- Eighty-one percent of IT and program managers from the Department of Defense want to see the agency further adopt telework, "even when things return to 'normal,'" according to a MeriTalk survey of 150 IT DOD personnel.
- Cybersecurity concerns were the primary challenge for the DOD as it adopted collaboration tools and 85% of respondents cited challenges. Less than one-third of DOD departments considered their posture "very prepared" for the transition to telework.
- Despite adoption of remote collaboration tools, 61% of respondents say the solutions leave "department networks, clouds and endpoints vulnerable." Only one-third of respondents rate their remote access to mission-critical applications as "excellent," according to the report.
The Pentagon has been slow to adopt the cloud and is famously reliant on floppy disks. The DOD relies on the physical security of the Pentagon to protect data, but 2020 pressured a reevaluation of digital security.
Most DOD IT (84%) and program managers (83%), admitted to "ill-advised security shortcuts" for handling department business, according to the report.
Long before the pandemic, in the private sector, 94% of CIOs and CISOs say they've also made compromising decisions due to a lack of visibility into endpoint security. Laptops, servers, virtual machines, containers and cloud infrastructure add to cybersecurity's complexity. COVID-19 made remote work entirely dependent on endpoint solutions.
Even in an office environment, security is designed around three types of employees: the average user, the IT professionals, and executive leadership.
The average user, prior to the pandemic, was hardly a top-of-mind concern for the National Cybersecurity Center of Excellence at the National Institute for Standards and Technology (NIST). An individual's home router is now part of an organization's security. The Pentagon holds upwards of 24,000 personnel.
For the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), which has a fraction of the DOD's employee count, "did pretty well" compared to its defense and intelligence peers, Bryan Ware, assistant director for Cybersecurity at CISA, said on a virtual panel in May.
Before telework, the agency used cloud-based services for email and communication but Ware was surprised by how much of CISA's mission can be done without coming into the office and in a declassified manner. "I expect we'll do more work that's not centralized in the national capital region" because of technology.
Right now CISA's focus is on finding solutions for the interim and long term to build confidence in security; especially as teleworking drives a new market of tools. However, there will always be exceptions to the rule and government agencies will have personnel who "have to touch computer hardware," said Ware.