May 6, 2009 By Dan Lohrmann
To buy or not to buy (more telework capacity) - that is the question during an epidemic. As the H1N1 flu situation evolved rapidly over the past two weeks, CIOs, CTOs, CISOs, and other government technology officials faced (and still face) a series of tough buying decisions in difficult budget times.
When the World Health Organization (WHO) raised their pandemic alert level from 4 to 5 (the second highest level), organizations were told to begin implementing their pandemic plans. No problem - right? A few years back, governments created pandemic plans in preparation for Asian bird flu, so these plans have not even had time to gather dust. In Michigan, we have an excellent plan which we are following. (My focus in this blog is only on the technology-related actions.)
Government Technology Magazine ran a nice background piece on this telework question last week. They brought up some great points about the overall capacity of Internet Service Providers (ISPs) access into homes during emergencies. They also pointed to success stories in states like Virginia. Still, I'm confident that many cash-strapped government organizations face difficult buying decisions at a time when we all need to do more with less.
Unlike most emergency situations, such as a fire or tornado hitting a building or data center, a pandemic could leave your infrastructure intact with your staff at home. Whether your employees are caring for family members, watching kids whose schools are closed or recovering from the flu themselves, staff may not be in the office.
So this question will quickly come up: How many people can work from home (connect securely to government networks) at the same time during a pandemic? Putting aside the business-related process questions around working with others, computer applications, etc, we faced the following dilemma:
1) Approximately 13,000 Michigan State employees (out of about 55,000) have laptops. The others who have computers use desktop models. Should we buy more laptops in bulk and make them available? At about $900-$1,000 each, one thousand laptops would cost almost a million dollars.
2) With available telecommunications equipment, we can handle about 4,500 simultaneous Virtual Private Network (VPN) connections. This infrastructure is more than triple our normal demand. Increasing capacity to handle an additional 15,000 or more VPN connections could be done by buying more telecom equipment.
3) Other facts - most employees can already use their home computers for non-sensitive data and connect to the Michigan network for their Microsoft Outlook or Novell Groupwise email needs. However, our policies only allow home computer use for access that does not contain personal data that could cause a data breach (ID theft) or cause a privacy violation.
In a nutshell, the decision looked like this: should we spend precious dollars now or wait for pandemic level 6 to arrive when equipment might not be available from vendors for weeks or months? We are facing budget cuts and even staff layoffs in Michigan, so there are never enough dollars.
True, this infrastructure may still be used in the future after the flu situation ends. However, stockpiling laptops is generally a bad idea, since the equipment can quickly become "the old model" that customers don't want. Does the situation call for emergency technology purchases now? I'll tell you what we decided in a later blog.
One final item, many governments organizations (like Michigan) are in the process of replacing desktops with laptops over time, but the transition is happening over several years. We are also looking at virtual desktops and other new technologies to help this situation (a good topic for a future blog). Finally, we do have a few hundred spare laptops for emergencies - but nowhere near enough for every need during a full pandemic outbreak if thousands of state employees stay home.
So what would you do in this situation? More important, what have you done?
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.