Five lessons state technology officials took from telework

Four months after states moved their employees into remote-work environments en masse, officials from California, Delaware, North Carolina and Pennsylvania reflected in an online event Tuesday that while the shift wasn’t devastating to their organizations, as many worried, it created plenty of learning opportunities.

1. The workplace is no longer a place

During a series of SNG Live panels, Pennsylvania Chief Information Officer John MacMillan highlighted continuity planning the commonwealth undertook before the pandemic began and a “multi-layered framework” as keys to the relative ease of Pennsylvania’s remote-work transition. He said one of the biggest lessons wasn’t about technology, but rather mindset.

“One of the key things we’ve learned over the last three-and-a-half, four months is this idea that the workplace is no longer a place,” MacMillan said. “It’s where the work happens, and through all the technology and security layers we have in place, we’re now asking the question, why were we thinking that there’s only one place to do work? And it’s really opening up new questions about recruiting and retention and development of employees, crowdsourcing and many, many things that as we look into the future — the old ways we have to rethink.”

2. Planning ahead is difficult

Delaware Chief Information Security Officer Solomon Adote said that months before the pandemic, his office began to talk in-depth about business continuity. Usually, he said, that plan includes a procedure like packing up people and equipment and driving to a new building, but no one had developed a plan for a pandemic in which everyone would be required to socially distance and work from home. They were planning ahead, he said, but planning for the wrong event, and that forced the state to rush forward many projects.

“We had to accelerate agreements, we had to accelerate procurement, we had to accelerate solution implementations just to put ourselves into a position to effectively enable our employees to work,” Adote said. “[It was] a workforce that was never designed for remote work.”

3. The zero-trust security model makes more sense than ever

As with many state governments, Delaware’s security model before the pandemic took it for granted that most of its users would connect to the government’s network and applications from within a government building. But when workers went remote, Adote said it turned their old model upside-down. A zero-trust model, he said, in which all users are treated suspiciously regardless of where they’re purportedly logging in from, makes more sense in the age of remote work.

“You access our ERP system from California within the same amount of time, that is now possible, and now you might access our election systems from another state,” he said. “Historically our teams had to be using our security event management systems, our SEMS, to analyze a large set of data to identify that event. We’ve really improved that security profile and we continue to elevate that towards the whole concept of zero trust, because now it’s not about access to the corporate network. Most people don’t need access to the network, what they need access to is applications and data. So with zero trust I can say where are you, where are you coming from, what asset are you on, who are you — that’s first.”

4. User education will always be important

Maria Thompson, North Carolina’s chief risk and security officer, said that user education has been critical during the pandemic to manage expectations, train staff how to use new tools and to encourage secure computing practices as they work from home.

“Unfortunately, some of those things we ran into is people fall in love with a solution they feel comfortable with, so if they were using some of the other non-vetted collaboration tools before, we had to quickly had to figure how to put our arms around it to protect our data so we don’t have data sprawl,” she said. “Because folks, especially when they’re working from home, are going to use things that are more familiar to them.”

And user education isn’t just for the pandemic.

“I think personally that there will always be a need for education because within the state we have a range of age groups and some people are quick to adopt IT and IT solutions whereas we have another group that may be a little bit more slower and they may need more hand-holding,” Thompson said.

5. Now’s the time to rethink work culture

California CIO Amy Tong said quickly shifting 230,000 state employees to remote-working environments wasn’t as technically challenging as many people had expected. But she said the technological changes are in turn presenting a need to change state government’s work culture.

She admitted that the scenic coastal background she was using during the webcast was cover for her messy home office, a symbol of the overlap of personal and professional life for many employees today. She highlighted the fact that home internet connections are often slower than what’s available at government buildings and that many workers are now sharing their workspace with spouses, pets and children who are studying from home.

She also encouraged state administrators to be more compassionate and push for a healthy work-life balance as those unaccustomed to remote work struggle to put bounds on their working hours.

“Through the quick response we all responded to, technology is really available and should be treated as an enabler to fast-track some of these change in culture,” Tong said. “I think the ability to accept a less-perfect solution should be applauded. I think that’s a fundamental change in how we’re dealing with work.”