The shadow teleworkers: How informal arrangements threaten security

Unofficial arrangements making telework the new reality, bringing security questions to the forefront

Editor's Note: A version of this story was originally published in Government Computer News.

How many feds work from home or other remote locations?

The most honest answer is, no one knows for sure. The Office of Personnel Management reported recently that the number grew by more than 11,000 from 2008 to 2009, and that slightly more than 10 percent of eligible employees — or 5.72 percent of all federal employees — are teleworking.

These figures might not reflect the reality of government telework, however, according to both OPM and outside sources. In an Employee Viewpoint Survey conducted by OPM, 22 percent of federal employees reported they did some teleworking in 2009, many via unwritten, ad hoc arrangements.

Other studies suggest the numbers are even higher. A 2008 survey by the Telework Exchange reported that 42 percent of federal employees teleworked at least part of the time, and in a recent survey of federal workers by the Government Business Council for CDW Government, 89 percent of workers surveyed reported that they work outside the office, more than half of them at least weekly.

“However we feel about telework, people are working outside of the office,” said Josh Sawislak, a senior fellow with the Telework Exchange. “That’s the new reality.”

Much of this telework is casual, with employees using personal laptops, smart phones and other personal devices to check work e-mail, work on documents and make work-related phone calls while out of the office. While that does mean efforts to encourage telework may be even more effective than the official numbers show, it also puts a greater burden on IT administrators to ensure connections and devices do not compromise data.

Is the technology in place to ensure that remote workers are working securely? “That’s the question I wake up to at night,” said Josh Radlein, an inside solutions architect at CDW-Government.

The technology to tighten remote-access security  can be burdensome for employees. Eighty-six percent of the workers questioned in the Government Business Council survey said that security measures had prevented them from accessing information they needed while working remotely. Thwarted employees often find ways around security to do what they want, which can create additional threats no matter where they are working.

“Security is always a challenge, regardless of telework,” said Cindy Auten, general manager of the Telework Exchange.

To read the orginal, full-length article at GCN.com, including recommendations for agencies, click here.

Reader comments

Tue, Mar 22, 2011

Federal Acquisition Regulation Part 7.108, does allow for contractor telecommuting.

Tue, Mar 22, 2011 SOTE Contractor Fed Agency

There are no agreements, policies or procedures for telework by contractors. Neither the Feds nor Contract Management want to be responsible for anything. Just make the grunt do the work using their own computer, their own network connection, their own time. If something so wrong, well, the grunt wasn't approved for anything so it is all their fault.

Tue, Mar 22, 2011

"Much of this telework is casual, with employees using personal laptops, smart phones and other personal devices to check work e-mail, work on documents and make work-related phone calls while out of the office. While that does mean efforts to encourage telework may be even more effective than the official numbers show, it also puts a greater burden on IT administrators to ensure connections and devices do not compromise data." -- This last sentence is a false statement, and implies the existence of a false reality. There are no Federal system controls expressed in NIST 800-53 that depend upon the system that is _connecting_ to the government system. All the 800-53 controls apply to the destination system -- and rightly so. There is no possible means to ensure the security of the end user client system remotely. The cited statement above is pernicious in the extreme to a frank and honest discussion of securing government systems as it implies that a government IT service provider should move their focus off securing their service, and to a certain-to-be-incomplete attempt to constrain the clients. A service provider can configure and maintain their system appropriately, then manage authentication and connection protocols which are allowed to access the service, with appropriate service/session/log monitoring. There is nothing else, unless the service is willing to restrict itself to 1990's style single LAN desktop environments, disregarding broad government access, mobile devices or interfacing with the public. Few government service providers can be that insular in 2011.

Tue, Mar 22, 2011

You have to work outside of the office if you need to do any real 'Personal' Computer work other than paper pushing. PC's are locked down so much that they are, in most cases, nothing more than a smart terminal with local storage (and even the local storage is going away with the 'cloud' push). Granted, it is cheaper and easier to have a "one size fits all, no one gets anything" uniform setup from the view point of PC maintenance, but I wonder if anyone ever looked at the cost from the other end in lost and crippled productivity time?

There are many simulation packages that I can not use because it takes too long and too many chains to get approved (if they even look at the forms), even though they are free. But they make our work much easier and faster, even if I go home and do the work for the next day. And since requirements vary, the need for the various programs is a moving target, not a computer controller's favorite subject.

How do we get the data back and forth since thumb drives are banned? DVD, CD, all that 'old fashion, not needed anymore' technology. Even FTP sites are still working in some cases and are used to transfer data between companies, or home. Unfortunately, some things can not and should not be taken home, classified in my case, personal data in the case of the paper pushers who do not want to go to work.

Is my customer happy? Yes. Is the Taxpayer well served? Yes. Illegal? Yes. Will true telework as Raidlein appears to envision it solve the problem? No.

Tue, Mar 22, 2011 T

The telework number of 89% is totally unrealistic and way too high. Was the survey done in one shop that promotes telework? Check the sources and don't use unrealistic fictional numbers to inflate a story's attempted point.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above