Remote Work and Embracing the New Normal in Government

By Jim Richberg | December 11, 2020

The mass pivot to telework was the first, and probably most visible weather front of “the perfect storm” that state and local governments had to face as part of their need to adapt to the pandemic—and which is likely to hit the Federal government with increasing severity after the next Fiscal Year:

  • Demand for digital services is up dramatically; for instance, state online unemployment applications went up as much as 3000% in March
  • Resources are down, and by some estimates state and local governments are potentially facing a $1 trillion budget shortfall next year. And it is only a matter of time until budget cuts arrive at the Federal level as well, especially in light of the mounting deficit.
  • Competition for resources is growing within cash-strapped jurisdictions
  • Complexity is up as remote telework became the new normal for many government workers nationwide. Attackers have been adaptive, following users into their home office environment, which makes securing the expanded IT attack surface even more challenging.

When resources get scarce, ‘support elements’ like IT, security, and HR historically take extra budget cuts as organizations try to preserve their core mission functions. But the recent mass pivot to telework has showcased IT and security as key enablers for ensuring the continuity of critical government functions and services. 

IT teams were given resources they needed to make this transition possible since it was recognized as mission critical and key to enabling government services to continue to operate after their employees were sent home. And IT responded by doing yeoman’s work to enable new functions, such as accelerating deployment of Robotic Process Automation “chat bots’ that have now become first line of engagement for many citizen services during lockdown. And extended security functions have allowed some classes of information (medical, financial, etc.) that had previously been precluded from use outside of the traditional enterprise network and facility to be accessed by remote users.

How Do We Take Advantage of this Window of Opportunity?

The challenge is that short-term flexibility IT and security staffs had are likely to vanish as resource competition grows. It’s useful to note that, along with the kudos they received for enabling the successful pivot to telework, many IT and security departments were also given budget cuts as a result of cuts across the board. 2021 is likely to bring an even bleaker fiscal climate to state and local governments nationwide.

In other words, many in IT have been put into a ‘do more with less’ situation as they try to keep their agencies and teams afloat in the midst of this perfect storm. And in these situations, security is frequently a place to impose cuts and absorb risk without apparent impact—until a major breach occurs and the finger pointing begins.

IT and Security Teams: A Critical Partnership

IT and security leaders need to identify and champion transformational technologies and consider changes to their organizational behavior. And since teams can’t count on being able to spend more to meet the growing demand for digital services, they will need to do this by spending smarter—and that begins by building and tightening the partnership between IT and Security.

Government typically lags behind the private sector in the implementation of digital transformation, often by several years, due to the nature of its procurement, policy, and processes. Governments work in funding and program development cycles that can stretch to as long as six years—an approach that doesn’t really have a private sector equivalent, and a timeframe in which many companies will have gone through multiple generations of technology. The current need to keep agencies running in spite of the pandemic and its likely long-term effect on resources and demand for services is an opportunity to close that gap. Rather than following every step of the private sector’s implementation and refinement of technology, however, the government can skip a few steps and adopt—or adapt—state of the art technologies.

I recommend you consider adopting and implementing technologies such as multi-cloud and Software Defined Networking that: 

  • Provide great bang for buck in terms of performance and efficiency
  • Have proven pathways and lessons learned, allowing he government to draw from private sector experience and thereby reduce costs and time-to-implement
  • But which come in varieties ranging from security-agnostic to largely or intrinsically secure

We often talk about ‘the need to get security a seat at the table’ in programmatic decision-making, and to avoid the “Dr. No” situation of security weighing in to shape—or even trying to veto—a fully baked initiative. These problems can be obviated by shaping options for the ‘digital the art of the possible’ for an organization through dialogue between IT and Security. Once a menu of viable options has been framed, the dialogue can broaden to include other stakeholders within the organization. 

There are also ways to tighten collaboration with stakeholders such as finance and other mission critical partners ranging from holding periodic and focused meetings (‘that which gets on the agenda gets attention—and often makes progress’) to forward-deploying staff (embedded personnel) in these organizations or evaluating managers on progress against specific measures of collaboration and teamwork. The private sector has lessons learned in this area from the field of Enterprise Risk Management that government should look at.

Start at the Top

This issue is that important—and if you are trying to change the way your organization operates by fostering cross-functional partnerships, it is imperative to lead by example. I am reminded of the Peter Drucker quote. “Culture eats strategy for breakfast”—meaning organizational culture and its inertia can sabotage any novel idea, no matter how important. So in this case, leaders need to set the tone and demonstrate ‘the new normal’ for collaboration. 

Fortunately, many state and local governments already have a degree of collaboration and synergy between IT and security. But in many cases, it will need to be brought to the next level. Such collaboration will be increasingly necessary for success, not just a ‘nice to have’ feature. Leaders may need to focus on transforming their organizational culture and behaviors as well as their technology if they are to provide the expanded and secure digital services that citizens need, especially in the face of uncertainty and diminishing resources.

The Office Environment of “The New Normal”

Organizations that had to shift their workforce to a work-from-home posture due to COVID-19 are now grappling with their options for what work patterns and physical footprints will look like going forward under ‘the new normal.’ Entrenched cultural notions of the necessity of physical work location were overturned almost overnight. Now, most organizations are considering continuing telework to some extent, with many starting to examine the implications in terms of the number, size, and function of their physical offices.

What will the ‘new normal’ for organizations look like in terms of:

FOOTPRINT: Rethinking the size, number, and location of physical offices. 

FUNCTION: Considering the advantage of hoteling vs. the continuation of dedicated desks for designated staff, and the use of locations as warehouses of resources or functions (e.g., materials, training, or collaboration hubs) that can’t be readily provided to remote workers

INFRASTRUCTURE:

  • IT Bandwidth: Some early returners found that employees didn’t have adequate network bandwidth to support the simultaneous collaboration platforms they needed to work with stay at home colleagues and external parties—or even when conducting socially-distanced staff meetings in-house.
  • Network Topology: The consolidation of locations, along with the potential need for additional bandwidth, offer the opportunity to look at options such as SD-Branch or SD-WAN that provide more bang (and performance) for the buck than expanding leased lines and wired networks.
  • Phones: Many organizations have realized that continuing to pay service on dedicated lines on empty desks is not cost-efficient and introduced additional room for mission failure, especially if call-forwarding failed. Many are now considering moving towards cell phones that have obvious cost and flexibility advantages, but which come with their own challenges, especially when service is in the form of office-issued and personally-owned devices. 
    • Is an office-issued phone available for personal use (even for de minimus or incidental use)?
    • Alternatively, will an employee be permitted to use their personal phone as their primary device? If use of such personal device for work is permitted, what is the policy of retaining official records (or who ‘owns’ the number that may become associated with a given job?)
    • A third option is two phones, but many employees are reluctant to carry two phones because it is cumbersome or inconvenient. 
    • And a fourth solution is a single phone that can be assigned multiple phone numbers

An alternative option to choosing between continued telework or a full return to the office is a hybrid solution.

  • This can mean allowing some employees to pursue either option, or supporting employees alternating location strategies (thereby reducing density and creating social distancing in the workplace.)
  • We are also starting to see some remote workers in the private sector relocate to more distant locations. Are they going to become ‘hybrid’ workers in the sense of periodically coming onto campus? This also raises the possibility of organizations being able to hire new employees who are already located elsewhere when hired. This could become an especially compelling option for governments that face a local shortage of talent and labor if hiring is limited to their locality or jurisdiction.

Seize the Opportunity to Improve Security and Enable Digital Innovation

These and similar issues are all under consideration in both the public and private sector. These issues can be either a challenge or an opportunity, depending on how local leaders choose to address them. For forward-thinking leaders, this recent sea change represents an opportunity to break free of the current planning, procurement, and innovation cycles that prevent governments and agencies from keeping abreast of rapid digital transformation. When technology innovation proceeded at a slower and more predictable pace, current policies and procedures made good sense. But in today’s world, where breakthrough technologies and cultural shifts are happening at a breakneck pace, opportunities to change the system need to be seized. Many in government say ‘never let a good crisis go to waste’, and the transformational changes wrought by COVID bring the opportunity to innovate and find new ways for governments to meet the needs of their employees and the citizens they support.

Learn how public and private sector CISOs can leverage Zero-Trust to secure their networks as their workforces work remotely in the podcast below.