While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
David Freeland spends his days immersed in the Patent and Trademark Office’s efforts to protect people’s inventions and intellectual property, but when it comes to his agency’s own telework strategy, the CIO has no qualms sharing the secrets of his success.
The agency began its telework program 10 years ago with 18 employees. Today, a little more than 40 percent of PTO’s workforce, or more than 3,600 of the agency’s 9,000 employees, telecommute. That includes 86 percent of its eligible examining attorneys.
To ensure success supporting far-flung homebound users, Freeland says, government IT departments must provide employees with a consistent user experience, good help-desk support and strong security measures. All three are critical in making sure teleworkers are as productive and protective of sensitive information at home as they are in the office, he says.
To meet these three objectives requires a focus on technology. Policies are all well and good, but feds and consultants point to the hands-on tools and actions that IT departments must offer to make work and home environments seamless for each teleworker and for the employee that they work with at the agency. So what’s the best approach for your agency? FedTech has gathered tips from across the government and lined them up against these goals so that you can adapt them to your agency’s telework support.
Tip #1 Equip teleworkers with the same technology tools and give them access to the same applications and data they have at the office. “When you have an examiner who works in the office and another who works remotely, they are operating under the same performance metrics, so the tools we provide them have to be virtually identical and not be a factor in their ability to produce,” Freeland says.
Tools include a notebook computer; a docking station; a keyboard and mouse; office equipment, such as multifunction printers that include a scanner, copier and fax machine; and access to telecommunications, such as high-speed Internet access and phone service. PTO also provides two monitors, which patent and trademark examiners need because they have to review so many image files and scanned documents.
“Because they have to review so much information, two large monitors is an absolute necessity,” Freeland says. “The screen on a small notebook impedes productivity.”
Tip #2 Consider the network bandwidth and IT infrastructure ramifications of teleworking. To provide users with fast access to the same applications and data at home may require the agency to re-architect, upgrade or invest in new infrastructure. For example, before implementing telework, the Defense Information Systems Agency’s network control center personnel tested different scenarios that could potentially cause slow response times throughout the network and could impact the overall telework program.
“We used the current usage statistics, and by adding the various scenarios we calculated what our usage would look like, and we made the adjustments to the circuit,” a DISA spokeswoman says.
When PTO first offered telework, the IT department realized that it needed to revamp the software that gives examiners access to applicants’ patent and trademark submissions. The submissions include large image files that demand enormous bandwidth. When workers viewed the submissions in their offices, bandwidth wasn’t an issue, but when they tried to view them at home, their cable and Digital Subscriber Line connections were too slow.
To compensate, PTO plans to build new Web-based software, so teleworking employees can quickly access the data they need. But in the meantime, the agency’s IT department has developed a stopgap solution, installing new servers running desktop virtualization software in the data center. Now, these “virtual desktops” run the applications that teleworkers need.
The teleworkers connect through a Remote Desktop Protocol (RDP) connection, an encrypted link between each teleworker’s computer and the virtual desktops. These virtual desktops communicate with PTO’s mainline servers and handle all the processing and requests for information and send screen images back to the teleworkers’ computers. As a result, teleworkers can quickly access the software and view the data they need without using a lot of bandwidth, Freeland says.
“Instead of huge image files going back and forth, it’s just sending screenshots to the remote computer,” he says. Having the data displayed through an RDP connection and, in the future, through a Web interface is also more secure because the data is not residing on users’ hard drives.
What is your top security priority?
63% of CISOs say securing mobile devices
How do you manage security for mobile workers?
46% Remote data-deletion technology for lost or stolen devices
57% Secure VPN for remote connections
69% Multifactor authentication
94% Annual data security
training for all employees
SOURCE: Telework Exchange survey of 35 federal chief information security officers, June 2007
Tip #3 Swap out teleworkers’ desktop computers at work for notebook computers that they can take back and forth from office to home. That way, the IT department doesn’t have to pay for, maintain and provide help-desk support for two computers for each employee, says Stan Kaczmarczyk, principal deputy associate administrator of governmentwide policy at the General Services Administration.
GSA does not recommend that agencies let workers use their home computers because they may not have the same security safeguards, such as antivirus software, installed. “It’s most ideal to purchase a notebook computer along with a docking station for each location,” Kaczmarczyk says.
But don’t overwhelm the IT budget by migrating everyone to notebooks at the same time. Do the migration as part of the normal upgrade cycle for the users’ systems, typically every three to four years, Kaczmarczyk says. By staggering the upgrades, an agency can absorb the costs through planned spending.
Tip #4 Take advantage of new online communications and collaboration tools to keep employees connected. If an agency has deployed Voice over Internet Protocol, it can install “soft phones” or phone software on teleworkers’ computers so they can use their office phone number to make and answer calls, says John Mauthe, chief operating officer of Command Federal, which is aiding DISA with its telework program.
Online collaboration tools let teleworkers hold meetings and work on projects together, even if they are geographically dispersed. These tools also can support instant messaging, conference calls and videoconferences, and viewing and editing documents simultaneously, he says.
Tip #5 Create telework management software that helps agencies manage the telework process. In 2002, the International Trade Commission built Web-based telework management software that automates the telework approval process and lets the agency automatically generate yearly telework statistics for the Office of Personnel Management.
About three-fourths of the commission’s 350 employees have approval to do project-based telecommuting, meaning they can’t do it on a regular basis, but they can for special projects, such as needing to write reports, or if they have special circumstances, such as health issues, says Stephen McLaughlin, CIO and director of administration at ITC.
The Web application runs on an Oracle database. To use the system, employees log into the application through the agency’s intranet. They type in the date and number of hours they want to telecommute and choose categories from a drop-down menu to explain to supervisors why they plan to work from home.
Employees can copy the request to administrative assistants and write in additional comments to elaborate on their telework plans, McLaughlin says. The application sends supervisors e-mail messages seeking the necessary approvals. After review and approval or denial, the app sends the information back to the employee. Because the data resides in the database, the agency can easily generate reports, he says.
In the past, employees who wanted to telecommute e-mailed their supervisors, and the supervisors sent their approvals to a telework coordinator, who at the end of the year printed out approvals and manually prepared reports. “The system has saved us so much time in managing the telework system,” McLaughlin says.
Tip #6 Offer extended help-desk hours. Teleworkers typically work flexible hours and sometimes work on weekends. PTO, for example, offers help-desk hours from 5:30 a.m. to midnight EST, Monday through Friday, and 5:30 a.m. to 10 p.m. on Saturday and Sunday. As PTO’s workforce becomes more geographically dispersed, those hours will likely need to be extended, Freeland says.
Tip #7 An agency should migrate to telework gradually rather than through a large-scale implementation. That way, help-desk personnel can quickly pinpoint common problems and resolve them.When DISA began offering telework, the agency’s help-desk personnel quickly developed a repository of routine problems that teleworkers were experiencing, such as problems with routers and DSL connections. The help-desk staff got a quick handle on the problems and shared “fixes” with one another. The key to success was the technical expertise within the control center and among those managing the center. “The population [that was teleworking] was small at first, which made it manageable,” the DISA spokeswoman says.
Tip #8 Create a standard software image and computer configuration for teleworkers’ computers — as well as standards for other equipment, such as printers — to simplify troubleshooting. That way, the IT department can easily mail a replacement notebook or desktop computer overnight without the hassle of figuring out whether the computer has all the applications and drivers that the teleworker needs, PTO’s Freeland says.
Tip #9 Roll out multiple layers of security. Antivirus software, virtual private networks, encrypted hard drives on notebook computers and password-protected handheld devices are all important to bolster telework security. In addition, agencies now must deploy two-factor authentication before teleworkers can log on to their agency network. That means teleworkers must type in their user name and password plus have a second method to authenticate themselves.
PTO has two methods: smart cards that deploy Public Key Infrastructure certificates, which users swipe through smart-card readers, and key fobs that display dynamically changing passwords, which users must type into their computers to gain network access.
Additionally, recommends Command Federal’s Mauthe, agencies can ensure data security by requiring teleworkers to save files on a network drive, rather than to local hard drives.
Tip #10 Train all employees on telework security. According to a study by the Telework Exchange, most workers — not just sanctioned teleworkers — do some degree of work at home on nights or weekends and typically log on to their agency’s computers using their home PCs.
“The workforce these days is more mobile, and data is on the move, whether employees carry files home, copy files to USB flash or thumb drives, or log into the agency network from their home computer,” says Cindy Auten, general manager of the Telework Exchange. “It’s critical that agencies train all employees, so they are equipped to handle security.”