Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Pointsec Provides Government Agencies with Guidelines for Safe Telework Practices

Guide Extends NIST Security Requirements to Securing Endpoints for Federal Telework Programs

Chicago – September 13, 2005

Pointsec, the global leader and the provider of the de facto standard for enterprise security software for laptop and desktop PCs, PDAs and smartphones, today offered information security guidelines to government agencies providing telecommuting options to employees. In its "Guide for Securing Federal Telework," Pointsec outlines agency statutory requirements for establishing a telework program and describes typical technologies used for telework and security applications.

Telework provides numerous benefits to federal agencies and employees, including relief of traffic congestion and pollution, employee flexibility, increased productivity, reduced overhead and even continuity of operations in an emergency. In fact, these benefits have become so well-documented that Congress is now encouraging agencies to provide telecommuting options to employees. A provision of the 2005 Omnibus Appropriations Bill authored by Rep. Frank Wolf (R-Va.) requires several major federal agencies, including the Commerce, Justice and State Departments, to permit their employees to telework or face budget penalties.

Efforts are now underway to extend telework accountability provisions and penalties to all federal agencies, and more than four dozen have implemented telework initiatives. However, creating a telework policy is only the first step. Agencies must also implement best practices, train employees and managers, provide adequate technology and implement controls and safeguards that protect the systems and information used for telework.

It is critical that that the National Institute of Standards and Technology's (NIST) objectives for IT Security - confidentiality, integrity and availability - are extended to telework programs. Based on the NIST objectives, Pointsec identifies three areas of concern for telework:

  • Protecting the Network: The first goal is to prevent penetration or contamination of the agency network caused by a security lapse in telework endpoint equipment. Without protection technology, telework endpoints are easily compromised and can serve as a gateway for hackers into the agency network.
  • Protecting Equipment for Telework: Mobile devices often lack the same protection of guarded buildings and locked offices. They need "virtual physical security," such as whole disk encryption, as a layer of protection from unauthorized access to data stored on the device.
  • Protecting Data During Transmission: With the rising popularity of linking laptops to a wireless connection, agencies must be careful to secure the data flowing between these mobile devices. Typical wireless hot spots lack security, and data protection such as automated intrusion detection, encryption and SSL is needed.

NIST provides detailed guidelines for selecting and specifying security controls for federal information systems and describes four families of technical controls for security: identification and authentication, access control, audit and accountability and system and communications protection. While all federal agencies use most of these technical controls on their networks today, telework security requires these controls be extended to all network endpoints used by remote workers. Pointsec identifies authentication and encryption as two important steps to add virtual physical security to the endpoints. Authentication ensures only authorized people can access devices through passwords, Universal Serial Bus (USB) tokens and smart cards. Encryption protects from being intercepted during transmission or if a device is lost or stolen.

"Security should not continue to be a barrier to the adoption of telework programs by federal agencies," said Peter Larsson, CEO, Pointsec Mobile Technologies. "Security concerns can be addressed if careful planning is done at the start of the program roll-out to incorporate the appropriate mix of policy, education and technology solutions. Pointsec looks forward to working with agencies and our partners to help them meet their mobile security needs as they begin to implement larger telework programs."

Pointsec's Guide for Securing Federal Telework is available at www.pointsec.com/downloads/register.cfm?fileID=5

About Pointsec
Pointsec is the worldwide de facto standard for mobile device security – with the most customers deployed, highest level of certification and more complete device coverage than any other company. Pointsec delivers a trusted solution for automatic data encryption that guarantees proven protection at the most vulnerable point where sensitive enterprise data is stored – on mobile devices. By securing sensitive information stored on laptops, PDAs, smartphones, and removable media, enterprises and government organisations can protect and enhance their image, minimize risk, shield confidential data, guard information assets, and strengthen public and shareholder confidence. Pointsec's customers include blue chip companies and government organisations around the world. Founded in 1988, Pointsec Mobile Technologies AB is a wholly owned subsidiary of Protect Data AB, publicly traded (PROT) on the Stockholm stock exchange. The company has two U.S. offices, nine EMEA offices, two APAC offices and one branch office in Dubai, Middle East. Pointsec can be found on the web at: www.pointsec.com.