Sawislak Details GSA Efforts to Meet Telework Challenge
Senior Advisor to the Administrator
U.S. General Services Administration
November 7, 2007
Thank you, Steve, and good morning everyone. The last time I was here, GSA made some actual news. If you weren’t around, Administrator Doan chose the Exchange to announce the GSA Telework Challenge — 50 percent of our eligible workforce teleworking by 2010.
Suffice it to say that was the easy part. Back at GSA Headquarters, word began to spread and people began talking. There was broad and enthusiastic support. Some started picking their telework days.
There was also a question: Just how are we going to do this?
That’s part of what I’m going to talk about today. First a little background.
I just returned from our New England Region, which is one of the GSA leaders in telework. After seeing what the region has done, I’m confident we can make it as an agency.
It really shouldn’t come as any surprise that GSA leads the development of alternative workplace arrangements for the federal community. As a long-time innovator and leader in telework, GSA has been at the forefront of governmentwide regulations on telework. And we are now in the process of looking at each and every position in the agency to determine if it is telework eligible.
Unlike previous efforts in this area, at GSA we have taken a new approach and that is to inform our managers and supervisors that every GSA job is telework eligible unless they document why it is not. That is not to say every job will be eligible. There are some very good reasons why some of our positions are not suited to telework – and I will talk about those in a minute – but we are taking the opt-out approach in an effort to meet the challenge. Once we determine which positions are eligible we will still need to look at the people. Not everyone is suited to be or chooses to be a teleworker. We want maximum flexibility but we also want our line managers to have flexibility and management control. Our goal is broad participation and improved employee performance.
Federal employees can now work away from the traditional worksite thanks to advances in technology. They can work anytime or anywhere, and conserve energy and lessen our dependence on foreign oil, all at the same time. All they need is a computer, high speed data line, and a phone. In the very near future, I expect that all three of these things will be one device. Voice over internet, high speed Wi-Fi, and data encryption all exist, it’s just a question of the best and most cost-effective way of ensuring that each teleworker has the right equipment, training, and data security to do their job no matter where they are physically located.
And it’s not just the environment and our work-life balance that can benefit from these efforts. How many people remember the Sars scare from a few years back? At the end of 2002 through the summer of 2003 we had an international pandemic with about 8,000 known infected cases and about 775 deaths. I was working in Toronto at the time and after China, Canada was one of the hot zones for Sars.
Unlike the 1918 Spanish Flu Pandemic, we were a lot smarter about how to control the spread of the disease this time. In Toronto, if you visited a place where there was a known infection – like a hospital, doctor’s office, or even a work place – you were sent home for two weeks to be quarantined. Even if you never exhibited any symptoms. That was the precaution. The good news is that the disease didn’t spread much in Canada. The bad news is that a lot of people sat at home watching TV for two weeks.
In my office we had a woman who dropped off a package at her doctor’s office and found out when she got home that there had been a Sars case in the hospital. Because she was there on that day, she was quarantined at home for the next two weeks – with her 16-year-old daughter – she thought that might pose a greater risk of injury or death than any virus to which she may have been exposed.
What we didn’t have in our office were any systems in place for her to work from home. We tried some calling and emailing, but there were file sharing issues, software compatibility issues, and document control. Everyone was used to her being in the office and they were not prepared – technically or emotionally – for her not to be there. That’s why telework can be thought of as a very frequent and useful exercise for continuity planning.
Of course it also requires support from the top. At GSA, though, we have a far-sighted Administrator who understands the benefits of telework. The effort to meet her ambitious target is already underway.
In truth, we need to do more in this area. In 2005, there were a little over 140,000 teleworkers in the federal government -- 19 percent of the telework-eligible workforce and 7.7 percent of the total workforce.
In DC, federal employees now have the option of working from home or from one of GSA’s 14 regional telework centers. The centers, in Maryland, Virginia and West Virginia, were established to provide a full range of workplace services so employees can work away from the conventional office. The centers are equipped with computers and telephone services, fax and copier machines, meeting rooms, and onsite technical assistance staff.
Based on 2005 data, GSA’s 14 telework centers saved commuters from traveling nearly 2.8 million miles, which, in turn, saved almost 115 thousand gallons of fuel. In addition, 2.3 million pounds of emissions were kept from being released into our atmosphere.
Home telework is even more important as GSA and other agencies include it in their routine planning and consultation with our client agencies to conserve energy by occupying less space and using less electricity and lighting in their buildings.
I’m probably preaching to the choir here, but our lack of progress is a little frustrating because the benefits of telework are so obvious: it saves taxpayer dollars; reduces energy use; cuts down on greenhouse gases; eases traffic; reduces our dependence on foreign oil and even increases worker productivity. And as we discussed, telework also prepares us to operate remotely and continue business operations in the event of a national disaster, pandemic event, or terrorist attack.
That’s why Administrator Doan is so intent to have GSA lead by example. Let me tell you a little bit about how we’re trying to meet the challenge.
While there are many personnel, policy and culture issues to tackle, a key concern involves information technology. Today’s federal workforce is primarily made up of information workers -- employees who make their living using IT tools and data to make critical agency decisions. To be productive, these new virtual employees need the same access to their data, agency IT systems and agency intranet websites from their homes, telework sites or other virtual locations as they now have in their offices.
GSA’s CIO Management Team has started performing cost/benefit analysis and vendor comparisons of products, and in the near future will be making some hard decisions about how to meet the administrator’s challenge.
Making telework a reality raises new IT challenges – namely, how to provide the new breed of workers unencumbered access to the information resources they need while still providing adequate safeguards for agency data and networks. The issues around telework IT security can be placed into three categories, endpoint security, network security, and data security.
Endpoint addresses the question of how to define what endpoint devices are allowed to connect to the GSA network over the internet and how or whether we allow them to connect. The idea here is to provide a ‘smart,’ controlled, enterprise-managed entry point into the network for any legitimate computer requesting access to IT resources on the GSA network. Endpoint security solutions can determine the difference between an agency managed laptop plugged into a home broadband connection, an employee’s home computer with out-of-date virus scan and another employee working at an airport internet kiosk, and perform specific “deny” or “allow” actions for each. These systems also allow for inclusion of two factor authentication as required by OMB Memorandum 06-16. They provide an important first step in allowing safe, secure remote data access for remote workers.
Network security addresses many of the same issues as the endpoint solutions. These include protection of the agency network and data from malicious code, malware and viruses, while allowing secure access to agency data from outside of the safety of the network. Products in this space also help address the two factor authentication and session timeout requirements of OMB Memo 06-16.
The third issue is data security. I don’t need to tell you that data security breaches make headline news. And trust me, the last thing an agency wants is to be on the front page of the Post explaining how personally identifiable or other sensitive data was compromised by a teleworker, a network vulnerability or other security breach.
So how do we protect this data while making it accessible to those who have a bona fide need for it? GSA is looking at a multi-pronged approach. First, there’s the issue of data leaving the network. Employing systems that can ‘sandbox’ agency data into virtual sessions, such as Citrix or other server-based computing technologies, a user gets access to a virtual session with a fully functioning application and data, appearing to run on his or her remote, untrusted computer, but without the ability to save any data to that untrusted computer’s hard drive, USB drive or if desired, to even print it to a remote printer. This provides the employee with a rich user experience while ensuring that the data never leaves. Another technology under review is data at rest, laptop data encryption to comply with that requirement of OMB Memo 06-16. GSA will be rolling this out over the course of FY 08 on all portable computer systems.
While security is a paramount concern, it is by no means the only concern. Other issues being reviewed:
Issuance of a single, laptop computer as the default computer for all eligible teleworkers. While requiring an additional upfront cost, this will significantly reduce overall hardware and support costs, and provide the agency with mobile IT assets to be used for our COOP response.
Agency funding of home broadband service for teleworkers. While Public Law 104-52 allows agencies to fund “phone lines, necessary equipment and pay for monthly charges, in any private residence of an employee authorized to work at home,” this is obviously a significant financial issue that must be decided individually by each agency.
Next is the issue of asset management of remote devices. We’re about to begin a project in which many or potentially most of GSA’s laptop computers will be out of the office for extended periods of time. This presents another issue.
How to keep track of them and ensure recovery when or if they get lost. To address this issue, GSA has recently added Absolute Software’s ‘Computrace’ product to every new laptop purchased on our BPA with Intelligent Decisions, Incorporated. This product monitors a laptop’s location, provides an asset management portal to track remote computers, and if a device becomes lost or stolen, can remotely wipe the laptop hard drive as well as assist law enforcement with locating the device.
A final decision and probably the most contentious is whether to allow personally owned computers to be used for telework. There are many valid reasons both for and against. One could easily make an argument that they are too insecure, could be used too easily by viruses to attack the agency network and if we are issuing laptops to every employee, why would we need to allow this? On the other hand, if the security measures I mentioned are employed, (especially requiring any user on an untrusted home computer to only access agency data via a virtual, server-based application session), this would provide a secure method to use personally owned equipment and yet prevent a network breach or data loss.
This method completely isolates the user’s home computer from the agency network. Another argument for allowing this access is to provide for additional IT assets to be used by employees in case of a COOP or pandemic situation, when anxieties will run high and the trusted, agency laptop may have been left back in the office or otherwise unavailable. We will undoubtedly have significant debate over this issue before a final decision is made.
To sum up, the benefits of telework are obvious to the agency as well as to the taxpayer and ultimately for the environment. However, before an agency gives the ‘green light’ for a majority of its employees to telework, it will require a significant number of issues for the IT community to address first. The IT vendor community has seen this trend to mobile workforce coming for awhile and has provided us with plenty of product choices to resolve the security, access, and management issues.
What needs to be done now is for each agency to identify its unique issues, do the analysis and put in place solutions to address them, and then we will all reap the benefits as that agency personnel become more productive, while at the same time helping the environment and improving our preparedness.
GSA plans to lead the way. In the process, we hopefully will demonstrate to our agency clients how to balance these tricky issues of cost, security and employee productivity.
Thank you very much and I would be happy to answer a few questions if we have time.