EPA wants digitization and enterprise solutions for a hybrid

Telework enabled the Environmental Protection Agency to continue its work for the past two years. But the agency’s workforce was largely equipped with issued laptops and mobile devices well before the pandemic hit.

Although EPA operates across a wide number of locations, employees are still mostly in office-style settings, according to Chief Information Officer Vaughn Noga. He expects the agency to move toward a hybrid model, and how well his office can serve both office…

READ MORE

Telework enabled the Environmental Protection Agency to continue its work for the past two years. But the agency’s workforce was largely equipped with issued laptops and mobile devices well before the pandemic hit.

Although EPA operates across a wide number of locations, employees are still mostly in office-style settings, according to Chief Information Officer Vaughn Noga. He expects the agency to move toward a hybrid model, and how well his office can serve both office workers and remote workers will be the measure for success.

“That’s really how we engage effectively with the workforce to make sure that we’re driving inclusivity, that we don’t have a meeting where we forget to include the remote worker on the meeting,” he said on Federal Monthly Insights — Secure Tools for a Telework Future. Those are things that we are certainly focused on right now, making sure that the technologies can support that hybrid environment.”

The move to mass telework for federal agencies drove many discussions around space, leveraging it and the costs associated with it. Recently, Noga said he has not heard much of agencies sharing their extra office space with remote workers from other organizations, but he did recall the General Services Administration offering “telework centers” in the past.

What is in motion, however, is the transition off virtual private networks for 100% connectivity of workers. Noga’s office is moving employees, him included, off VPN except for applications or systems that absolutely need it. EPA transitioned to Microsoft Office 365 several years ago, and the suite of capabilities provides the access and communications tools employees generally need, he said. EPA secures and encrypts data at the endpoints, and employees cannot use personal loan computers to connect and download data to their personal devices. For years, the agency has centrally managed all mobile devices, including the apps installed on them, as an enterprise service.

“There are several applications that are behind the firewall that folks would still need to use the VPN get to, and we do that by choice. But I see a big shift there as well, certainly with the zero trust memo that was released,” Noga said on Federal Drive with Tom Temin. “We’re looking at how we equip those, enable those for multi-factor [authentication] so we can get out from underneath or behind a VPN.”

Most of the directives in last year’s “Executive Order on Improving the Nation’s Cybersecurity” were measures which Noga said EPA had been doing for years, so his office feels confident they can meet the requirements. He advised adopting the enterprise level wherever possible.

“It made it much easier for us to manage that holistically. And I think other agencies probably should look at where do I want to manage something at the enterprise level?” he said. “For instance, at the agency, all network connections are managed through a single organization. So across all of our locations, a single entity is responsible for that connectivity.”

The single point of control extends to connections to commercial cloud providers, as well as the agency’s own servers. EPA leveraged GSA’s Cloud.gov site, Amazon Web Services and Azure connections, which are all managed centrally to, as Noga said, “manage the endpoint and really take the middle out of it.”

His office is cognizant that the combination of remote access and zero trust can frustrate users. Training to access data from two different methods, remotely and in the office, creates confusion, so for EPA consistency within technologies is the goal.

Multifactor authentication is also key, and the agency transitioned to Login.gov because it was a successful shared services solution already, he said.

After two years of mass telework and even longer for telework in general, people’s expectations for what facilities and capabilities they need to do the job are crystallizing. That includes printing, and Noga said the push to go paperless, which started years ago, hinges on a workflow that only uses wet signatures in necessary cases. EPA also does not want to receive data in paper format, such as information collection submissions and responses to data calls.

“By having it in a workflow, you could actually store the data on the back end. And the goal is that it should take one person respond to data call, not the entire agency,” he said.

It is easy to accumulate digital file folders that, like paper versions, are hard to navigate. He said his office is trying to store data in a location that is accessible either by the individual or through management on the backside. That is a change he anticipated would evolve over time as old habits die hard.