How local government scaled up for remote workers
- By Stephanie Kanowitz
- Jun 25, 2020
The biggest IT challenge local governments faced during the COVID-19 pandemic has been scaling existing infrastructure to accommodate many more workers than they had planned for, IT leaders said during a June 17 panel discussion.
“Our remote access solution was originally scaled for a major snow day, not for 3,000 to 4,000 remote users,” Charles Gore, IT security manager for Loudoun County, Va., said during a webinar presented by CompTIA’s Public Technology Institute. “We were looking at 500 users remote. We had to spread the scoping across multiple technologies, which we had, but we needed to very quickly adjust to accommodate the new users.”
Nikki Milburn, director of security for Franklin County, Ohio, said her team was able to support remote work for 3,500 county employees in a matter of days by building on the foundation of existing emergency plans. They also implemented a document-management solution to allow for digital signatures so agencies requiring new equipment “procure, purchase and sign documents to get the solutions they need to be able to support this,” Milburn said.
Cory Smith, chief information and technology officer for Davenport, Iowa, credited a “capable and robust” existing environment for virtual desktop infrastructure for the city’s success with shifting to telework. “When we had to deal with a mass exodus of employees working from home, for us, it was pretty easy,” Smith said.
Specifically, remote workers received a link they could click to log in to the virtual desktop from their home computer and access the city’s network through a web browser. Smith’s team provided mobile thin clients for anyone who had trouble.
“We also had really been pushing hard for our security awareness training,” Smith added. “The funny thing about humans is they’re the cheapest reproducible supercomputer you can ever have -- if they’re properly trained. They’re going to be able to catch things that you may not be able to catch, but they’ve got to know what they’re doing. Security awareness training is essential.”
The biggest pain point for Louisville, Colo., was around videoconferencing using Zoom, which was criticized for security holes as the public and private sectors turned to the service early on in the pandemic. (Zoom saw the number of customers with more than 10 employees increase by 354% year-over-year for the quarter ended April 30.)
“Zoom immediately wants you to use your email address as your username, and one of the biggest exploits right away was folks were getting city email addresses – it’s pretty obvious when you look at a city or a county or state email, you know exactly where to go hack,” IT Director Chris Neves said.
In Des Moines, Iowa, CIO Anna Whipple grappled with issues of equity as work went online. For instance, in the first few weeks, it was clear that city workers who had devices or laptops for remote work tended to be those in professional-level positions. Administrative and field staff, however, didn’t have those capabilities, creating a disparity. They had to wait for equipment and remote call centers to be stood up.
“We have field staff – it was primarily public works but some in parks and a few other departments – that … simply did not have city email accounts,” Whipple said. Their day-to-day communications with supervisors or team members had been face to face. “When we had to start social distancing, they were instructed to arrive at work and go straight to their city vehicle and not stop into the office and not have those daily interactions with their coworkers. It created a huge communication gap for them.”
To deal with that, she added 250 email accounts those workers could access on their own devices.
Equity has been top of mind for Des Moines workers for the past 18 months, when the city manager convened the Equitable Services Team, a group of 24 staff from all city departments who meet monthly to discuss how to ensure that equity is part of daily operations.
Some IT managers discussed how they changed their security practices in response to COVID.
“My security team’s priorities have shifted in multiple ways, mostly focused on remote-access security and support, adjusting our controls and insight into the remote user experience with these tools, and tailoring security awareness through regular communication with the users,” said Loudoun County’s Gore. “We’re still monitoring endpoints and network activity, building out solutions to give us greater visibility into the environment, conducting vulnerability scans, developing our security awareness program and continuing operations to the best of our ability,” he said.
Stephanie Kanowitz is a freelance writer based in northern Virginia.