Gartner Research

Quick Answer: What Actions Should I Take to Protect My IT Services From Disruptions Caused by the Russian Invasion of Ukraine?

Published: 28 February 2022


The Russian invasion of Ukraine is underway. Businesses and service providers with software development or other IT service centers (captive or outsourced) in the impacted region must immediately take pragmatic and specific actions to minimize risks to their enterprise.

More Detail

While Gartner research may touch on legal issues, we do not provide legal advice, and our research or guidance should not be construed or used as a specific guide to action. We encourage you to consult with your legal counsel before applying the guidance and recommendations contained in our research.

With the Russian invasion of Ukraine, end users and service providers with IT services delivery centers in these regions are uncertain about service continuity. Gartner estimates there are over 1 million IT professionals in Russia, Ukraine and Belarus put together, of whom around 250,000 work for consulting or outsourcing firms that serve clients outside of the region.

Many businesses and service providers are still recovering from the challenges of COVID-19, with the majority of the workforce working from home. As a result, many basic risk mitigation strategies like rehearsing third-party contingency plans and downtime procedures, disaster recovery (DR), and business continuity plans (BCP) for site, city and country outages may not have been run for some time. Moreover, these plans might not have been updated to consider work from home and public telecom and internet outages. Furthermore, work is predominantly delivered remotely; business artifacts — codes, design documents, test scripts and so on — might have been stored on local hard disks with a cloud backup. Anything stored on local hard disks in the countries of conflict carry significant business, market and operational risks.

Enterprise connectivity is now ubiquitous, and a major concern with this conflict is the possible use of cyberwarfare. With COVID-19 having extended networks from office blocks to drawing rooms, the potential points of entry for malware, ransomware and other forms of cyberattack increase. In a connected world, a cyberattack emanating from the conflict region can quickly spread to sites anywhere around the globe.Such attacks may mean that businesses will not be able to interact with their providers if telecommunications and hosting are disrupted.

The imposition of sanctions against Russia will increase the complexity for many businesses and service providers with IT staff and local IT operations in Russia and other impacted countries. Paying wages, expenses and invoices to local suppliers, moving staff in and out of the region, and controlling site security will all become vastly more difficult.

Calls to action:

  • Act with a human-centric approach; failure to do so will risk lives, and could exacerbate mental health issues for you and your team. At all stages, seek to promote and prioritize actions that can support impacted staff within your organization, as well as from your service providers.

  • Reach out to your service providers to see how your organization can help. Seek out any local support your organization can offer and be prepared to advocate for impacted individuals. Also, collaborate with other service providers who can step in to minimize disruptions to your service delivery.

  • Continue to move your own or service provider’s staff to nonimpacted delivery locations or countries. It may be difficult, but if possible, use local connections, foreign governments, state departments and international aid organizations to fast-track moving staff and their families.

  • Immediately execute your DR/BCP for the impacted region, if not already done. Check with your service providers to ensure that they have successfully moved their work to safer locations. Enable their moves and remove any bottlenecks. Advocate for your service provider by identifying ways other providers can step in to expedite the move. Leverage third-party personnel safety and protection services that will work in the area.

  • Delay any new projects to be delivered from these regions until tensions are settled. Whether business or service provider, prioritize system patches and updates over feature releases to protect your enterprise systems from any vulnerabilities. Plan for only those feature releases that are business-critical and absolutely essential. The rest should be moved into backlogs for future releases.

  • Relax service-level agreements (SLAs) and key performance indicators (KPIs) to ease the burden on internal and service providers’ operations. Where such alternatives do not exist, seek legal advice on whether the conflict constitutes a “force majeure” event so that SLAs and KPIs can be relaxed for a certain period. If your service provider invokes force majeure provisions, ask your legal advisor about actions you can take to move work in-house or to another provider without breaching the contract.

  • Work with your network, security operations center (SOC), and security and risk management teams to temporarily segregate networks in these regions, and put in place enhanced intrusion detection and response capabilities. With the risk of cyberwarfare or ransomware attacks being spread across affected networks, it is important to bear in mind that your service provider may retain a local connection, which may pose a risk to your network. Validate that all important business artifacts, including code, data, designs, documentation, test scripts and configurations, are safely stored in servers within your local jurisdictions. Ensure that nothing is left on local hard disks, local servers or cloud servers in those countries. If work needs to continue locally, use cloud-based copies of the master data and replicate back to the master copy at least daily.

  • Seek specialist advice from accountants, legal advisors and crisis specialists if you have to move money in or out of Russia. With sanctions imposed against Russia, be extra careful that sanction conditions are not violated.

  • Communicate regularly, if required, on an agreed cadence with internal and external stakeholders and customers. It is important to let all stakeholders know what is going on with your support or development operations, how this may impact deliverables, and what you are trying to do to remediate the situation.

  • Prepare for longer-term possibilities if the conflict proliferates into other parts of the world, or leads to political unrest in nearby countries, by reviewing your DR/BCP and third-party contingency plans for your other countries of operation.

The situation at the time of writing is evolving by the hour. Business and service providers should take immediate actions to isolate their delivery centers in these regions and should already be reprioritizing initiatives and projects. Next, move work out of the impacted area, and take actions as recommended here.

Recommended by the Authors

Access Research

Already a Gartner client?

To view this research and much more, become a client.

Speak with a Gartner specialist to learn how you can access peer and practitioner research backed by proprietary data, insights, advice and tools to help you achieve stronger performance.

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Gartner research: Trusted insight for executives and their teams

What is Gartner research?

Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.

Gartner research is unique, thanks to:

Independence and objectivity

Our independence as a research firm enables our experts to provide unbiased advice you can trust.

Actionable insights

Not only is Gartner research unbiased, it also contains key take-aways and recommendations for impactful next steps.

Proprietary methodologies

Our research practices and procedures distill large volumes of data into clear, precise recommendations.

Gartner research is just one of our many offerings.

We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.

Tap into our experts

We offer one-on-one guidance tailored to your mission-critical priorities.

Pick the right tools and providers

We work with you to select the best-fit providers and tools, so you avoid the costly repercussions of a poor decision.

Create a network

Connect directly with peers to discuss common issues and initiatives and accelerate, validate and solidify your strategy.

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

©2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.