Considerations for Continuity of Operations and Federal Remote Work

As more people are forced to join a network via a remote connection, there is a growing opportunity for users to bring malicious content and security attacks onto the network or into the data center. By allowing all of the users onto the network, it potentially opens up the capability for east-west traffic across the network, introducing new risks.

While many federal agencies have already extended remote access to more users, they will need to consider how their continuity of operations (COOP) plans can enable the entirety of their workforce to work remotely and securely.

Here are three key points for agencies to consider as they evaluate COOP plans to create business continuity and a cohesive experience for employees working remotely.

1. Virtual Private Networks (VPNs) Will Not Be Sufficient or Safe

While innovative 30 years ago, the VPN and other legacy remote access technology cannot scale to cover an entire workforce. The process to connect users is slow and inefficient. IT administrators do not have proper control and visibility to manage and maintain security across their environment.

In addition, VPNs can tie up multiple sessions and ports on your appliances, making it necessary to increase your appliance footprint and bandwidth, which can take months. And, as more users connect through legacy technologies to access applications and sensitive data, this will only increase the attack surface, potentially exposing sensitive federal data to modern malware and ransomware attacks.

This is a time when the modern, flexible, and scalable Trusted Internet Connection (TIC) 3.0 solutions will be especially important to ensure secure access for remote users. Agencies should consult TIC 3.0 use cases and consider modern security methods, such as zero trust, to ensure security of remote users in any location, by verifying and authenticating before granting access to the network.

2. Consider What is Essential to Keep Operations Running

Part of the requirements of the Federal Information Security Management Act compliance is to establish a COOP plan and exercise these plans at least on a yearly basis. According to Federal Emergency Management Agency guidance on continuity planning for pandemics, Federal IT decision-makers should consider the performance of essential functions beyond 30 days.

Agencies’ contingency plans should cover the following questions:

• How will my risk posture change? What will this new risk evaluation model look like?
• What are the mission-critical assets and applications that employees need to have access to remotely?
  • Most IT leaders would agree the most critical business application is email. For most agencies, this should already be easily accessible to users through O365, or Google Gmail accounts
• Will all your employees be able to access all applications remotely? If not, who will get priority? Will some agencies need to shift employee work hours to even out the workload on remote access technologies?
• What security technology needs to be in place to enable remote access? Will we need to purchase more laptops, bandwidth capacity, mobile devices, etc.?

3. Be Prepared for Unanticipated Challenges

One of the biggest challenges is that while there are plans in place, many only account for a portion of the workforce being able to work remotely at one time. The Office of Personnel Management’s most recent report on teleworking in 2017, showed that 43% of Federal employees were deemed telework-eligible.

As agencies follow their COOP plans, they need to be prepared to face challenges that they may not have anticipated. For example, there might be critical assets that have not been considered or bandwidth that might not have the full capacity to support the workload and workforce required to maintain operations.

An Opportunity for Cloud

If contingency plans are put in place properly, organizations should be able to:

• Provide technology to support secure access for users on any device, in any location
• Provide secure access to applications across SaaS, O365, internal applications, and the internet
• Improve user experience, while maintaining security
• Lessen bandwidth to reduce costs
• Minimize the attack surface and improve overall security

While there are some unknowns as to how Federal contingency plans will play out, this could be an opportunity for growth. Agencies will be able to recognize areas for improvement in future COOP scenarios, and can further consider the move to a multitenant cloud platform to be able to scale to provide secure access when there is an increased number of remote users connecting to the network.