The global pandemic continues to fluctuate, but the reliance on IT services and teams to support service continuity in the public sector remains steady. To ensure network operations continue running at peak performance, there are several actions government IT teams can take to consistently maintain a network architecture capable of supporting a remote workforce.
IT tools like support tickets and the IT service desk directly support end users and organizational goals; these should be nonnegotiable. Consider, too, creating a business continuity plan (BCP) to help business restoration efforts. Finally, ensure all members of your organization understand monitoring metrics and monitoring requirements so they can best evaluate telework risk and preparedness.
Let’s look at each of these critical elements and what government IT teams can do to stay ahead of remote worker demands and support ongoing organizational productivity.
IT Service Desk and Support Tickets
One year into the pandemic response, employees are still working from home. Yet managers continue to need assurance their employees are meeting organizational objectives. Key to creating this assurance is maintaining the status of support systems and ensuring employees can report access or other issues in real time.
Agencies must ensure their IT service desk system is easily accessible to employees so they can quickly create a trouble ticket if they experience issues. But it’s not just a matter of having a ticketing system in place. Support personnel responding to reported issues are most effective when the service desk ticketing system is integrated with existing remote support tools, network monitoring tools, and authentication tools like Microsoft® Active Directory®. Why is this the case? Having a performance baseline, monitoring and authentication history, and a knowledge base of previous remote employee issues helps the team more quickly and effectively identify and mitigate issues.
Remember, tools allowing support personnel to control remote systems and devices when resolving tickets will enhance support capabilities while minimizing response times.
Business Continuity Plan
Every organization should have a BCP. A BCP ensures an organization’s critical business processes continue running even during a disaster or emergency. With a BCP in place, government IT teams can react quickly and effectively to a crisis without risking a loss in organizational reputation or public confidence.
To be clear, your organization may already have an IT continuity plan—this is good news. Yet an IT continuity plan generally focuses on recovering IT systems after a crisis. A BCP, on the other hand, focuses on ensuring an organization’s services are continuously available during or in the immediate aftermath of a crisis.
What types of detail should an effective BCP cover?
A BCP typically includes guidance for maintaining all critical organizational functions during a crisis. Compared to disaster plans focusing solely on technical operations, BCPs also take personnel into account when considering business continuity. A BCP should ensure organizational data is backed up and stored externally to your operational environment and include an up-to-date checklist of information to help your employees keep in touch during a crisis. This checklist should also include incident response activities.
Lastly, a BCP should be tested prior to any crisis to ensure the information contained is readily available and can efficiently support response activities.
Did you know there are security, telework, and remote access best practices outlined in the National Institute of Standards and Technology’s Special Publication (NIST) 800-46, “Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security”? Here are just a few examples of evaluation metrics recommended by NIST to help support successful and secure telework:
- Enable scalability. Migrate organizational workloads to scalable, cloud-based solutions capable of accommodating a remote workforce and supporting continuity of operations per the BCP.
- Minimize the attack surface. Adopt cloud-based solutions designed to implement a single outbound port, preferably over an encrypted communications channel (e.g., HTTPS over port 443) that communicates with multiple internal endpoints.
- Enforce zero-trust access. Complex authentication and access management tools may increase the risk of a missed threat. Implementing zero-trust access, on the other hand, ensures all users—even those inside the organization’s enterprise network—must be authenticated and authorized prior to being granted or keeping access to applications and data. Zero-trust access incorporates technologies such as multi-factor authentication, identity and access management, and endpoint security technologies to verify the user’s identity and support system security policy goals.
One year into the pandemic, not much is changing; government IT teams must continue to effectively support long-term telework capabilities. Ensuring your service desk and ticketing system are integrated across all IT platforms, maintaining an up-to-date BCP capable of supporting organizational goals and personnel identification requirements, and migrating existing workloads to a multitenant cloud platform that implements zero-trust access and scalability will provide a solid foundation for future success.