How a telework bill can boost security, modernization

As federal agencies continue to modernize remote work environments, new legislation would permit full-time telework for public sector employees for the duration of the pandemic. In addition, agencies can leverage dollars from the Technology Modernization Fund (TMF) – where an additional $125 million was requested in the FY 2020 budget. These funds can be used to upgrade infrastructure to better secure systems and data – and continue to deliver on agency missions.

The need for modern, secure remote work environments is critical as employees continue to connect, share, and collaborate outside of the office – and will continue to do so for the foreseeable future.

The bipartisan Pandemic Federal Telework Act of 2020 would solidify what federal agencies are already practicing today. However, the telework landscape shifted rapidly over the last six months. For example, in 2018, 42% of federal workers were eligible for telework – and only about 22% of those took advantage. Today, the vast majority of federal workers are remote. According to Beth Cappello, deputy CIO at the Department of Homeland Security, the department turned an average daily load of 10,000 teleworkers into 70,000 almost overnight. It supported a 200% increase in traffic to the Homeland Security Information Network.

Considering this rapid expansion of telework, agencies must consider the sustainability of remote infrastructure long-term, reassess legacy technology – and ask if it is still effective in a remote-work setting.

The shift to telework has also, importantly, exposed a set of cybersecurity challenges for agencies who may have been already struggling with basic blocking and tackling of endpoint hygiene, system patching, and compliance long before the crisis hit. When you factor in the spike in bring your own devices (BYOD) alongside agency-owned assets operating outside the protective perimeter of the enterprise local area network (LAN), agencies are experiencing a massive increase in risk.

The remote work status will remain in effect well into the future – whether this legislation passes or not – and the focus of agencies must shift to improving security and reducing risk.

Agencies must continue to push updates to the remote endpoints and maintain compliance with security and operations policies. These functions are often very resource intensive – if deployed via the virtual private network (VPN) – and will consume precious bandwidth and increase latency and performance issues for users.

With a shift in how devices are connecting to the network – and new challenges managing those devices – it's critical that cyber hygiene evolves quickly to keep teams working and networks safe.

Agencies must consider a radical rethinking of how IT administrators manage and secure operational environments. This new approach must:

• Provide end-to-end visibility into the new, borderless, operational environment
• Monitor and manage endpoint usage, performance, and security in real-time without concern for where the endpoint resides
• Monitor and manage distributed workforce infrastructure and software deployments and patching
• Continue to manage existing centralized infrastructure
• Help enforce policy and maintain fundamental cyber hygiene
• Account for and protect the type, location, and state of protected data now residing outside the perimeter of the enterprise LAN

All of this must be done without negatively impacting the remote connectivity infrastructure – which is primarily intended to carry critical user data, not endpoint management traffic.

Leveraging a single platform that integrates endpoint management and security unifies teams, effectively breaking down the data silos and closing the accountability, visibility, and resilience gaps that often exist between IT operations and security teams. It also enables agencies to leverage a modernized approach for end-to-end visibility across end-users, servers, and cloud endpoints as well as the ability to identify assets, protect systems, detect threats, respond to attacks, and recover at scale.

Agencies have seen the success of telework over the last seven months – and it's clear that we will continue with a distributed workforce for months and years to come. This bipartisan legislation keeps federal employees safe and ensures the delivery of vital citizen services. Further, if TMF dollars are leveraged, there is even more opportunity for innovation. The passage of this Act cannot be about politics. But with voting already underway in the 2020 eleciton, everything is political. The passage of this Act will safeguard the health of the federal workforce as well as federal continuity of operations.

Building long-term resiliency requires a generational step forward. Agencies must take a collective approach towards IT modernization and consider how to ensure staff can work effectively and efficiently from anywhere. That begins with shifting how IT administrators manage and secure operational environments.