Despite official urging, telecommuting within US federal agencies is languishing, in part because standards for how to secure mobile endpoints don't exist -- mainly the laptops telecommuters would use when outside the office.
Federal CISOs, who are aware of data breaches in both the public and private sectors that have compromised personal information of thousands of people, say that security of laptops -- the key to most telecommuter programs -- is their biggest worry.
At the same time, government managers face existing federal laws dating back to 2000 that mandate telework programs. In addition, new pressure is being applied for them to encourage more government workers into telecommuting programs as an attempt to dramatically boost the number of work-at-home employees.
Some government CISOs say the best course of action is to follow best practices set down by the National Institute of Standards and Technology (NIST) -- the closest thing to certification available.
NIST recommendations include basics such as installing, running and updating antivirus software; periodically scanning machines with spyware-removal software; and adopting a "paranoia level" of security awareness when writing personal firewall rules.
NIST also encourages encrypting data on laptops and as it is transmitted and the ability to remotely lock down laptops reported lost or stolen -- good advice but not as formal as top federal network security executives want.
The General Services Administration (GSA) -- which has championed telecommuting for years -- has set a high bar for its own program. At a recent forum run by the industry group Telework Exchange, GSA administrator Lurita Doan called for a dramatic leap in telecommuting for her agency by the end of 2009.
With just 10 percent telecommuting today, she set goals of 20 percent to be telecommuting by the year-end, and 40 percent by the end of 2009. According to published GSA estimates, just 4 percent of federal workers telecommute today.
The U.S. Office of Personnel Management breaks that down further, saying that of those who telecommute, only a quarter of them do so three or more days per week, and 39 percent do so less than once a week but at least once a month.
While other factors weigh into the slow adoption rate, a recent survey of federal CISOs found that 63 percent say securing mobile devices used at home is their top data-security priority, but they have no way to know that their precautions are adequate.
The overriding problem federal CISOs face is that there is no official certification of mobile devices that assures them that laptops they issue comply with the Federal Information Security Management Act (FISMA), which contains the blueprint for all federal telecommuting.
According to a survey by Telework Exchange, 83 percent of these CISOs want certification of what comprises a secure mobile endpoint. The survey is based on responses of 35 out of 117 federal CISOs.
They want secure machines but also want the security to work without much user intervention, a complication that could reduce willingness to telecommute in the first place. "Let's just face it, we as people just want access, we don't really care about security," says Dennis Heretick, CISO for the Department of Justice, at a recent forum on federal telecommuting.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Delivering the Power of Choice with Microsoft Dynamics CRM
Enterprise Wireless WLAN Security
Solve Exchange Mailbox Storage Issues Once and for All
Strategies for Eliminating .PST Files
Taking On Demand CRM Integration to the Next Level
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Gaining Competitive Advantage Through Enterprise Planning
Best Practice in Building an Integrated Information Management Strategy
Zones provide focussed content from CIO and leading technology partners.- White PaperYour organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
- White PaperJoin industry expert Bob Spurzem and Chuck Arconi of Fox Hollow to discover how to reduce Exchange total storage and keep it at a manageable level. Learn how Exchange storage growth can be contained without sacrificing security and accessibility.
- White PaperDiscover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
TJX Maxx hacker banged up for 30 years 09 January, 2009 11:26:00
Key figure in the infamous TJX Maxx Wi-Fi hack of 2005 has been sentenced to 30-years in prison by a Turkish court.Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court. - +
Data breaches rose sharply in 2008, says study 08 January, 2009 08:27:00
More than 35 million data records were breached in 2008, according to the Identity Theft Resource Center.More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC). - +
Rogue SSL certificate exploit puts VeriSign on the spot 07 January, 2009 11:04:00
Wishes "white hat" researchers had notified VeriSign before public demo.Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk. - +
With Gaza conflict, cyberattacks come too 05 January, 2009 08:03:00
Pro-Palestinian hackers have defaced thousands of sites following attacks in Gaza.The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet. - +
5 ways to secure your Blackberry 18 December, 2008 12:58:00
What do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your handsWhat do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your hands.
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Anyware Introduce Two Powerful PCI TV Tuner Cards with S5 Power Up and Windows Media Center Remote 07 January, 2009 17:30:00
Fortinet Cures Mobile Phone “Curse of Silence/CurseSMS” Attack 07 January, 2009 16:30:00
SEAGATE SHIPS DESKTOP HARD DRIVE WITH WORLD’S HIGHEST AREAL DENSITY – 500GB PER DISK 06 January, 2009 15:34:00
|
||
|
||
|
|
||
|
Everything you need to know about email and web security (but were afraid to ask)
What you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
