In what seemed like the blink of an eye, millions of federal employees across intelligence, defense and civilian agencies shifted to remote working environments because of the COVID-19 pandemic. Federal agencies aren’t typically known for expansive telework policies, so the transition was quite dramatic, as well as intimidating for the IT teams facing this enormous challenge.
Flash forward a few months and agency chief information officers are lauding the success of their telework programs. Despite concerns about the mass shift to working from home, agency IT leaders are saying not only has productivity been sustained, but some agencies report increased performance from their remote workforce.
For instance, the Social Security Administration reported they are processing claims and appeals faster, resulting in a substantial decrease in the backlog of cases. Former federal CIO Suzette Kent has talked about the promise telework has shown and what it means for agencies’ future operations.
“Federal teams can now reconsider what their physical footprint needs to look like. But more importantly for all of us, what continued investments we need in our technical infrastructure and what our future road map looks like of digital capabilities,” said Kent during a recent keynote address.
But, despite the telework successes being discussed, there have no doubt been bumps along the way. Agencies are still navigating telework limitations and challenges deploying secure devices for workers, which is particularly an issue for those that require access to sensitive information or classified networks.
Of course, this isn’t entirely new as remote deployments are necessary in other situations, too. Federal disaster recovery and response efforts, as well as military and intelligence operations often require unexpected deployments in various locations. COVID-19 amplified this challenge for agencies on an unprecedented scale and redefined the requirements for enabling a truly mobile, distributed and secure workforce. After all, there is a significant difference between enabling and securing a few hundred remote users and then suddenly needing to scale that for thousands of users with different requirements.
The National Security Agency’s Commercial Solutions for Classified program established stringent security requirements for end-user devices — laptops, tablets and smartphones — to connect to secure networks. The CSfC security constructs are undoubtedly necessary to facilitating secure telework environments, but getting there can also be a complex process.
From a technical standpoint, this has traditionally required agency IT teams to install and configure two layers of encryption using IPSec and/or transport layer security clients, manually configure devices to achieve separation of IP stacks, install and securely store certificates, and perform further configuration of in-host routing to achieve the desired networking and security posture. Without the right tools and processes in place, this can become a time-consuming procedure fraught with possibilities of user/admin error at each step. For large-scale deployments, this can lead to excessive delays, costs and mistakes in delivering devices to end users who urgently need to remotely access classified networks.
Meeting the requirements of the CSfC program is the critical initial step to meet the government’s current needs for efficient and effective mobile classified data access. But typical configuration processes don’t provide the flexibility agencies need to rapidly enable workforces. The security requirements from the NSA need to be augmented to make such devices easy to provision, deploy and use. To achieve this, agencies should seek out and embrace automated tools that deliver the speed, security compliance and scalability needed for any situation.
Introducing automated, rapid deployment solutions can help agencies accelerate the necessary CSfC installation and configuration process. With the right solution, IT leaders will avoid manual steps, improve the speed and accuracy of device provisioning, while reducing the training required for the personnel performing the provisioning. Ultimately, automated tools can reduce configuration time from 4+ hours per device down to 15 minutes, saving agencies resources and valuable time.
So, even as agencies begin bringing employees back to the office, with the threat of a second wave of coronavirus, IT leaders can’t rest on achieving some telework successes. Agencies should be exploring solutions that will better enable remote workforces in the future.
As evidenced over the last four months, adaptability is key to navigating uncertainty and rapid deployment of secure telework capabilities has never been more critical to ensure operational continuity and keep personnel safe.
Eric Jung is the CSfC program manager for Perspecta Labs — the applied research arm and innovation engine for Perspecta Inc., a leading U.S. government services provider to customers in defense, intelligence, civilian, health care and state and local markets.