At one level, telework is a win/win/win for employees, companies and society. We can “go green” and help the environment, reduce road congestion, help with our national oil crisis, lower company rent, support work-life balance, attract new talent and younger staff, increase morale and save money at the same time. And yet, according to a report given to Congress in December 2007 entitled, Status of Telework in the Federal Government, the number of federal teleworkers actually dropped from 2005 to 2006, with just over six percent of federal workers officially telecommuting.
With all the potential benefits, one would expect government at all levels to be providing substantially more investment in telework. To the contrary, in my experience, most local, state and federal governments and many private organizations want the benefits without the costs, which won't work. A U.S. Office of Personnel Management (OPM) report, which is available at www.telework.gov, stated that, “In 2006, more agencies asked employees to assume all the expenses of equipment/services for telework (36 percent as compared to 29 percent in 2005).”
Yes, some companies and governments have made serious financial investments in telework and seen a significant return on investment (ROI). A 2006 GSA Telework Technology Cost Study (available at www.gsa.gov/telework) describes the opportunity for 200 percent to 1,500 percent ROI in the first year.
When my brother started teleworking for IBM a few years back, they made a big initial investment in his home office, including security and a wide variety of hardware and software to enable productivity in required tasks. They also put the necessary policies, processes and procedures in place to ensure a successful experience. It worked, but it wasn't cheap.
On the contrary, many governments and businesses push for telework programs with a $0 budget. Basically, they wanted employees to use home PCs. That's it. No work laptops, no home network checks for security, minimal training. While this is a tele-recipe for disaster, be careful. Security leaders who “just say no” for good reasons can still be labeled as “party poopers” who are against telework.
So I've gone on record as being in support of “secure telework.” We can argue about what that really means, but one thing for sure, it certainly requires true investment with staff being issued business-owned assets, such as laptops that are secure. (The GSA report specifies an average annual per user spending of $1,920 by federal agencies on telework IT a few years back.)
My advice to security professionals: Make sure your company or government has a secure model for telework and seeks full lifecycle investment from business areas.
Dan Lohrmann, CISO of the state of Michigan, was the recipient of SC Magazine's CSO of the Year Award, presented April 8 at the SC Magazine Awards Gala, held in conjunction with the RSA Conference. For a video interview with Dan, click here.