With telework expected to stay long after the pandemic ebbs, government agencies are looking to shore up the remote work solutions they put in place to ensure on premise security measures extend to the dispersed workforce. Multi-cloud environments are the reality for almost every agency. The many applications needed for the diverse functions of an organization require multiple cloud solutions to provide the specific support needed.
A report from Meritalk, Multi-Cloud Defense: Redefining the Cyber Playbook, found that 83 percent of respondents are increasing multi-cloud adoption to support telework and mission needs related to COVID-19. However, 42 percent said their cyber strategies cannot keep up. One part of the challenge is creating a solution that can be applied to the wide variety of endpoint devices and meeting enterprise security requirements.
More than finding cost efficiencies with cloud, government has realized its adoption is critical to business continuity. With mandatory telework as a result of COVID-19, organizations that have been proactive in their move to cloud found themselves able to quickly adapt and continue business as usual in very unusual times. Organizations that did not prioritize cloud found themselves scrambling to give employees access to the technology they needed to do their work.
Luckily, policies including the Cloud Smart mandate helped put more people in the first category than the second. A study completed in March (before pandemic telework began) found that 71% of federal respondents agreed that Cloud Smart was driving cloud adoption. In addition to Cloud Smart, the FedRAMP program also helped drive cloud adoption leading up to and during the pandemic. In 2020 alone FedRAMP added 200 authorized products and are on track to authorize over 60 cloud service offerings. The program has also achieved over 1,850 reuses of cloud products.
Human Resources (HR) in government has always been complex. From very specific hiring criteria to security clearances to battling the stereotypes of government work, it's never been a task for the faint of heart. Then came a global pandemic. HR departments had to quickly pivot to serve a remote workforce and find ways to continue filling positions critical to the government response to COVID-19.
To meet the needs of a remote workforce, HR needed a clear understanding of every job function within the organization to help guide employees on how to adapt their processes to complete that work remotely. It also meant ensuring that employees had the technology they needed to complete their work at home. As new laptops and software were issued, HR and IT had to work together to distribute and track the flow of new technology. As if serving existing employees was not enough, agencies also had to continue recruiting and hiring.
It has not all been easy or smooth, but a Monster.com survey found that 100% of agencies reported they implemented new remote hiring processes. This included virtual onboarding, virtual interviews, electronic signatures, and virtual oath of office.
Beyond the immediate needs of transforming office workers into remote workers, government HR professionals have several other overarching challenges to contend with. Continue reading
We've written about the government's ongoing efforts to improve their ratings when it comes to "customer" experience. Across government, agencies have made citizen experience (CX) a focus of their digital strategy. They are working to implement new technologies and processes to make it easier for citizens to get the information they need about government services. The progress agencies were able (or not able) to make came into focus in the way they were able to respond to the COVID-19 crisis. The measure of CX success can be looked at in two ways:
- How quickly were agencies able to transition to providing their normal level of service while working remotely?
- How responsive were agencies to increased pandemic-related citizen interaction?
While there were many speed bumps in getting government functions up and running from a distributed telework model, many agencies found that investments they had been making in telework specifically and digital government, in general, paid huge dividends in their COVID response. For example, the Nuclear Regulatory Commission had completed a full refresh of laptops meaning that all employees had up-to-date hardware and software to start their work from home adventure. Other agencies who had worked to incorporate technology, even as basic as e-signatures, found themselves able to move quicker than agencies still working with manual processes.
But, all the preparation in the world could not prepare for the scope and speed of the pandemic crisis. A study from the Information Technology Innovation Foundation looked at the performance of state unemployment websites and found that 26 state websites failed. The National Association of State CIOs found that about three-quarters of states have launched chatbots to help their agencies answer unemployment insurance or COVID-related questions and take the pressure off both websites and call centers. The Texas Workforce Commission was able to employ a chatbot named Larry to help with volumes that reached 98,000 online unemployment applications in one day. Larry has been able to answer 4.8 million questions for 1.2 million people. Continue reading
The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.
All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.
Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider. Continue reading