Pandemic underscores the importance of security, agility for remote work

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Jim Richberg,
Head of Cyber Policy and Global Field CISO, Fortinet
 

Connecting state and local government leaders

By Jim Richberg

|

Secure, remote work environments enhance productivity, ensure continuity of operations and open the door to recruiting and retaining a more diverse and motivated government workforce.

Events like extreme weather and 9/11 provided opportunities for government agencies to work out the logistics needed to remain up and running, but the emphasis in those cases was on enabling essential employees to continue working on-site or from officially designated alternate worksites. The COVID-19 pandemic has forced governments to determine how to make the most efficient use of the entire workforce with the bulk of employees working offsite -- typically from home -- for an extended period. For many, the trick lay in scaling up the remote work capabilities already in place.

The ease with agencies were able to migrate to remote telework varied significantly. In the best cases, agencies had core capabilities such as next-generation firewalls and Trusted Internet Connection-compliant policies in place to allow employees to download client software onto their remote devices, establish secure connections and resume work. In other cases, a lack of modern firewalls, adequate bandwidth or telework-friendly IT or security policies made it labor-intensive to establish and sustain remote connectivity.

While most agencies ultimately implemented remote telework for the majority of their workforce, some did so by granting waivers or by putting ad hoc technological solutions in place. 

But what about security? Remote telework in the “new normal” is likely to be based on an organization’s current practices. It’s especially important for those agencies that struggled  -- and which may have had to cut security and IT policy corners -- to review their current remote telework posture going forward.

The remote security challenge

Securely supporting a remote workforce is essential for any government business continuity and disaster recovery plan.

Grappling with a sudden and large number of remote workers presents numerous cybersecurity challenges. For one, an agency may not have operational control or even insight into the remote worker’s computing environment -- a home network -- that may contain vulnerable internet-of-things devices and family members running applications that potentially introduce threats into government networks. Further complications arise  if the employee is using a personal device rather than a government-issued and owned computing platform. For agencies, the challenge is isolating the remote worker’s device -- or at least the IT resources and processes that are doing remote telework --  to ensure the integrity of government networks and data.

Human error accounts for the majority of security breaches, and in a remote computing environment such as a home network, the consequences of user error -- which may stem from activity not even conducted by the employee -- are magnified. Agencies need a secure, reliable communications solution that’s easy to implement, effective and adheres to privacy best practices.

The private sector has similar needs and concerns, but government agencies must address them on a greater scale and with larger stakes at risk. The federal government has over 2 million full-time employees and thousands of contractors who access electronic resources. It also  maintains some of the largest IT networks and controls some of the world’s most sensitive -- and coveted -- data. Achieving adequate cybersecurity protection at this scale would be a challenge at any organization, but for government, compromised systems could lead to disastrous consequences.

How to support distributed workforces

Not every government employee requires the same level of access to IT resources when working remotely. Agencies should look to solutions that can address security at different levels, including:

  • Standard government workers. Most employees need access to internet, email, teleconferencing, limited file sharing and function-specific capabilities (HR, accounting and so on) from their remote work site. This includes access to software-as-a-service solutions in the cloud, such as Microsoft Office 365, as well as a secure connection to the government network.
  • Power users. Employees who require a higher level of access to government resources while working remotely – such as system administrators, IT support technicians and emergency personnel. --  may need the ability to operate in multiple, parallel IT environments.
  • Super users. Some employees require advanced access to sensitive government resources, even when working from an alternate office location. They frequently process organizationally sensitive information and may need access to classified data and networks as well. This employee profile includes administrators with privileged system access, support technicians, emergency personnel along with government executives such as agency heads, governors and mayors and key staff. For these super users, their alternate work site should be configured as an alternate office location.  

Searching for silver linings in the pandemic work experience

When the pandemic ends, the massive remote work experiment it created will have a continuing dramatic effect on how work is done. As the RAND Institute pointed out, once the work-from-home genie has been let out of the bottle, it’s difficult to put it back in. An entire workforce will have experienced a commute-free day and other benefits. Organizations will have sorted out the technical logistics of telecommuting and discovered that productivity can continue -- in some cases, increase --  without having everyone in the office every day. Distrust in letting people work from home other than by exception will have largely evaporated.

If there’s another silver lining to the pandemic’s global dark cloud, it’s that IT agility and resilience have migrated from the category of “nice to have” to “must have.” Cybersecurity is also in the spotlight, especially for organizations that may have been putting off security upgrades or which have identified new requirements for secure remote work. State and local governments are already facing a financial meltdown as a result of COVID-driven revenue shortfalls, and the federal budget will likely contract significantly too. Unfortunately, when funding gets tight, security is too often one of the first spending priorities to be sacrificed.

Improving security, improving culture

Government does a good job defining standards, but it often lags industry in its pace of implementation. Businesses quickly executed a COVID-driven pivot to remote telework, and as agencies move forward, they should leverage experience and lessons from the private sector. Agencies are used to looking to industry for ‘not invented here’ IT solutions, but exploring applicable best practices and lessons learned beyond government may require a cultural shift.

The move toward telecommuting triggered by COVID-19 is likely to result in significant evolutionary changes to cybersecurity, the government workforce and society. Less commuting and secure, remote work environments open the door to recruiting and retaining a more diverse and motivated government workforce. By implementing the needed tools and cybersecurity strategies, agencies can support distributed workforces, enhance productivity and ensure continuity of operations.

Remote work Case Studies
Powered By
Browse The Atlas full case study database or read more case studies about Remote work.
Oklahoma Zero-Trust Security Model Secures Remote Network for 35,000 Employees
Oklahoma
Los Angeles Enables Remote Work for 18,000 Employees During Pandemic
Los Angeles, CA
Chelsea, MA's low-cost strategy to bring multiple departments' workflows online for remote work
Chelsea, MA
BROWSE LOCAL GOV CASE STUDIES

NEXT STORY: What will it take for a secure election?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.