Telework Driving Demand for Remote Access
By Mike Hernon - Published, October 27, 2011
The Department of the Navy anticipates that personnel will begin teleworking in significant numbers when a new telework policy is released shortly. As a result, there will be explosive growth in the number of users who need to connect to the Navy Marine Corps Intranet and other government networks from remote locations, primarily from a home office, but also from other locations via cellular or Wi-Fi networks.
Understanding the advantages and disadvantages of the technology options available for remote access will allow commands to make more informed decisions as they plan and budget for an increasing number of teleworkers.
While a number of remote access options are available, the network capacity to deliver full desktop functionality from remote locations is limited. Exceeding this capacity could compromise the DON's mission by preventing some personnel from accessing the network entirely or limiting the functionality or level of performance they have available once connected. The new policy guidelines assume teleworkers will be working with unclassified information only.
Provision of Equipment
Government furnished equipment (GFE) is strongly recommended for regular, recurring remote access. Use of GFE guarantees segregation of government information from personal devices and ensures the device meets current DON information assurance standards. Use of GFE also ensures that the appropriate device management controls, such as remote disk wiping, and software, such as antivirus, are present and up-to-date.
GFE includes laptops; BlackBerrys or other smart phones; tablets; and a virtual desktop solution, such as "NMCI on a Stick." An external smart card reader may also be required to support Common Access Card (CAC) login and authentication. However, flash and thumb drives are not authorized for use on GFE.
The use of privately owned equipment, such as a personal computer, is permissible for occasional telework. For regularly recurring telework, privately owned equipment should only be used as a last resort because its use for official business introduces a number of issues that could negatively affect both the government and the employee. Unlike GFE, personal devices cannot be integrated into the network's device management tools. Also, the government cannot ensure that the optimal antivirus software and other security controls are installed on personal devices.
More important, if there is a spillage of classified material on a personal device the government may have the right to confiscate the device and dispose of it (destroying the hard drive) in accordance with guidance regarding the handling of a classified material incident.
Connection Options
Various options exist for connecting remote devices to DON networks. Many devices may be capable of network connectivity through two or more options. Users should be provided with a hierarchy of connection options so that if the preferred method is unavailable, they can try to connect with the next alternative. Thus, when providing a device to a teleworker, commands should also consider the ways in which it will connect to the network and ensure the device is provisioned accordingly.
Web Access. Web access involves using an Internet site, or portal, to connect to a government network through wired or wireless means. Teleworkers can access most unclassified Defense Department and DON CAC-enabled websites through the Internet, but some government sites may only be accessed through a wired connection.
Outlook Web Access. One of the primary telework products for Web access is Microsoft OWA, which provides a version of desktop email, contacts and a calendar application. Some functionality is lost because access to network drives and other peripherals is not available. At the same time, access to OWA is practically unlimited. Another advantage is that OWA may be used on personally owned equipment with the addition of an inexpensive ($12.99) smart card reader.
OWA, used in conjunction with Web portals, is the preferred telework solution for personnel whose remote work can be accomplished without access to network-based services, such as a network drive.
Virtual Private Network (VPN). A VPN provides a secure, encrypted connection to a network from an outside location, normally through the use of a laptop, but also through other devices. A VPN-connected laptop can provide the full range of network functionality that users would experience from their desktop in the office. VPN access can be accomplished through a wired connection, a cellular air card or an approved Wi-Fi connection. However, the number of VPN ports on the network is limited.
Wi-Fi. Most portable devices, such as laptops, smart phones and tablets, come with built-in Wi-Fi wireless capability. However, due to concerns with potential security vulnerabilities, use of Wi-Fi is strictly controlled in the following ways.
Public Hot Spots. A public hot spot is a Wi-Fi offering that is often available at coffee shops, airports and other public places. The only accepted method of connecting to a DON network via a public hot spot is via a GFE laptop with the proper Designated Accrediting Authority approved Wi-Fi hardware and software installed. The use of a device's native Wi-Fi capability is not allowed.
Home Networks. Use of a home Wi-Fi network to provide the connectivity for telework is allowed. Home networks should be set up in accordance with guidance from the DON Chief Information Officer and/or the National Security Agency.
Cellular/Mobile Networks. BlackBerrys, and other approved GFE smart phones and tablets, generally connect through a commercial cellular network as the primary link to the network. Some BlackBerrys also support tethering, which is connecting a laptop to the device for Internet access instead of using an air card. The monthly fee for tethering is about 75 percent less than the cost of an air card and should be used when available.
U.S. cellular providers are generally considered to provide a secure, encrypted connection that supports remote access. Some foreign cellular networks are considered "unsecure" and should not be used. Consult with your local information assurance manager (IAM) or security officer for up-to-date travel guidance whenever taking a cellular, or any wireless device, outside the continental United States.
Telework IT Strategy
When developing a telework strategy, commands must consider the various IT options available, personnel, job requirements and associated costs. Because new devices are frequently released into the marketplace and tested for network compatibility, commands are strongly urged to consult with their IAM and command information officer when devising or assessing a telework strategy. These individuals will have the most current information on all IT options.
Command IOs will also ensure that all GFE devices are configured to support telework in accordance with all applicable DON and DoD IT policies. Command IOs will also provide training as required to teleworkers on the various connectivity options available to them, including selecting the optimal network operations center when VPN access is used.
Online Resources
The following websites contain recent information on topics of interest to teleworkers. Because new mobile and remote access solutions continue to be tested these sites should be consulted regularly for the latest options.
• NMCI Remote Access Options:
https://www.homeport.navy.mil/home/
• DoD Telework:
www.cpms.osd.mil/telework/telework_index.aspx
• DON CIO: www.doncio.navy.mil/
• DON Policy Issuances:
http://doni.daps.dla.mil/default.aspx
• DoD Policy Issuances:
www.dtic.mil/whs/directives/
Mike Hernon is the former chief information officer for the city of Boston. He supports the DON CIO in telecommunications and wireless strategy and policy.