Despite official urging, telecommuting within US federal agencies is languishing, in part because standards for how to secure mobile endpoints don't exist -- mainly the laptops telecommuters would use when outside the office.
Federal CISOs, who are aware of data breaches in both the public and private sectors that have compromised personal information of thousands of people, say that security of laptops -- the key to most telecommuter programs -- is their biggest worry.
At the same time, government managers face existing federal laws dating back to 2000 that mandate telework programs. In addition, new pressure is being applied for them to encourage more government workers into telecommuting programs as an attempt to dramatically boost the number of work-at-home employees.
Some government CISOs say the best course of action is to follow best practices set down by the National Institute of Standards and Technology (NIST) -- the closest thing to certification available.
NIST recommendations include basics such as installing, running and updating antivirus software; periodically scanning machines with spyware-removal software; and adopting a "paranoia level" of security awareness when writing personal firewall rules.
NIST also encourages encrypting data on laptops and as it is transmitted and the ability to remotely lock down laptops reported lost or stolen -- good advice but not as formal as top federal network security executives want.
The General Services Administration (GSA) -- which has championed telecommuting for years -- has set a high bar for its own program. At a recent forum run by the industry group Telework Exchange, GSA administrator Lurita Doan called for a dramatic leap in telecommuting for her agency by the end of 2009.
With just 10 percent telecommuting today, she set goals of 20 percent to be telecommuting by the year-end, and 40 percent by the end of 2009. According to published GSA estimates, just 4 percent of federal workers telecommute today.
The U.S. Office of Personnel Management breaks that down further, saying that of those who telecommute, only a quarter of them do so three or more days per week, and 39 percent do so less than once a week but at least once a month.
While other factors weigh into the slow adoption rate, a recent survey of federal CISOs found that 63 percent say securing mobile devices used at home is their top data-security priority, but they have no way to know that their precautions are adequate.
The overriding problem federal CISOs face is that there is no official certification of mobile devices that assures them that laptops they issue comply with the Federal Information Security Management Act (FISMA), which contains the blueprint for all federal telecommuting.
According to a survey by Telework Exchange, 83 percent of these CISOs want certification of what comprises a secure mobile endpoint. The survey is based on responses of 35 out of 117 federal CISOs.
They want secure machines but also want the security to work without much user intervention, a complication that could reduce willingness to telecommute in the first place. "Let's just face it, we as people just want access, we don't really care about security," says Dennis Heretick, CISO for the Department of Justice, at a recent forum on federal telecommuting.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
FrontRange Solutions launches HEAT Plus Mobile to reduce help desk costs and improve service management productivity 2008-12-02 15:15:00+11
AARNet Helps to Advance Indigenous Health 2008-12-02 12:44:00+11
Orbis selects Telstra International as its data centre partner for the UK, Europe and Middle East Region 2008-12-02 11:23:00+11
ComOps Deploys Corporate Performance Reporting Solution For Healthcare Test Manufacturer 2008-12-02 10:09:00+11
Mornington Peninsula Shire implements Objective to manage knowledge and deliver service excellence 2008-12-02 09:56:00+11
Taking On Demand CRM Integration to the Next Level
Discover the current integration challenges facing businesses attempting to deploy on demand CRM systems. Learn how to create comprehensive integration of your data, user interface and business process levels and transform a portfolio of disparate applications into a unified, virtual application suite.
Buying Guides
Latest Products
Buying Guides
