I.T. Struggles to Manage Telecommuting, Decentralized Structure

By Kevin Fogarty  |  Posted 2008-04-02

According to a recent study released by CDW, 76 percent of private-sector companies support some telecommuting, but security remains a concern. While 27 percent of the 452 private-sector IT people polled said security was their primary concern about telecommuting policies and technology, 42 percent of the 539 federal workers polled said the same thing.

“Last year the security component wasn’t as pronounced, even though it was still the No. 1 concern,” says Firooz Ghanbarzadeh, director of technology, services and solutions at CDW. “It became a bigger issue this year as people heard about laptops going missing and other events.”

A high percentage 88 percent in the private sector and and 84 percent, in the public sector said their security procedures were consistent and effective.

Congress encouraged federal agencies to adopt telecommuting starting in 2005 to reduce traffic, to increase the government’s ability to function—even if a particular facility were offline—and to reduce office-space requirements.

Telecommuting is an attractive enough option that half the federal employees and 40 percent of private-sector workers said it would influence their decision to take or keep a job.

Currently, 46 percent of private-sector employees can work from home during a disruption at the office. Only 59 percent of federal workers said the same, largely because managers had made many ineligible for telecommuting. In last year’s poll, 75 percent of federal workers said they could function from home in an emergency, according to the CDW survey.

Despite the high percentage of IT managers concerned about security, 31 percent of private-sector employees said they’re not aware of their company’s security arrangements; 21 percent of federal employees said the same.

The inconsistency may be that virtual private networks, network firewalls, client-side security agents and other measures are simply invisible to employees, but it’s far more likely that they haven’t been trained in remote-access security, says Steven Ostrowski, director of communications at industry group Computing Technology Industry Association (CompTia), which published a similar study last fall. 

Almost 80 percent of the organizations polled by CompTIA allowed remote access to their networks, but only a third did any security training for those workers.

“A lot of them just assume you know what you’re doing if you use a computer all day, but that’s not really the case,” Ostrowski says. “Most of the security issues have to do with lost laptops, passwords sticky-noted to the top of screens–the kinds of things that are easily avoidable with a little training.”

Most companies don’t even have detailed policies about what kind of behavior is acceptable, CDW’s Ghanbarzadeh says. 

“When a company gives a user a laptop, do they know the dos and don’ts of what they can do when they’re connected to the network?” he says. “Is it OK to access Yahoo Mail if I’m at home? Is it OK to browse the Internet if it’s not going through a corporate network? Without those policies, the user doesn’t know, and inadvertently could become infected and bring something in to the network with them.”

Fewer than half of the organizations surveyed use endpoint security solutions that secure both the laptop and the network separately, Ghanbarzadeh says.

The issue is more than just one that can be solved by adding another security product, though, Ostrowski says.

“People are saying they’re having a hard time finding the employees they want, and people with family considerations are interested in the ability to telecommute, or work flexible hours, or whatever,” he says. 

Three out of four small businesses CompTIA polled last fall have at least one person working from home in any given week, and 90 percent reported having at least one employee traveling.

As housing prices have risen and it has gotten harder for employers to buy and sell the houses of workers transferred cross-country, more companies have opened up to the idea of having even mid-level managers live in one city and “work” in another, according to Chuck Pappalardo, managing director of Silicon Valley-based recruiter Trilogy Search.

“This is becoming expandable and retractable as people progress,” Pappalardo said. “You might start in a certain place where you can telecommute; then, as you move up the organization, there will be experience and roles that will require [your] presence.”

What is becoming a larger issue is the frequency with which even senior-level managers become responsible for business units or other operations in several cities, states or countries.

Even more than road-warrior travel schedules for senior execs, that management model will put pressure on both a company’s IT and its culture to accommodate new definitions of presence.

“The historical definition of a telecommuter was someone who didn’t report to the office every day,” Pappalardo says. “Now we’re getting global managers in all sorts of locations different from their primary offices. It will probably become decreasingly odd to have a group of Americans in the U.S. managed by someone somewhere else in the world, as a matter of fact.

“This is going to be a massive adjustment,” he says.

So far, most corporations haven’t made great progress on it, though, Ostrowski says.

“The desire to be mobile and get access to all the data and applications you get in your office is understandable; if you’re a salesman on the road, you want to be able to get the information you need,” Ostrowski says. “It’s just that, culturally and in terms of IT, we haven’t really prepared for the possibility that the security measures you get dialing in from the Motel 6 might not be as robust as you have from inside your office."