Diane O'Grady ensures Loudoun County, Va., employees have the right tools for telework.
Mar 27 2008

Supporting Teleworkers

Organizations apply a mix of technologies to protect the network and better manage remote clients.

Going green is one reason why an increasing number of organizations offer telework programs. Aiding recruitment and retention through work/life balance is another.

Whatever motivates government organizations to embrace telework programs, implementing IT policies and procedures is key to mitigating the risks of supporting remote workers.

A fundamental best practice for any telework program is to think of the telecommuter’s location as an extension of the office. “One of the biggest gotchas for IT is that they believe there has to be a certain critical mass of teleworkers before they implement a policy,” says Don Judson, CFO and chief operations officer at OpenSky, an IT consultancy in Hartford, Conn.

That misstep can expose an organization to security threats, which tops the list of concerns for any telework program, according to Merle Sandler, senior research analyst for the small-business and home-office programs at IDC. “A formalized process needs rules and policies,” she says.

Telework best practices begin with security but don’t end there. There is a telework technology continuum to consider, from employees who need low-level technology, such as a PC and telephone, to those who require more costly and
complex capabilities, such as videoconferencing and wireless data access.

Judson, for example, is working with Connecticut’s Department of
Developmental Services on issues related to telecommuting for caseworkers who tend to spend a few days a week on the road. “A big concern about initiating a program for these employees is the sensitive nature of their data and HIPAA [Health Insurance Portability and Accountability Act] compliance,” says Judson.

Compare state caseworkers with data-entry folks, and it’s easy to see that all teleworkers aren’t created equal. In other words, different job functions have different technology requirements, which may include all or some of the following: voice communications, office equipment, connectivity, security, collaboration tools and systems management.

Back in 2006,
Loudoun County, Va., opted to take a fresh look at its 10-year-old telecommuting policy. With a goal of 10 percent employee participation in the program by the end of 2006 and 20 percent by the end of 2007, the county hired a full-time telecommuting-
program coordinator. “The county had no formalized IT procedures or IT tool bag,” says Diane O’Grady, county telework coordinator in Leesburg.

After initial meetings with the IT department, O’Grady and her team assessed job functions with technology needs and came up with some core IT rules that would apply to all teleworkers regardless of their individual technology requirements.

Falling under the security umbrella was the first best practice, which mandates county notebooks for remote workers. “In other words, we own them,” she says. County ownership of the asset allows the county to control the make, model, OS, security and software allowed on the device. Equally important, it minimizes support issues.

“A company-owned asset allows you to control additional vulnerability by locking down the device,” says Judson, who recommends add-on solutions that prevent the machines from booting, printing or copying data to remote devices, such as external hard drives.

Lockdown Lowdown

According to a recent Gartner report, locking down and managing PCs closely can reduce total cost of ownership by 18 percent to 36 percent. Client-side firewalls — such as Check Point’s ZoneAlarm, Microsoft’s XP firewall or similar products from Symantec and McAfee — allow device administrators to set policy for what a user can and cannot do.

Loudon County uses a virtual private network to secure access through the Internet. There are a number of vendors who offer robust VPN clients, such as Cisco Systems, CA, Nortel Networks and SonicWall, to name a few.

While client-side firewalls are an independent piece of software without interoperability issues, the network firewall and VPN client may raise interoperability issues if they’re not from the same vendor, says Judson. Other security products include antivirus, antispam and spyware-
detection programs.

Just before Norman Jacknis recently resigned as CIO of Westchester County, N.Y., to join the private sector, he was evaluating encryption solutions for county employees who telecommute. Whether the telecommuters work for the county clerk’s office doing data entry or are social workers or health inspectors in the field, protecting the organization’s data is high on the list of best practices. After all, losing a notebook happens. Exposure of sensitive data can lead to multimillion-dollar lawsuits and bad publicity.

“We also don’t allow users to move large quantities of data to a hard drive,” says Jacknis. Most of the county’s applications are Web-based. Telecommuters also have access to databases in the county’s data center.

Risk management in Westchester County also dictates additional security measures, such as providing teleworkers with a router that adds another layer of protection and also allows IT to monitor the remote connection.

Successful telecommuting programs also make systems management part and parcel of the core best practices policy. Again, savvy IT departments understand that remote workers are simply an extension of the office network and must be treated equally.

Jacknis uses remote control and remote diagnostic software from Altiris, now owned by Symantec. Altiris software helps organizations manage and service network-based end-points including mobile devices and notebooks.

OpenSky’s Judson notes that for some organizations, supporting the end-node isn’t obvious because the person and the device are out of sight. However, without support, user productivity is likely to suffer.

He suggests that IT managers use products, such as Microsoft’s System Management Server (SMS), to collect information over the Internet on such things as hardware and software inventory, software distribution and network control — the three core functions for remote teleworker support.

The bottom line is that the key to implementing and maintaining a successful telework program is organizational involvement, buy-in, planning and ongoing management.

Teach Them Well

End-user training not only increases productivity, but makes telecommuters knowledgeable about IT policy, the importance of data confidentiality, and management expectations.

Expert Advice

The Metropolitan Washington Council of Governments offers the following recommendations for supporting the IT needs of teleworkers:

  • Get buy-in from all parties, including senior management, IT, facilities and users.
  • Proactively address potential problems through support and training.
  • Define and communicate help-desk procedures.
  • Establish acceptable service-level agreements.
  • Set expectations and get feedback early and often.
  • Specify standards for equipment and software and define remote-access procedures.
  • Establish guidelines for installation, ownership, maintenance and repair.
  • Set policies for equipment and data security, backup and virus protection.
  • Periodically review requirements and keep abreast of new technology.
  • Treat the process as a continuum and keep an open mind.
Michael J.N. Bowles

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.