Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Why not telework?

Why don't more workers telecommute? I'm not referring to reading your email at Starbucks, but truly working from home at least several days a week. I've been asking that question annually since the turn of the century, and somewhat surprisingly, the growth in telework is not as robust as most people think. Two problems seem to get harder each year – managing remote workers and security.

At one level, telework is a win/win/win for employees, companies and society. We can “go green” and help the environment, reduce road congestion, help with our national oil crisis, lower company rent, support work-life balance, attract new talent and younger staff, increase morale and save money at the same time. And yet, according to a report given to Congress in December 2007 entitled, Status of Telework in the Federal Government, the number of federal teleworkers actually dropped from 2005 to 2006, with just over six percent of federal workers officially telecommuting.

With all the potential benefits, one would expect government at all levels to be providing substantially more investment in telework. To the contrary, in my experience, most local, state and federal governments and many private organizations want the benefits without the costs, which won't work. A U.S. Office of Personnel Management (OPM) report, which is available at, stated that, “In 2006, more agencies asked employees to assume all the expenses of equipment/services for telework (36 percent as compared to 29 percent in 2005).”

Yes, some companies and governments have made serious financial investments in telework and seen a significant return on investment (ROI). A 2006 GSA Telework Technology Cost Study (available at describes the opportunity for 200 percent to 1,500 percent ROI in the first year.

When my brother started teleworking for IBM a few years back, they made a big initial investment in his home office, including security and a wide variety of hardware and software to enable productivity in required tasks. They also put the necessary policies, processes and procedures in place to ensure a successful experience. It worked, but it wasn't cheap.

On the contrary, many governments and businesses push for telework programs with a $0 budget. Basically, they wanted employees to use home PCs. That's it. No work laptops, no home network checks for security, minimal training. While this is a tele-recipe for disaster, be careful. Security leaders who “just say no” for good reasons can still be labeled as “party poopers” who are against telework.

So I've gone on record as being in support of “secure telework.” We can argue about what that really means, but one thing for sure, it certainly requires true investment with staff being issued business-owned assets, such as laptops that are secure. (The GSA report specifies an average annual per user spending of $1,920 by federal agencies on telework IT a few years back.)

My advice to security professionals: Make sure your company or government has a secure model for telework and seeks full lifecycle investment from business areas.

Dan Lohrmann, CISO of the state of Michigan, was the recipient of SC Magazine's CSO of the Year Award, presented April 8 at the SC Magazine Awards Gala, held in conjunction with the RSA Conference. For a video interview with Dan, click here.

Dan Lohrmann

Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.

Dan’s award-winning blog:
CSO Magazine articles:

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.