Telework advocates: VA case a breach of policy, not tech

When a thief stole more than 26 million names, Social Security numbers and other sensitive data from a Veterans Affairs Department employee's home last month, telework got a bad rap.

Lawmakers, federal executives and other experts blamed VA's policy of letting employees work from home. And VA even went as far as to suspend telecommuting at one of its administrations while officials reviewed ways of protecting sensitive data.

But advocates assert that Congress, VA and others are misplacing the blame and that, with the right security measures, telecommuting is as secure as being in the office.
'I was dismayed that the VA data breach happened, because it was a breach of policy, not technology capability,' said Ronald Simmons, knowledge management officer and technical adviser for the Federal Aviation Administration.

For Simmons, the breach was particularly jarring because he has been at the forefront of promoting mobile, virtual offices, allowing government workers and managers to log in from anywhere in the world with secure Internet access.

Simmons first developed a Virtual Work Environment at FAA in March 2002, a project that lets nearly 22,000 employees around the country be in the same virtual office at the same time. He is currently working on a similar project for the Marine Corps' Combat Development Command division in Quantico, Va.

Although he admitted that the VA data breach left him shaking his head, he is not concerned that it will have any impact on his work. The big difference, he said, is where the data is stored.

In VA's case, the employee stored the data on computer hardware that traveled where the employee traveled. On VWE, data is stored centrally online, and access is controlled by a string of pop-up passwords and log-ins, Simmons said.

The data is accessible anywhere, but only if the user has the security clearances to reach it, he said.

'The big difference between working in a virtual environment and working on a laptop and being connected to the data is not having the data on the machine,' Simmons said. With VWE, 'you depend on the server security to assure that [data] is protected adequately,' he said. 'You don't just drop it on your 'C' drive.'

Simmons said the biggest lesson from the VA breach is that people need to be more careful about what they store on their computers. He also hopes the broader government community will not clamp down on telework programs, because the VA case was not a telework problem.

'I hope people recognize the difference between a procedural problem and a technical problem,' he said.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above