Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity NewsGovernment: Federal, State and Local

NSA outlines requirements for secure collaboration services for US government telework

By Chris Howell
cybersecurity-laptop
June 26, 2020

Recently, the NSA published guidelines for secure collaboration services for telework. Due to COVID-19 concerns, many United States Government (USG) personnel must now operate from home while continuing to perform critical national functions and support continuity of government services. With limited access to government furnished equipment (GFE), such as laptops and smartphones, the use of commercial collaboration services on personal devices for official use has become somewhat unavoidable. However, the sudden surge in the use of some remote teleconferencing and messaging tools triggered a cascade of security issues, which have caused many organizations to move away from those products almost as fast as they came on.

Across all sectors, the rush to communication and teleconferencing solutions during the COVID-19 pandemic has intensified another, pre existing global pandemic called “Shadow IT” - the relentless urge for individuals on the front lines of an organization to find their own solutions to information technology problems, often beyond management’s reach (i.e. on personal devices) and often in violation of organizational security policy. Given what’s happened in the past months, I think it’s fair to say this problem just got a lot worse.

For the military, the stakes are higher. What others see as personal privacy issues the Pentagon sees as operational security issues. Take, for example, the use of seemingly harmless consumer-grade entertainment app TikTok, which was feared could be used by a foreign government to spy on service members. Or, fitness app Strava, which even though it was installed primarily on personal devices, still provided location-based features that could be leveraged by malicious actors to locate secretive military bases and patrol routes and even track soldiers from these locations back home. Simply put, your average consumer-grade social networking or messaging service is not built to address the security and privacy needs of the federal government or other serious business - it’s built to exploit the mountain of user data it collects as a condition of service.

The antidote to Shadow IT? Guidance. I have to say I cringed a little when the Department of Health and Human Services (HHS) decided to waive penalties against medical providers who use remote communication solutions that do not comply with HIPAA privacy and security regulations. Not that anything should get in the way of saving lives, of course, but those of us in the information security business know that security threats don’t respect timeouts for national emergencies. In fact, based on what we’ve seen, the scammers of the world exploit every crisis they can and the weakest among us to perpetrate their schemes. Shameful, but true. I would much rather have seen HHS issue supplemental guidance focused on helping medical providers inexperienced in remote patient care find appropriate tools. It is, after all, patient information that’s at risk when providers reach for insecure solutions.

I believe that desperate times call for rational measures, not desperate measures. In that vein, the new NSA guidelines are a breath of fresh air. They don’t just offer conclusions, they provide a thought process and key measuring sticks to help the reader independently assess the security worthiness of teleconferencing products. They are technical to a point, for example to explain the merits of end-to-end encryption vs. traditional encryption, but speak well to the non-technical too, with simple tips like ensuring you can control who connects to a meeting. And, while they’re aimed at U.S. government employees and military service members, they’re universal enough to be just as useful to those in the private sector.

This kind of advice is sorely needed right now. Millions of people are facing the challenge of working from home under the significant stress of managing their family’s safety, supplies and sanity. More people working remotely means a larger attack surface for cybercriminals and nation states to exploit. While some military branches and federal agencies are ahead of the curve, for many others, best laid plans in preparation for such a contingency went out the window weeks ago, and it’s a fair bet that in the scramble for those decision-makers to find the tools necessary to remain productive, security risk may not have been top of mind. The NSA guidelines come at the right time and remind us that crunch time is the time to be doing security better - not worse. Regardless of where we are or how we got here, it’s never too late to get back on track.

KEYWORDS: cyber security Government Security information security national security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chrishowellpic uai 258x258

Chris Howell is Wickr’s co-founder, co-author of numerous patents for Wickr’s underlying technology and CTO responsible for technical strategy, security architecture and product design. Prior to Wickr, Chris spent nearly a decade in law enforcement with the NJ Office of the Attorney General/Division of Criminal Justice specializing in computer crime investigation and forensics. He also spent several years in the private sector, working in information security and incident response with Pershing and in application security consulting with Aspect Security. Chris graduated from Rutgers University with a B.S in Computer Science and Administration of Justice and received a M.S in Information Assurance from Capitol College in Maryland. He has earned a CISSP and various other industry certifications and has served for more than ten years as an Adjunct Professor at the New Jersey Institute of Technology, teaching courses ranging from Computer Security to Digital Privacy.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber 2 feat

    White House Outlines Parameters for Withholding Security Vulnerability Information

    See More
  • Security newswire default

    US Government Gets Lower Ratings for Handling Disaster Response

    See More
  • drone

    Federal plan outlines US counter-drone measures

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing