It's Really NOT About Money

Photo: Greg Latza

Telework is about continuity of operations. It's about reducing the incessant din of traffic and auto emissions in the Washington metro area. Telework is also about work-life balance, employee retention and tightening up performance measurements for all employees.

Telework is about many things, but it's not primarily about money.

Telework is about continuity of operations. It's about reducing the incessant din of traffic and auto emissions in the Washington metro area. Telework is also about work-life balance, employee retention and tightening up performance measurements for all employees.

Telework is about many things, but it's not primarily about money.

Critics and skeptics of telework often point to increased demands on IT budgets to duplicate information and telecommunications equipment suites for employees, both at the office and at homes or telework centers. This argument for some agencies might be valid, especially those dealing with sensitive or classified data. But for many, this is not a valid issue.

Many agencies now have a one-computer acquisition policy, and that one computer is usually a notebook that can be used anywhere the employee must or chooses to work. Notebooks are only marginally more expensive than desktop PCs and, when used with a docking station, can have a regular keyboard, mouse and the typical user interface amenities.

Second, some teleworkers are better equipped with personal computing equipment and better broadband Internet connectivity at home than they receive at work. If this is the case, the cost to the government is effectively nil, save the additional configuration cost that may be required by the agency to bolster security via tools such as encrypted virtual private network tunnels with firewalls.

The need to incur additional costs is directly dependent on the tasks that teleworkers perform and the level of sensitivity of the data that they use. For teleworkers who deal with highly sensitive information, biometric and other devices may be necessary at the point of access to provide positive identification of the user, but for most federal users this will not be the case. Currently, most agencies deny telework that involves accessing classified material, so a commensurate level of fail-safe protection is not needed.

Dollars and Sense

In any event, even if money is spent configuring and supporting a home office for teleworkers, my research for the IBM Center for the Business of Government indicates that the cost benefits outweigh the expenses.

For an organization with 100,000 employees, of which about half telework at least part time, the cost of implementing a basic solution — PC, software, peripherals, network interface, mobile phone, and security and support resources — for teleworkers' home offices can result in more than $36 million in benefits over three years at a cost of approximately $16 million.

The real issue is providing secure remote access to organizational systems, and this is often the source of agency costs related to telework. Very good information on securing telework equipment can be found in the National Institute of Standards and Technology's Guide to Enterprise Telework and Remote Access Security.

The publication identifies two key assumptions that all organizations allowing remote access for teleworkers should make:

• All external networks and devices contain threats that are hostile to the organization, and these threats will try to gain access to organizational resources.
• Devices used by teleworkers will be lost or stolen by people who will try to gain access to sensitive data contained on them.

The importance of the first assumption is highlighted by a recent hack of RSA's SecurID system, which is typically used for two-factor authentication.

Once an organization makes these assumptions, the need for remote access security becomes clear, and the only question is how to best execute an appropriate plan for teleworkers.

Once the data stream between the teleworkers and their agency is protected, many other security concerns associated with telework are best dealt with via policy, rather than hardware or software.