreased tremendously. Back log ticket which was aging at 5 days before
the pandemic have increased alarmingly to 12 days during the pandemic (quoted by Helpdesk
employee). At the same time, the ultimate challenge was; the longer time it takes to resolve
the configuration issues on users laptop, the more risk the users are facing with potential
threat and cybersecurity issues.

Increased errors and mistakes while working from home.

During this pandemic, there has also been a pressure on the employees to work longer hours.
There has constantly been “urgent request” or “issues” that require urgent resolution. The
requests keep coming regardless of time and days. Employees get tired and demotivated.
Stressed, tired and demotivated employees tend to make more liable careless error. The error
can be in the form of poor-quality work or poor decision that contributes to the security
breach of sensitive data. Besides, juggling between the personal and professional matter when
working from home also make us less focus on smaller details such as sending an invoice
email to the wrong party or placing the financial sheet in the wrong shared folder location.
According to a survey conducted by News Straits Times 67% experience stress and 63%
claimed to have difficulty having work life balance and spend longer hours
working(“malaysians-struggle-with-long-wfh-hours-during-covid-19-pandemic @
www.straitstimes.com” n.d.). Although, some may have the idea that work from home means
having the flexibility to log in anytime without having to commute, one must have an
understand that after a long working hour, the situation is also susceptible to mistakes.

Home Devices not secured.

When pandemic happened, employees were requested to work from within a short notice
period. This opened to new possible threats and cyber-attacks because some of them with no
laptop were using their own personal desktop or laptops to get work done. What is more
complicated is sharing of home network with other devices such as mobile, smart TVs,
printers, home security camera and many more. Because of the sharing network and inter
connectivity, the system is exposed to a higher risk of cyber security issue. One threat or
malware attack on any of the device can and may impact other devices as well, including the
device used for office or corporate. In some homes, there are also instances where the home
network is shared with neighbours and friends. The risk of the devices used to corporate
related matter being compromised is high in this case. Also according to the study from
(“identifying-unique-risks-of-work-from-home-remote-office-networks @
www.bitsight.com” n.d.) home networks is 3.5 time more open to malware attacks then
corporate networks. This is something critical that the company should study and focus on.

2
Kalaivani Vadivalu
TU 6414
PART 2: IT MANAGEMENT STRATEGY

1. B)
This pandemic has hit us all hard and many have lost their loved ones. It is vital for
top IT leads show some compassion by constantly communicating with their staffs and well
updated on their wellbeing. At ASTRO, IT leads, and management took several steps to show
that they care for the safety and health of their employees. CIO have been sending weekly
communication in the intranet and emails to updates the statistics of the covid cases at Astro
and measurement taken to curb the circulation to raise awareness. A weekly 2-way inter-
department meeting was also held via the digital platform to track employee’s wellbeing and
to share critical information such as issues, challenges and updates on company policy.
Besides that, sanitizers and thermometers are prepared at every corner, junctions, corridors,
and entrances of ASTRO. Tissues and dustbins are provided inside and outside the lift for
users to use to press buttons. Customized messages and advice from top managements are
constantly displayed at every TV screens at ASTRO to educate and remind users to follow
SOPs and trail proper ethics whilst in Astro compound. Astro Insurance benefits too was
revised to cater for Covid treatment and hospitalization. Special hotlines were set up for
employees to call in should they encounter any issues or need assistance pertaining to
pandemic.
In the current IT budget planning a drastic change was seen where more allocation
was given for IT Infrastructure to upgrade the system in line to support the work-from-home
policy. This is because the current network was not designed to cater for critical situations
like this. A sudden spike on the load balancer caused network congestion and slowness.
Having a good IT infrastructure network and framework is important to optimize productivity
of the employees. In terms of resolving issues and problems there has been mutual agreement
and understanding between the IT leads and Vendors to re-strategize the contracts and
response strategies for critical Business Functions and IT services. Some of the business
units, have also been urged by the Leads to revisit their work-related SOPs and Business
Continuity Plan to cater emergency situations. This reduces the time for business to get back
on track during emergency times as the backup plan is already in place to follow. Apart from
this, as an interim measurement to overcome the security issue, the IT Security Head formed
a group to constantly monitor the internal and external activity to detect any possible threat or
attacks. Regular audits were done to ensure system security is not compromised. Reminder
emails too was sent to employees to not open emails from unreliable source and to report any
doubtful activity immediately to IT Security Department if any.

2. A)

In order to work efficiently and effectively from home, employees should be equipped
with the proper tools and methods for them to confidently deliver a good result. The VPN
access should be open to be accessed by all employees with double authentication measure
implemented in the framework by the IT security team. Organization can leverage on the
existing security tool currently in use; the Zscaler to encrypt the network and user settings to
upgrade the current security settings instead of getting a new tool. Zscaler is a cloud-based
security system adapted by ASTRO to protect the machines, data and information’s from

3
Kalaivani Vadivalu
TU 6414
PART 2: IT MANAGEMENT STRATEGY

malware attacks. The benefit is, besides giving employees a sense of security, it also helps
ASTRO sustain its operations and run its business-as-usual during this challenging time. To
support this, the used and returned laptop to IT can be reconfigured and hardened with
endpoint protection technologies prior to giving it to employees. This helps to reduce cost of
purchasing new ones which will cost about RM4000 to 5000 per notebook. Besides that, it
also usually takes 3-5 months if were to purchase the laptop (based on ASTRO IT policy).
This is not cost effective.
As part of IT Strategy planning to prevent sensitive data leakage, ASTRO can
implement logic or technology to mask the sensitive data fields in the application when the
application is accessed from a non- Astro environment. The sensitive data can include
customer’s banking information, address and other Astro’s account information which is
classified as highly sensitive. Audit trails too can be implemented within the system to track
users’ activity and send immediate notice or alert to the respective PIC should the system
detect illegal activity carried out within the system boundary. This also helps to ensure that
no sensitive information is leaked be it intentionally or unintentionally. Astro too can carry
out in-house data Protection awareness program where it is compulsory for all employees to
complete the online learning program that comes with a set of questions to answer. Strict
rules can be imposed to The PDPA assessment where it requires everyone to obtain a total of
80 and above as a passing mark. This is to ensure that employees understand what is being
discussed in the online learning platform prior to answering the questions. Anyone below
80% are allowed to re-take the test until the desired passing mark is obtained. This measure
should be taken to ensure that employees understand the importance of data privacy and
consequences of breaching it.
Astro IT department can re-strategize and improvise their current troubleshooting plan
to accommodate the situations caused by the pandemic. For example, the IT Helpdesk
Department can implement a first level troubleshooting guide and manual in the Intranet
which also serves as a knowledge portal. Users with common issues can be diverted to the
knowledge portal to perform their basic troubleshooting prior to calling the Helpdesk
Department. By doing this, Helpdesk is able to filter the problems and common issues
encountered by users and focus more on resolving level 2 and 3 issues and problems. To
educate the users to use this approach, friendly email announcements can be sent periodically
to ensure that they are aware of this approach. This messages/announcement can also be
flashed during the windows start-up screen as an awareness strategy. Besides that, the IT
ticketing tool can be leveraged by introducing Chatbots prior to logging the ticket without
having to implement a new system. Chatbots can help guide user to perform troubleshooting
at their end rather than waiting for an engineer to attend to their issues. Single sign-on can be
implemented to connect the user’s account automatically to the knowledge portal and activity
is tracked through audit trails. Users too must agree to PDPA policy and provide
confirmation prior to logging in to the knowledge portal.
With the increased workload and extended working hours while working from home,
employees at risk of anxiety, stress and other disorders. It will be wise if the company can
strategize on the work from home KPI and Policy where they are evaluated based on result
instead of task based. The KPI/Policy should clearly state the fine line between professional
work and personal work to establish a work life balance. Micromanaging should be avoided

4
Kalaivani Vadivalu
TU 6414
PART 2: IT MANAGEMENT STRATEGY

but instead build a trust and believe the employee will get the things done within the
stipulated time frame. Tasks or activity done by employee can be measured by number of
tickets resolved within SLA, how many pending and how many unattended to ensure we are
achieving the operations excellency although working remotely. Nevertheless, priority must
be given to the high and top priority issues to resolve as effectively and efficiently as
possible. Group meetings can be held on a weekly basis to reconnect with the team members,
to boost staff’s morale. Management can also instil a practice where we do not call or text
work related matter to employee when they are on leave unless really urgent or critical. This
is important so that the employee takes this time to free and rejuvenate their minds from work
related matter.

2. B)
The responsibilities of top IT roles to ensure the success of the recommendations are as
below:
IT leads are responsible in leading the team in achieving the desired goal. To pursue
this, they should deliver clear objective and goal to the entire team. This is to ensure that the
team is aware of what is happening and at the same time they can play their part in making it
a success. In leading the team, IT lead should also encourage more engagement amongst the
project team. This can be done by asking them for challenges they are facing,
suggestions/recommendations and assigning tasks to them. This can create a sense of
ownership in them; thus, they feel responsible towards the enhancement. This is also
important because engagement between lead and staffs makes the bond stronger and can
accomplish things faster. It gives the team a clear focus and direction to work on and keeps
everyone on track.
IT leads are also responsible in governing the team. This is done by ensuring policies
and procedures are in place to ensure the quality of the deliverable. This is also can done by
assigning roles and responsibilities to the team according to their expertise. For example, IT
Lead can assign or request The IT Security Team to take responsibility by appointing a lead
to provide training to the employees on security awareness, setting up home based security
and how to avoid phishing and malicious attacks. In this way, we are not only doing a
knowledge transfer but also saving cost. The knowledge shared can also be documented in a
knowledge portal for future use. The training can be held over a digital platform such as the
Teams, as it has the recording and replay functionally where staffs can replay the video
whenever they want as references. Besides that, is it also the responsibility of the IT lead to
ensure that there are enough staffs allocated for the recommendation to be carried out. Proper
roles and responsibilities documented and shared to avoid conflict or mis communication in
future.
Another role of IT Lead is managing the team and ensure all are working towards the
same path to attain successful deliverables. Through ensuring and supervisioning the
readiness of the infrastructure, the IT lead is playing a major role in managing various teams
to play their part. For this recommendation to be a success one, a wide range of infrastructure
capabilities need to be considered. For example, the use of virtual machines or applications

5
Kalaivani Vadivalu
TU 6414
PART 2: IT MANAGEMENT STRATEGY

via Citrix platform needs to be analysed and tested if it is supported. This might mean
ramping up resources such as memory and hard disk space to support the additional users and
smooth usage with minimal to no performance issues. The support SLAs should also be in
line with the expectations to minimise downtime. As for network, need to ensure VPN
capabilities and other remote access methods have high availability with backups. Load
balancing too needs to be assessed if it can support the increased usage. This is the
responsibility of IT Infrastructure and Network managers. They too need to work closely with
the support teams to be aware of any issues and ensure training is up to date for the support
team. Therefore, IT leads role in delegating the task to the relevant IT managers is clearly
required to support the success of the recommendation
IT leads are also responsible in shaping the IT Portfolio to reach the objective of the
recommendation. This can be done by determining how much work is there to be done, the
experts required and the tools and technologies that going to be used for this deliverable.
Forecasting, planning and ensuring there are proper failover also falls in the bucket of these
IT leads. Monitoring needs to be continuously enhanced wherever there is a gap to be more
proactive. Lastly, to measure and assess the implementation of the recommendation, IT Lead
is responsible to ensure quality checks are done throughout the plan to avoid unnecessary
risk.

References:

1. 4c267f8b7e6d56536fa6f06c1adff2f6ac716a89 @ www.jobstreet.com.my. (t.th.).

https://www.jobstreet.com.my/en/cms/employer/measure-productivity-workplace-
effectively/?utm_campaign=MY~h:~aws~~~Worklifebalancetips~&utm_content=hir
er~link~&utm_term=&utm_source=mktg&utm_medium=article&pem=.
2. project-manager-qualities @ www.indeed.com. (t.th.).
https://www.indeed.com/career-advice/career-development/project-manager-qualities.
3. 8eff76c0147cd06c9f826c6e32cd6e180740e6d2 @ www.jobstreet.com.my. (t.th.).
https://www.jobstreet.com.my/en/cms/employer/laws-of-attraction/inspirations/5-
work-life-balance-tips-for-your-wfh-employees/.
4. aaf5ed19a6595e5ddd0e415eb7cd6806c830d52b @ www.verite.org. (t.th.).
https://www.verite.org/workplaces-open-during-pandemic/.
5. malaysians-struggle-with-long-wfh-hours-during-covid-19-pandemic @
www.straitstimes.com. (t.th.). https://www.straitstimes.com/asia/se-asia/malaysians-
struggle-with-long-wfh-hours-during-covid-19-pandemic.
6. 3afe472d1d88718dd2aebb905291834730c5b59e @ www.verite.org. (t.th.).
https://www.verite.org/workplaces-open-during-pandemic/.
7. covid-19-and-pandemic-planning--how-companies-should-respond @ www.ey.com.
(t.th.). https://www.ey.com/en_my/covid-19/covid-19-and-pandemic-planning--how-
companies-should-respond.
8. identifying-unique-risks-of-work-from-home-remote-office-networks @
www.bitsight.com. (t.th.). https://www.bitsight.com/blog/identifying-unique-risks-of-
work-from-home-remote-office-networks?utm_campaign=press-
release&utm_source=press-

6
Kalaivani Vadivalu
TU 6414
PART 2: IT MANAGEMENT STRATEGY

release&utm_medium=BitSightcom&utm_content=Identifying Unique Risks of Work

from Home Remote Office Networks.