The Centers for Disease Control and Prevention has a telework security challenge: about 2,000 civil servants at CDC are regular teleworkers (working remotely at least two days per pay period), according to Joe Jackson, chief of the customer services branch of CDC's Information Technology Services Office. CDC has turned to desktop virtualization as a way to provide its teleworkers with all the applications they need to do their jobs from home—and do them securely.
This [server farm] provides the teleworker with the virtual desktop they are familiar with and protects [against] bridging the home and enterprise networks.
Information System Security OfficerCDC's IT Services Office
At CDC, teleworkers access a virtual desktop from home through XenApp and other technology provided by Citrix Systems Inc. "We have a large server farm that has been configured for office products and any specialized software [employees] might use while in the office," said Curt Sizemore, information system security officer in CDC's IT Services Office. "This provides the teleworker with the virtual desktop they are familiar with and protects [against] bridging the home and enterprise networks."
CDC's IT Services Office restricts the use of virtual private network (VPN) technology for its remote users. "If for some reason the teleworker has specialized software that cannot be loaded on our server farm, we do offer VPN connections," Sizemore said. "VPN connections, however, are very limited to reduce the risk of bridging." CDC officials said that the use of VPN access to the agency's network is rare and that a request for such a connection even requires an employee to submit a business case.
By virtualizing the teleworker's desktop and delivering applications from a central point, CDC realizes some major telework security benefits. One is that CDC can control access to applications from its data center—and reduce security risks--because the applications don't reside on the computer that the teleworker is using at home, officials said.
"The data never leaves the data center," said David Smith, chief technology officer for Citrix Federal. "By running an application or desktop in the data center, you're delivering a view of that application to the end user."
As a result, a virtualized environment protects CDC's data from any malicious software that might infect a teleworker's home computer, said Lew Newlin, associate director for IT infrastructure, emergency preparedness and security at CDC. "On the user's exit, the session is destroyed in the virtual environment so nothing is there [on the user's machine]," he said.
A virtualized teleworking environment also gives CDC better control of how a teleworker accesses and uses information. For example, the agency can apply different security policies to users who connect on government-furnished equipment than those who use other devices. By using Active Directory, administrators can add or delete users quickly. And if the need arises, the management tools associated with the virtual desktop environment can report on who uses which applications when and what they do with them.
All of which adds up to greater telework security at an agency where telework is on the rise. Currently, 27% of employees who could telework do, up from 18% a year ago.
About the author:
Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 10 years.
This was first published in August 2010