TAC The Advisory Council Expertise-as-a-Service Has Arrived
Home Services & Products Events & Workshops Results Our Experts About Us FAQ Contact TAC News

Question: What technical and security issues should we consider when setting up a telecommuting program?

Our advice: With the increasingly global economy, businesses are dependent on their staff and customers being able to access potentially sensitive business data from anywhere in the world. As a corollary, once they've enabled remote access, many companies have found that telecommuting can improve staff productivity and response time, while reducing fixed costs in office space requirements. Implementing a viable and secure remote-access policy requires the use of appropriate security systems and tools, proper levels of IT support, plus a knowledgeable workforce, or your company could be vulnerable to serious security problems. Fortunately, with careful planning, businesses can implement a secure remote-access policy successfully.

The foremost technical challenge in implementing a remote-access and telecommuting policy is securing access to sensitive company data. Until recently, the most common solution was an IPsec (Internet Protocol Security) or Point-to-Point Tunneling Protocol VPN, where the remote computer becomes a virtual node on the internal network. Although great in theory, in reality the technology requires often clumsy client software loaded on potentially improperly secured computers. In addition, because an IPsec VPN encrypts every network packet, it often degrades network performance on lower-speed home or remote Internet connections. If a large percentage of your workforce already has company-owned laptops, and proper training in basic computer security, this technology can be successfully implemented.

However, if you're planning to allow staff access to internal data from public kiosks or home equipment, you should consider deploying a Secure Sockets Layer VPN. SSL VPN, which is based on the widely used Web security technology SSL, offers the advantage that it's designed to deliver secure access to your internal systems at the individual user and application level without requiring special client software. This gives you the granularity to develop access policies based on individual roles and responsibilities. Some of the newer systems offer client-aware software that checks if the connecting computer has the proper security systems or applications installed. If the system fails to detect antivirus or other protection, it can deny or limit access. The tradeoff is higher IT administrative overhead to manage often complex security and access policies. Since SSL VPN is relatively new, many of the systems are still proprietary, and integration with applications is hit-or-miss. For companies that have fairly simple access requirements and the right mix of applications, SSL VPN can offer powerful and highly granular access security at a reasonable cost.

No matter how advanced the technology, remote-access policies are dependent on proper staff training and expectations. Remote users require more IT support because they're away from the informal coworker support network. This can be mitigated by better application training and certification; however, treat remote access as a privilege, not a requirement, and you'll achieve higher levels of productivity and a more-satisfied workforce. If employees understand that maintaining current antivirus software and secure firewall settings is in everybody's best interest, then administrative overhead can be minimized.

Telecommuting and remote access can be a viable option for your business, if you're careful to implement a proper staff-training program, have a solid understanding of staff access by application and user type, and are willing to devote the resources required to maintain proper security policies.

-- Beth Cohen


  • What does a CIO have to do to establish a leadership-development program for the IT organization?


  • How do I develop a information-technology plan when the company itself doesn't have a strategic plan?


  • What are the most productive tasks an IT leader can focus on?


  • After three years of downsizing and cost cutting, how do I motivate my management team and build a high-performance organization?


  • As the economy turns around, what IT skills will be most in demand this year?


  • How should we manage change in our IT infrastructure to minimize risk?


  • Several weeks ago, you wrote about when a project-management office makes business sense. What is the appropriate design for a PMO?


  • The economy seems to be picking up. Looking ahead, how do I retain good IT people in the face of an improving IT market while my budget remains under pressure?


  • What IT skills will be most in demand this year?


  • How do I objectively evaluate the readiness of my organization to support emerging business requirements?


  • What cultural and people factors are important to consider when building IT capabilities to support manufacturing factory and retail operations in China?


  • How could the Project Management Institute help us effectively manage real-life IT projects to ensure success?


  • How do we make our communications proactive, rather than only getting to them when there's a crisis?


  • What are the critical success factors to achieve and maintain strategic alignment?


  • How can we develop an enterprise architecture across disparate business units?


  • How can I develop a long-term information-technology plan when my company doesn't have a strategic plan?


  • What attributes and features should we consider when selecting IT asset-management software?


  • As an overworked IT manager, what can I do to reduce my workload while maintaining high availability and good security?


  • We're under management pressure to outsource application development and to cut staff, but I'd rather get more value from our existing staff, who know our business. How can I broaden their skills?


  • As business picks up, what should I do to rebuild my organization, tactical plan, and internal-management processes?


  • We have a strong team that I'd like to make stronger. How do I instill more leadership qualities and skills into my team?


  • What organizational structure would be most effective for information-security governance?


  • How can we achieve effective process ownership within our IT organization?


  • What organizational, people, and process issues should we consider when setting up a telecommuting program?


  • We've cut staff so much in the last four years that I'm wondering if I can afford (from a work perspective) to take vacation this summer. What can I do to reduce the chance of something unraveling catastrophically while I'm away?


  • A few weeks ago, writing about creating a vision statement, you said "seek expert facilitation to reach a vision supported by all." Where can we get this expertise?


  • We know that we could save money by consolidating servers currently scattered across business units. How should we address the political issues around getting the business units to give up their servers?


  • What level of IT spending is appropriate for a midsize to large financial organization?


  • How should we assess our IT organizational structure and processes?


  • How can we retain good IT people in the face of an improving IT job market?


  • How should we determine the appropriate network-support staffing level for a 10,000-node network?


  • What strategies are most successful in a "political" organization?


  • How can one reduce behaviors that are wasteful of IT resources?


  • How can we raise the IT knowledge of non-IT employees?


  • I'd like to establish a management mentoring program within my organization. How should I start?


  • How should we deal with the cultural and skill-set changes needed when moving from mainframe-based applications to client/server and Web-based applications?


  • We're considering setting up our own IT-abuse investigations group. What issues should we consider in making this decision?


  • How should we assess and set priorities for our IT project portfolio?


  • What features should we consider when selecting portfolio-management dashboard software?


  • How do we minimize the negative impact of project cancellations on IT staff morale?


  • After three years in my current CIO position, I still find myself out of the loop when it comes to strategic business decisions. What can I do about this?


  • Many large companies have a project management office responsible for portfolio and program management. When does a PMO make business sense?


  • After the extended economic downturn, we need to create a new vision for the organization. How do we do that?


  • What technical and security issues should we consider when setting up a telecommuting program?


  • How do we change IT from reactive to proactive in a change-resistant corporate culture?


  • How can the CIO shift the IT organization's mindset from service delivery to value creation?


  • What criteria should be included in the due-diligence assessment of IT at an acquisition candidate?


  • How do I establish my credibility with the CEO, chief operating officer, and CFO?


  • How do I motivate my technical staff to cooperate with staff from our offshore outsourcing vendor?




    • ©2002-2010 The Advisory Council Inc. All rights reserved. Privacy Policy & Guidelines | Terms & Conditions