Don't Make Telework a Security Scapegoat

Photo: John Welzenbach

Under most circumstances in our everyday pursuits, few of us would rationally or consciously overlook anything that might compromise either our privacy or fundamental security.

The same philosophy certainly applies to the federal government: Seeking and finding solutions to each and every security and privacy issue is absolutely critical — critical to achieving objectives, but also critical to maintaining a vital trust relationship with the nation’s citizens.

In several recent well-publicized incidents, data security and privacy were compromised — including a notebook PC stolen from a government employee’s home as well as the brazen theft of a desktop computer whisked from someone’s office. Such incidents are extremely alarming, and no one would reasonably argue that any compromise of privacy and security is tolerable. But agencies must not overreact or misdirect their response by curtailing telework initiatives.

For a proper analysis, we must ask two pertinent questions: How do these incidents relate to telework? And what needs to happen to reassure anxious citizens that agencies understand the gravity of potentially compromising identifying information?

To address these questions, an absolute prerequisite is a meticulous examination of the facts. We do know that extremely few, if any, of these incidents involved telework. The spotlight now shines on telework simply because many workers use government-issued systems to work from home or telework hubs. And maintaining the security of those systems — as well as the information on them — is among teleworkers’ salient responsibilities.

So it’s valid to bring the issue to light; it’s just not valid to blame teleworkers for incidents they had nothing to do with.

But make no mistake: No matter how we slice and dice the analytical process, a mobile, distributed workforce is a guaranteed part of the government’s future. From any perspective, telework simply makes too much sense: the environmental and traffic-related benefits of reducing vehicles on the streets; the ability to retain security-cleared employees when agencies or missions relocate; and the work and life issues that make telework attractive to government and its employees.

So let’s redirect our focus to address the real issues: privacy and security. Given the proliferation of mobile devices — from cell phones and personal digital assistants to notebook PCs and handheld computers — the need to keep hammering away at privacy and security matters has never been greater.

“People don’t always use the tools that are available in a way that would identify or avoid problems that develop as things change — as technology changes, as work patterns change,” says privacy consultant and former House Government Operations Committee staff member Robert Gellman. “It’s not like we don’t have laws and rules and policies on security. They either aren’t being implemented well, or they aren’t more finely attuned to current trends in work.”

Also, it is incumbent upon personnel to accept the responsibility to study and understand the requirements.

“It’s one thing to look at security with regard to technology,” says Sean Lessman, senior director of advanced technologies at communications facilitator Tandberg. “Another is security with regard to people. You can secure your electronic tools, but you have to have good, quality people working for you.”

So, when it comes to privacy and security, people hold the ultimate responsibility. Let’s make sure we always strive to address essential security and privacy concerns in government applications with thoughtful insight as well as an enforceable mandate — not just look for a place to lay blame.

Dec 31 2009