Comment

How a telework bill can boost security, modernization

cloud-enabled telework 

As federal agencies continue to modernize remote work environments, new legislation would permit full-time telework for public sector employees for the duration of the pandemic. In addition, agencies can leverage dollars from the Technology Modernization Fund (TMF) – where an additional $125 million was requested in the FY 2020 budget. These funds can be used to upgrade infrastructure to better secure systems and data – and continue to deliver on agency missions.

The need for modern, secure remote work environments is critical as employees continue to connect, share, and collaborate outside of the office – and will continue to do so for the foreseeable future.

The bipartisan Pandemic Federal Telework Act of 2020 would solidify what federal agencies are already practicing today. However, the telework landscape shifted rapidly over the last six months. For example, in 2018, 42% of federal workers were eligible for telework – and only about 22% of those took advantage. Today, the vast majority of federal workers are remote. According to Beth Cappello, deputy CIO at the Department of Homeland Security, the department turned an average daily load of 10,000 teleworkers into 70,000 almost overnight. It supported a 200% increase in traffic to the Homeland Security Information Network.

Considering this rapid expansion of telework, agencies must consider the sustainability of remote infrastructure long-term, reassess legacy technology – and ask if it is still effective in a remote-work setting.

The shift to telework has also, importantly, exposed a set of cybersecurity challenges for agencies who may have been already struggling with basic blocking and tackling of endpoint hygiene, system patching, and compliance long before the crisis hit. When you factor in the spike in bring your own devices (BYOD) alongside agency-owned assets operating outside the protective perimeter of the enterprise local area network (LAN), agencies are experiencing a massive increase in risk.

The remote work status will remain in effect well into the future – whether this legislation passes or not – and the focus of agencies must shift to improving security and reducing risk.

Agencies must continue to push updates to the remote endpoints and maintain compliance with security and operations policies. These functions are often very resource intensive – if deployed via the virtual private network (VPN) – and will consume precious bandwidth and increase latency and performance issues for users.

With a shift in how devices are connecting to the network – and new challenges managing those devices – it's critical that cyber hygiene evolves quickly to keep teams working and networks safe.

Agencies must consider a radical rethinking of how IT administrators manage and secure operational environments. This new approach must:

  • Provide end-to-end visibility into the new, borderless, operational environment
  • Monitor and manage endpoint usage, performance, and security in real-time without concern for where the endpoint resides
  • Monitor and manage distributed workforce infrastructure and software deployments and patching
  • Continue to manage existing centralized infrastructure
  • Help enforce policy and maintain fundamental cyber hygiene
  • Account for and protect the type, location, and state of protected data now residing outside the perimeter of the enterprise LAN

All of this must be done without negatively impacting the remote connectivity infrastructure – which is primarily intended to carry critical user data, not endpoint management traffic.

Leveraging a single platform that integrates endpoint management and security unifies teams, effectively breaking down the data silos and closing the accountability, visibility, and resilience gaps that often exist between IT operations and security teams. It also enables agencies to leverage a modernized approach for end-to-end visibility across end-users, servers, and cloud endpoints as well as the ability to identify assets, protect systems, detect threats, respond to attacks, and recover at scale.

Agencies have seen the success of telework over the last seven months – and it's clear that we will continue with a distributed workforce for months and years to come. This bipartisan legislation keeps federal employees safe and ensures the delivery of vital citizen services. Further, if TMF dollars are leveraged, there is even more opportunity for innovation. The passage of this Act cannot be about politics. But with voting already underway in the 2020 eleciton, everything is political. The passage of this Act will safeguard the health of the federal workforce as well as federal continuity of operations.

Building long-term resiliency requires a generational step forward. Agencies must take a collective approach towards IT modernization and consider how to ensure staff can work effectively and efficiently from anywhere. That begins with shifting how IT administrators manage and secure operational environments.

About the Author

With 30 years of federal and private sector industry experience, Egon Rinderer leads Tanium’s technology efforts as global vice president of technology as well chief technology officer of Tanium Federal. Joining Tanium at a time when the company numbered fewer than 20 employees, he has held roles ranging from technical account manager to federal pod lead to global vice president of the global TAM organization. Prior to joining Tanium, Egon was with Intel Corporation and served throughout the U.S. military and intelligence community in the United States and abroad in an operational capacity.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected