May 14 2020
Digital Workspace

How to Make Federal Government Telework a Success

To ensure that federal government telework deployments are successful, federal agencies need to have the right technology and policies in place.

Late last month, the Office of Management and Budget and Office of Personnel Management gave agencies guidance on how and when they can gradually resume normal operations and shift away from the massive telework deployments many started in response to the novel coronavirus pandemic.

However, there are still tens if not hundreds of thousands of federal workers who are engaged in telework right now. 

For example, a General Services Administration spokesperson says that the Social Security Administration needed to transition 4,000 agents providing critical citizen services from call centers to home offices. 

“They were seeking router kits which can provide each individual access to the network in order to meet this need,” the spokesperson says. “GSA helped acquire the kits and supported SSA in procuring 4,000 headsets for the same agents to work from home.”

Some agencies, such as the GSA, may not go back to business as usual once the pandemic abates, according to recent comments from Dominic Sale, the assistant commissioner of solutions at GSA’s Technology Transformation Services.

If agencies move to make some form of telework permanent or have to return to large-scale work-from-home arrangements in the fall or later, they will need to make sure their telework deployments are successful. To optimize telework, IT leaders need not only the necessary technology tools but also the right policies, cultural changes and project management tools for their agencies as well.

MORE FROM FEDTECH: Discover how to prepare technology in advance of a virtual meeting.

Scaling Up Federal Government Telework Solutions

There are several ways agencies can scale up (or continue to scale up) telework deployments, notes Zeus Kerravala, founder and principal analyst for ZK Research (and a FedTech contributor).

The “path of least resistance,” he notes, is for IT leaders to simply scale up an agency’s VPN capacity. However, that can be expensive. Most agencies and large organizations have provisioned VPNs, which rely on software licenses, to support remote connections for 10 to 15 percent of users, Kerravala says. VPNs are software clients that require hardware to terminate connections back at an agency’s headquarters or data center.

To scale up a VPN to support six or seven times the normal capacity will cost money, for both software licenses and appliances such as firewalls, he notes.

On the user side of the equation, many employees may not have worked from home on a regular basis, and agencies may need to significantly increase their IT help desk resources to handle queries from users and help them set up VPNs.

IT leaders also need to decide whether they are provisioning SSL VPNs or IPSec VPNs, Kerravala notes. As TechTarget reports, “IPSec VPNs connect hosts or networks to a protected private network, while SSL/TLS VPNs securely connect a user’s application session to services inside a protected network.”

An SSL VPN is simpler to deploy, and there is nothing for a user to download. An IPSec VPN is also much more processor intensive than SSL, according to Kerravala. Agencies would need more back-end IT resources with IPSec, such as firewalls or VPN concentrators.

In contrast, an SSL VPN gives users access to specifically approved applications. An IPSec VPN opens as a tunnel to an agency’s enterprise network, and users have access to all applications. If a user needs access to everything, it creates many more CPU cycles.

A third option is for agencies to deploy a software-defined WAN, in which a software agent can be used to connect a user’s home network to the enterprise network, with the home network acting as a “branch” location. Agencies can deploy remote cloud Wi-Fi access points from vendors such as Aruba Networks and Extreme Networks. However, that may not be easy to do right now at scale. So, Kerravala says, it may be reserved for higher-level users who need access to critical applications.

Susie Adams, CTO of Microsoft Federal, says that thanks to OMB easing acquisition procedures and the Defense Department’s Commercial Virtual Remote Environment, “agencies can quickly adopt large-scale telework platforms, such as Microsoft Teams, that enable virtual collaboration.” 

Moving forward, she advises, “agencies should test solutions early and often to ensure they meet security and compliance requirements for a remote office environment.” Additionally, Adams says, “agencies should develop their zero-trust architecture to protect their organizations during a fast-tracked digital transformation” and follow guidance from the DHS Cybersecurity and Infrastructure Security Agency Trusted Internet Connections program (specifically, CISA’s interim TIC 3.0) and the National Institute of Standards and Technology (NIST’s Zero Trust Architecture). 

Dominic Delmolino, CTO of Accenture Federal Services, says that in addition to technology, agency IT leaders need to work on the culture and awareness around telework. 

“How do you help your workforce effectively and productively working from home?” he asks, noting that employees no longer have a commute to decompress after a workday and just may need more support in general. “How do you help people collaborate with all the people they interact with — suppliers, business partners, contractors? How do you collaborate across agencies or across organizations?” 

IT leaders need to also think through how to help workers whose jobs cannot be moved online.

MORE FROM FEDTECH: Learn about the technology behind videoconferencing tools and how to keep them running.

The Necessary Collaboration Tools for Remote Teams

There are numerous aspects of an agency’s telework toolkit that can set the agency up for success.

“The enterprise toolkit should address the increase in traffic from remote users across the infrastructure and access to the right hardware to maintain the infrastructure, such as servers, routers and other IT equipment at data centers, or infrastructure supporting access to enterprise systems,” the GSA spokesperson says. 

According to Adams, the main element is, “if an agency hasn’t already broadly adopted a collaboration tool and chosen collaboration apps, standardizing on a common platform can reduce barriers across groups.”

Videoconferencing Tools for Remote Work

Kerravala agrees, and says that agencies should move away from doing most collaboration over email, adding that this would be a good time to consolidate video and team messaging applications onto a single platform, such as Microsoft Teams, Zoom, Cisco Webex or Google Hangouts.

Additionally, Adams say, agency IT leaders need to do the following:

  • Enable users to securely access cloud apps from outside the agency network
  • Provide secure access to on-premises apps from outside the agency network
  • Scale-up access to desktop and app virtualization solutions
  • Support bring-your-own-device policies to enable access to data when agency-owned devices aren’t available

“There isn’t a one-size-fits-all approach for telework eligibility and security requirements across the federal government,” she says. “However, Microsoft has various protections built into its products that we hope will continue to provide some relief during this unprecedented time.” 

Remote Work Security: Multifactor Authentication and App Integration

Adams notes that exposing on-premises apps to the internet for remote access “leads to increased complexity and a larger surface area that security teams need to protect” and, therefore, “it is important to put the right controls in place so that agencies can have confidence in knowing only the right people are accessing their applications and data.”

One way to enhance cybersecurity is by connecting on-premises apps via app proxy or a partner integration and enforcing per-app conditional access policies, such as multifactor authentication. 

Jim Stout, a senior manager at Accenture Federal Services, says that agencies need to be able to simulate, through collaboration tools, the ability for a user to walk over to a coworker’s cubicle and see if they are available for a conversation about a project.

Susie Adams, CTO, Microsoft Federal
There isn’t a one-size-fits-all approach for telework eligibility and security requirements across the federal government.”

Susie Adams CTO, Microsoft Federal

Meanwhile, Michael Miller, senior managing director at Accenture Federal Services, says that the mission of the federal government is unique. There is a large component that is involved in providing direct services to citizens, he adds, and a lot of that involves paper. IT leaders need to ask themselves, “What do we have to do to our systems and processes to modernize that?”

Cybersecurity is a key consideration during telework, the GSA spokesperson agrees. Agencies should note that increased bandwidth may require solutions such as Managed Trusted Internet Protocol Service (MTIPS). Additionally, CISA’s interim TIC 3.0 Telework Guidance provides additional flexibility for meeting TIC security requirements while rapidly expanding telework capabilities, the spokesperson says. 

MORE FROM FEDTECH: How to ensure your VPN can handle work-from-home traffic. 

Project Management Tips for Successful Federal Government Telework

The GSA spokesperson notes that telework success is “less about the tools and more about [getting ] the stakeholders involved to find and procure the right solutions.” 

Agencies must have “the right plan and have key stakeholders at the table from the beginning,” the GSA spokesperson says. “It is a team effort, and everyone from leadership, acquisition experts and programs to the technical staff must be brought in, with the ultimate goal of finding the correct teleworking capabilities that can be delivered.” 

A key factor in successful telework is simply ensuring users have adequate bandwidth, Kerravala notes. If they have a strong broadband connection, then videoconferencing tools can be used; if they don’t, then audio-only communication may be required, he says.

In terms of security, federal government telework presents the opportunity to shift to Zero-trust security models and give users access only to the data and apps they need to, and not trust anyone from the outset. Clicks on random links are likely to go up with more users working from home, Kerravala says, which can lead to more successful phishing attacks and malware getting onto users’ devices.

For project management, agencies need tools such as Zendesk to manage work. “It’s necessary,” Kerravala says. “You have more people in more places. You can’t have a manager come around to everyone’s desk.”

Delmolino says agencies need to ensure every user has the necessary training and equipment for telework and that they have secured their communication channels.

“Can you do security management now further out from users, networkwise?” he says. “Do people know the contact for getting help to work remotely?”

Federal Government Telework: Best Practices for Videoconferencing

Agencies should understand the use cases of how the agency is leveraging the tools they are using for telework, the GSA spokesperson says. 

“There is a big difference in being able to use a web conferencing tool for staff meetings versus hosting large-scale virtual conferences with hundreds of participants,” the spokesperson adds. “If the agency’s IT staff can understand how the technology will be used, then the right amount of resources can be dedicated to the tool so it works properly.”

There are multiple tools for agencies to turn to for enabling collaboration while users telework. Here are best practices for using some of them.

How to Use Google Meet

When Google Meet is on, users can start a meeting from a browser, a mobile phone, or a Google Calendar event that includes a video meeting link, Google notes. Users can also start or join video meetings in just one click from Gmail on their desktop.

Admins can change settings to allow users to join video meetings, create video meetings and manage premium Meet features, such as joining a meeting by phone, and recording and streaming meetings.

With Google Meet, agencies can host meetings from anywhere with up to 250 participants, record for later viewing, or livestream to up to 100,000 people.

How to Use Zoom

On April 27, Zoom released Zoom 5.0, with stronger security features. With AES 256-bit GCM encryption, Zoom says it will provide “increased protection for meeting data and resistance against tampering.”

After May 30, 2020, all Zoom clients on older versions will be required to upgrade before joining meetings.

Zoom says agencies need to first get the right license and software downloaded, set up the software and ensure that users have the necessary webcams and audio peripherals. Then, users need to be trained on features such as screen sharing, whiteboarding and integrating their calendars.

How to Use Microsoft Teams

When first setting up Microsoft Teams, the most essential best practice is to define which of the four available security configurations (Baseline – Public, Baseline – Private, Sensitive and Highly Sensitive) is needed for the agency, Adams says. 

“This critical step will determine an agency’s level of protection as it limits the ability to access and collaborate on files stored within teams,” she notes.

IT admins need to make sure everyone has access to Teams, using the free six-month Office 365 E1 offer or the more premium version of Teams, according to Microsoft.

“If you already have a subscription that includes Teams, turn it on for everyone,” notes Microsoft. Admins also need to “understand how to get your organization started with Meetings and live events in Teams.”

scyther5/Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.