$58,578,689
91,528,961
$11,605,094
17,483,666
What is Telework Exchange?
    Press Room

Home

Register

Log In

The Teleworker
    March Issue

Telework News

Online Telework Eligibility Gizmo

Town Hall Meeting
    Session Presentations
    Event Photos
    Fall 2008 Meeting

Tele-Vision Awards
    2008 Winners

Resource Center
    Success Stories
    Technology
    Research Studies
    Leaders
    Federal Agency Information
    Legislative Perspective

Commuting Costs Calculator

Telework Savings Calculator

I Scream for Telework

Money Tree Campaign

The Water Cooler

Industry Associates

Affiliates

Submit Feedback

Privacy Policy

Contact Us

Site Map


Copyright 2008
Telework Exchange

Welcome, today is Friday, May 16, 2008




Telework Security is Necessary and Possible

There used to be an old adage in security circles that when designing a system, an agency had to choose two of three desired characteristics: strong security, high performance, or low cost.

That no longer applies, according to Dennis Heretick, the long-time chief information security officer (CISO) for the Department of Justice who recently retired. “I think the technology today really supports us in getting all three of those at one time,” he says.

That reality should be taken to heart by telework leaders, who with the right technology choices can gain all of the promised productivity and employee morale benefits without breaking the bank. “Telework can be a highly productive, highly secure, low-cost alternative to working in an office,” Heretick says.

The following technologies can support telework programs in their effort to get a best-of-all-worlds computing environment:

  • Secure Application Delivery – This gives the network's central presentation server the ability to assess where a user is located and what the level of security is at that endpoint, provide access to the specific resources that each user needs to do their job, and apply rules that govern that user's access to those resources. At Justice, for example, during a terrorist attack, this capability enables someone from outside of the agency who needs access to Justice resources – say, for example, authorized personnel from Customs and Border Protection – to access sensitive information on the Justice network while limiting their ability to copy, print, or forward the information
  • Two-Factor Authentication – Most networks tend to rely on a single personal identifier, such as a password, to allow entry to a network. Two-factor authentication requires a second identifier, such as a token or a device that is associated with the end-user, not unlike the way check writers historically have had to present a driver's license and some other form of identification
  • Intelligence-Based Encryption – The ability to encrypt data is a must if a teleworker's job requires them to store information on their computer, but newly-released products now will allow users to intelligently encrypt only sensitive information – or they can still encrypt the entire hard drive
  • Emulated Desktop – Historically, it's been considered a cardinal security sin for an employee to use a home computer for work projects, but thanks to the availability of emulated desktop technology, remote workers can use their personal machines as a kind of dumb terminal. All functions except for the keyboard, monitor, and the processing of the initial connection are eliminated. “As a result, you don't have to necessarily jump everyone who wants to work remotely to a device that's maintained by your agency or department,” Heretick says, noting that under these circumstances, a teleworker's access would still be restricted only to the information they need to do their jobs. “This limits and isolates the normal functions of the home computer so it becomes only serves as a secure, encrypted connection”

Heretick says that telework is such a powerful, beneficial practice that people often focus on making sure that they're meeting productivity measurements and keeping costs down, but then take shortcuts on security. Sometimes, they put limits on their budget and put it all into security, which results in poor application performance. Still others put so much effort into meeting security and performance requirements that they end up not being able to afford it.

Such choices no longer have to be made. “They really can have all three: security, performance, and low-cost,” Heretick states. “They just need to recognize that their system needs to be engineered, tested, and designed from the ground up with security, reasonable cost, and performance all considered. It's a balance, but it is a balance that is achievable.”



March 2008 Articles

From the Hill: U.S. Reps. Davis and Sarbanes Set to Keynote Telework Exchange Town Hall Meeting

Telework and COOP: A Critical Alliance

House Subcommittee Hears Advice on How to Increase Telework Adoption

Next Generation of Federal Workers Will Demand Telework

Telework Security is Necessary and Possible

A View from the Private Sector

Let’s Talk Telework

Telework News Update

Print the March 2008 The Teleworker Recap