By Gregg Smith, CEO, Attila Security
Government agency employees have more challenges than most when it comes to working remotely. Even as the pandemic accelerated virtual work arrangements in numerous sectors, government agencies and the military lagged behind. There are many reasons for this:
- Each government agency is structured differently. Some have the systems and applications to support telework and some don’t.
- Federal agencies are typically secure for unclassified information. Classified information is a different (more challenging) issue.
- Many government departments were set up to support very few endpoints outside of their networks. If an entire staff of endpoints exist outside of the network in the form of remote workers, new structures and solutions are required.
Who in the Government Can Work Remotely?
Before the COVID-19 pandemic, government agencies had a straightforward process which identified the individuals who could work remotely. This would depend on their job requirements and what level of connectivity they needed to have.
The designation of “ability to work remote” would be applied to a certain percentage of staff based on two scenarios. In the first scenario, those workers would be mobilized due to regular life circumstances. In the second scenario, a different number of workers would be mobilized in the event of an urgent need.
Each agency would be required to have the equipment and capacity to deploy equipment for all identified “possible remote workers.” If the need arose, the selected percentage of workers would work remotely and the rest would go on administrative leave.
The pandemic disrupted these modest projections and was a wake up call to many agencies who found themselves unprepared—both in terms of protocol and equipment—to activate a larger remote workforce.
Planning and Provisioning a Secure Federal Workforce
The reality many government agencies woke up to was that they need a better plan for a secure remote workforce. Immediate issues of cybersecurity and technology are being addressed. Many technologies are available that can secure networks with remote endpoints and are easy to integrate with endpoint devices or cloud services.
Strong firewalls and VPN combinations with NIAP certified encryption can protect a network and its remote workers. This provides all-important outer perimeter protection and authorization verifications.
Hardware VPNs are a preferred solution for many reasons:
- No software compatibility concerns
- No end-user device software requirement
- Central maintenance (less than software alternatives)
- Built-in firewall and isolation (remote endpoint and central network protection)
- Hardware VPNs lower endpoint attack surface
- Lower risk of VPN hijacking
- Traffic control
- Lowered risk of user error or misconfigurations
Many hardware VPNs allow multiple devices to connect at once. They also make Bring Your Own Device (BYOD) a possibility. Personal devices have rarely been allowed by government agencies. This reality alone is a barrier to having more employees working remotely. If implemented in the right way, hardware VPNs could create a secure enough environment for personal device use.
Government agencies may find that remote work is easy to implement and oversee with a combination of hardware VPN and a Virtual Desktop Infrastructure (VDI). This precludes the need to have a huge quantity of devices at the ready and creates a trustworthy, verifiable end user connection.
The Future of Remote Work for Government Agencies
Pandemic or not, government agencies have to assess their capacity to activate remote workers. This includes better solutions that address all critical cybersecurity issues. Many times, one-stop-shop solutions are insufficient to resist real cybersecurity threats. Instead, federal agencies need to take a long hard look at how they acquire cybersolutions and employ a methodical approach to reliable security measures.