Telework success tip: One step at a time
The technology is in place, but the challenge is implementing telework with policies in manageable increments
With telework becoming a reality, agencies can effectively extend enterprise security technology already in place to ensure that data accessed through remote connections remains secure, said one industry advocate.
“The government is not going to have to spend a lot more,” said Bobby Caudill, enterprise experience architect for Adobe Systems. “They are going to have to figure out how to leverage what they already have.”
Networks and connections already are or can be well defended by traditional security products such as firewalls, intrusion detection and prevention, virtual private networks and access control. Individual devices also can be protected if their use on the network is known and managed, Caudill said. “The challenge is what to do with the information itself and the digital containers it is stored in.”
That challenge remains basically the same whether the information is inside or outside of the enterprise. Cryptographic tools enabled by government smart ID cards with digital certificates and keys can handle most of this. What remains to be put into place are policies and controls for approved access and use.
The technology to manage data use is becoming more mature, but implementing it for outside users is not necessarily easy, Caudill said. That means implementing telework polices one bite as a time rather than trying to enable it wholesale in one step.
“The key is not trying to solve the entire problem in one fell swoop,” he said. “You might not be able to allow the entire agency to do it immediately. But even 50 percent is better than zero percent.”
A part of this approach is to ensure that all workers understand not only what options are available to them but what is expected of them in return. Not everyone will be able to do everything remotely all of the time. Workers need to know why some things need to be done in an office, or on certain types of platforms over certain types of connections.
“That becomes more of a cultural issue rather than making the entire problem the IT guys’ responsibility,” Caudill said.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.