After a year of emergency response, IT leaders are planning for a permanently changed operating environment.
The government's emergency pivot to telework in 2020, while impressive in both speed and scale, was in many ways a tactical scramble for stopgap solutions. Now, with a year of experience and the prospect of post-pandemic operations on the horizon, IT leaders are reshaping their agencies' plans for secure connectivity going forward.
FCW recently gathered a group of IT leaders to explore how they are approaching both the workforce and IT infrastructure challenges. The discussion was on the record but not for individual attribution (see sidebar for the full list of participants), and the quotes have been edited for length and clarity. Here's what the group had to say.
Collaboration is key
A full 12 months into maximum telework when the mission allows, the participants agreed that structuring most systems to be location-agnostic was no longer the issue and that a solid foundation was in place. Several said the emphasis now is on supporting better collaboration among far-flung team members.
"If you begin with the assumption that there's more work that's going to be done remotely," one official said, "the other piece of the roadmap that we're looking at a lot more carefully is how collaboration occurs — particularly if you're assuming that there's always going to be a remote presence in that collaboration."
CIO, National Transportation Safety Board
CTO, Global Talent Management, Human Resources Executive Branch, Department of State
Trusted Internet Connections Program Manager and Senior Cybersecurity Architect, Cybersecurity and Infrastructure Security Agency
Telecommunications Branch Chief, Defense Information Systems Agency
Senior Technical Advisor, Department of Transportation
Portfolio Manager, CDM DEFEND, CISA
Deputy CIO for Operations, Internal Revenue Service
Juniper Fellow, Juniper Networks
CIO, Export-Import Bank of the United States
CTO, 128 Technology, Juniper Networks
Note: FCW Editor-in-Chief Troy K. Schneider led the roundtable discussion. The April 13 gathering was underwritten by Juniper Networks' 128 Technology, but both the substance of the discussion and the recap on these pages are strictly editorial products. Neither the sponsor nor any of the roundtable participants had input beyond their April 13 comments.
Another raised the "pedestrian" but important question of "how do we equip our conference rooms on site to allow people who are working remotely to feel part of the meeting, to feel totally engaged? It seems pretty straightforward, but we're finding that it's not. It's actually going to be quite expensive."
A third participant said hybrid collaboration "also affects document management strategies, including workflow and a lot of interactions that with a physical presence are handled one way but require a technology approach that's a little bit different when you have that remote assumption."
Although several participants said their organizations' adoption of Microsoft Office 365, Teams and other platforms had proved invaluable, the human habits were still a work in progress. "How you engage with the tools and how you behave in a collaborative context can have a big knock-on effect on how your colleagues experience the collaboration," one noted. "If we don't pay attention to behaviors, oftentimes we can be very suboptimal with the use of the tool. So another thing we're thinking about is a lot more outreach and proactive evangelism about how we want to see people interact with the technology."
Finally, the group agreed, the variety of platforms being used continues to pose challenges. "Our entire environment in our building is locked down," one official said. "So it's been quite challenging when people pop up and say, 'Oh, here's the Zoom meeting. Here's a this meeting. Here's a that meeting.' If you're on site — in some cases we do have a lot of on-site presence — we couldn't even participate in some of these collaborations."
When it came to individual work, one surprisingly persistent question was how much hardware to provide for remote workspaces. Although computers and mobile devices have largely been provisioned, employees are increasingly asking for "the same things they had in the office," one participant said. "They started saying things like 'I want three monitors to plug in at home,' or 'How about an office chair?' So we've been dealing with policy stuff and trying to formulate what we should be providing and what we should not."
Employees at that agency have been given headsets, "and they've also been able to go to the office and take their wireless keyboard and mouse home and things like that," the official said. "But when you look at the private sector, they've been giving stipends and providing funding to build your own office."
Another official said: "It's really fine-tuning what telework means, not only from the standpoint of does your position allow you to work full-time from home but then what are the additional tools that you need?"
No telework without telecom
Another unresolved challenge is secure and sufficient connectivity. "The only pain point we had when we had everybody go remote was the bandwidth," one official said. "Because of the Trusted Internet Connections program, everybody had to go to our cloud through our trusted internet connection. And we had to really scale it up."
That experience was not uncommon, another official confirmed, adding that "some agencies were waiting on the TIC remote-user use case to be released for the acquisition process to start."
With the increased importance of videoconferencing and real-time document sharing, another said, "we need to drive forward to Class 5 routing. If you're really going to want to have some people audio, some people video and assemble the workforce on multiple security planes, maybe direct dialing is one of the aspects we really need to get to empower the workforce. It's one of the deficiencies that we're trying to prioritize."
"You can't have telework without a focus on telecom," another official said. "And the federal space especially has allowed itself to be almost in vendor lock with small office building-based solutions that CIOs traditionally have a very hard time federating across the physical space and virtual space. I think it's time the federal government starts to follow the commercial example for centralized carrier-based telecom solutions and away from these small office PBX exchanges. It's about 10 years behind the interoperability and open standards of the transport layer. It's long overdue."
"The workforce has shifted from inside-the-building-out to outside-the-building-in, and we spent decades hardening the building and compartmentalizing all our information," another official said. "As you start to merge the application layer, there are strict prohibitions to video, for example. And as we collapse the edge, we're finding a lot of incompatibility, and we're excluding our workforce. So our roadmap is to really focus on what's an inside-the-building versus an outside-the-building mission and try to enable those efforts."
There are also specific processes, such as digital signatures, that continue to cause friction. "We have a remote desktop that you can log into and do digital signatures," one participant said. "We can't do digital signatures virtually, and that's been a big problem, especially if you're an executive where you're signing official documents. I'm constantly logging in through a Citrix connection to access local resources to do digital signing of documents and things like that." The tension between security and productivity is still there, so "how do you adjust your workflows to accommodate that?"
To move away from such local-network approaches and still ensure security, the group agreed that agencies need a more data- and identity-centric approach to security. "You need to make sure that you have extreme logging for all the tools that you're using," one official said, "and all your applications should have granular access controls." (For more on agencies' zero trust security efforts, see page 39.)
The Cybersecurity and Infrastructure Security Agency is taking steps to help deliver the necessary data, other participants said. A key focus is the Cloud Log Aggregation Warehouse. CISA is "moving its sensors closer to the edge to recognize what's going on in an agency's environment — closer to where the agency's cloud environments are," one official said. "This is us distributing our systems to help the agencies as they move forward."
Keeping (and competing for) talent
Overall, the participants said, the networking and other IT issues were manageable. The IT workforce, however, felt like a more significant challenge. Although much of the technology work can be done from anywhere, many agencies are not prepared to move beyond partial telework — and some employees are now pushing for fully remote, work-from-anywhere arrangements.
"We were 100% in person pre-pandemic," one participant said, "and I can tell you, I lost quite a bit of talent because of that."
Another concurred, saying, "I've had people hired away for basically the same position at the same pay but location-agnostic, which people consider a superior offer." After a year largely away from the office, that official was worriedthat the attitude would spread. "I'm a little concerned about how that all works out."
"There's also a disconnect between job function and willingness to return," a third participant said. "I have people in critical roles who say, 'Not coming in. No way, no,' and then people with non-critical roles who say, 'What do you need, boss?' So I'm trying to reconceptualize how we utilize people and afford new opportunities."
On the flip side, agencies that are willing to move away from location-specific hires can tap talent outside the National Capital Region and other highly competitive job markets. There are onboarding challenges, locality-pay questions and other policy matters to address, the group said, but as one put it, "We're not likely to go back to the predominantly folks-in-the-office model for at least the next year. And who knows after that? So we're starting to embrace full-time remote employees who won't necessarily be in the region."
Another participant's organization has virtually onboarded nearly 300 people. "I have team members now I've never met in person who have been working for me for six months," that official said. "It's working well."
Managers also recognize that the pandemic has upended employees' lives outside of work. "We have people dealing with child-care issues or elderly parents, all sorts of things," one participant said. "I've had requests for people wanting to telework from Canada, from Europe, from all over. And unfortunately, I've had to say no for IT security reasons. But we're working on policies that would enable that. It depends on the job, and it depends on the individual's personal situation."
Finally, several executives said, many employees prefer this post-office model, and a satisfied workforce is more productive. "We've been doing more work than we ever have, and everybody's happy," one said. "So I think that's going to stay. I'm wrestling with it, and I have the luxury that my leadership has said that I can determine my telework posture as an IT organization."