When Randy Cress began to discuss how much work at his North Carolina county’s government had changed since the COVID-19 pandemic, little did he know he’d be exemplifying how. At around the five-minute mark of Wednesday’s GovLoop online training, the audio from his phone fluttered in and out so much that Cress, Rowan County’s Chief Information Officer (CIO), had to dial back in.
“Welcome to working remote in 2020, everyone,” co-panelist Kevin Satterfield, Solutions Architect at Identity Automation, said.
Technologists, like everyone else, know how frustrating technology can be. And as telework has expanded across government, and will likely permanently shift the paradigm of public and private sector work, they’ve had to pay special attention to maintaining security while not stifling users.
When people enter a government building, their key card alone provides a layer of security. Although not all-encompassing, physical building security does mean that desktops aren’t likely to be stolen or information isn’t likely to be gleaned off screens.
With mass telework, however, that first layer of security is gone. People log in from all different locations, so agencies can’t readily rely on geography to weed out intruders.
At more granular details of security, telework provides other challenges. Instead of desktops only having necessary applications and files, agencies deliver virtual versions of these same platforms to a broader base users.
The challenge for IT security teams becomes how to keep data and systems safe while not overcomplicating things for workers, who are still struggling with the new demands of telework.
“We need to have some form of advanced authentication on those remote endpoints,” Satterfield said.
Authentication is a way to confirm one’s identity. When a website asks for a code that was texted, that’s authentication.
For remote employees, Satterfield recommended multifactor authentication, which is commonly the use of a password and some other form of identification, like a code, app or digital token. Agencies can implement multifactor authentication easily to verify the identity of users.
Cress also recommends that agencies make employees’ usernames their .gov email addresses. Using accounts associated with their official government email reminds users of their responsibilities and ensures consistent log-in credentials.
Rowan County is adopting many of these changes to embrace long-term telework. The county has greatly expanded its multifactor authentication, invested in more easily accessible cloud applications and switched to take-home laptops for employees. Cress said the county converted its technology landscape to be capable for “100% teleworking.”
“We were looking at what this would be in the future,” Cress said.
In the future, Cress expects a hybrid model, where people interact with government in the office, online and through other communication channels.
The changes in technology have caused his county to even evaluate its brick-and-mortar processes, he said. For example, the county is bringing in an architect to examine whether the county can have a drive-thru tax dropoff.
“We’ve been working in the anytime, anywhere mindset,” Cress said.
This online training was brought to you by: