TELECOMMUTING


Connecting The Islands: Disaster Recovery Planning For Teleworking Environments

By ADELLE A. McILROY, CBCP, CISSP

 

Teleworking has become an integral component of cost-cutting, quality, and employee satisfaction initiatives for many mid-sized to very large companies. Studies show teleworking can save productivity lost to commute delays or absenteeism, and can minimize overhead costs of an office facility by reducing or eliminating the need for a central work site. In addition, with more complex personal obligations, such as child or parent care, and the desire for flexible work schedules emerging in many employment markets, a program to allow employees to work full- or part-time from home can be a great advantage in hiring and retaining top talent.
However, disaster recovery (DR) for a company heavily dependent on teleworkers requires planning and preparedness. This article will focus on the special needs for the teleworking environment, the issues to be addressed for both the teleworker and the central organization, and recommended practices to ensure successful continuance and recovery.

Characteristics of the Teleworking Environment
The Yankee Group profile of teleworking employees indicates that in most cases teleworkers have more formal education and a higher income level than the average corporate employee, and are more familiar with mobile technologies, such as mobile phones and wireless networks.
Also, small businesses typically do not support teleworking, so the vast majority of teleworkers are employed in medium, large, or very large companies. Within the “teleworker” category, there are two basic types: the mobile worker and the telecommuter. Although there is no industry-standard differentiator, the two categories can be described as follows.
The “mobile worker” typically spends at least 20 percent of each week’s work hours at a location other than the corporate office, perhaps a home, hotel, or client site. A high percentage of mobile workers use laptop or other portable computers. The “telecommuter” tends to fit one of two profiles:

1. An employee who works from home as a convenience, but still uses a corporate office, or,
2. An employee who has a function that can be easily decentralized and has no corporate office, such as a remote data entry clerk.

The telecommuter works from home at least one full day a week, and in the case of the second profile, is likely to work from home nearly every day, visiting a central office for training, etc., but not to perform the primary job function.
Based on a synthesis of reports from International Data Corporation and The Yankee Group, there were approximately 36 million teleworkers in the U.S. and Western Europe in 2000. Growth of nearly 200 percent is expected by 2005.

Specialized Factors for Teleworking Recovery
Business continuity and disaster recovery planning for the teleworker environment is driven by several factors that distinguish it from traditional office-centric strategies.

Increased Virtuality
Teleworkers are “virtual” employees because their interactions with the central organization are far more dependent on their electronic connections than those of officebased employees. The teleworker sends and receives almost if not all communication via remote access networking, electronic mail, fax, voice mail and telephone conversations. For example, the remote data entry clerk may receive information to be input via a voice mail or fax, and may perform the data entry over a virtual private network (VPN).
The teleworker cannot participate in the “hallway” and “water cooler” conversations that occur in the central office. The impact of this virtuality may not be significant in a company dominated by a formal communications environment (e.g. interoffice memos, interoffice mail, procedures manuals, departmental newsletters). However, in a company in which decisions are made in impromptu meetings, the teleworker will quickly be excluded from decision-making, and may be operating on outdated information. Company practices regarding interactions with other employees, and with clients, are often communicated through observation of other employees’ behavior. These same interactions also build trust through familiarity and both professional and personal conversations. The teleworker does not have the advantage of these interactions.
Also, the physical distance of the teleworker may result in a lack of awareness about events occurring in the geography of the central office. For example, a teleworker in another state will not be able to distinguish between a remote access failure caused by a power outage due to a lightning storm (ETR one hour – do not activate DR plan), or a massive fire (ETR weeks – activate DR plan), since neither the weather outside or the local news will relay this information.

Network Usage
The teleworker uses both Internet and remote access connections to obtain use of the corporate resources. They often connect from outside the firewall and rely on services and technologies that are not used by office-based employees. As a result, teleworkers may be subject to interruptions and threats that do not affect office-based users, such as firewall maintenance, or denial of service attacks at the perimeter.
In addition, teleworkers’ increased reliance on centrally stored data may cause higher productivity losses if their network connection is unavailable.
When remote access is obtained over the Internet, the teleworker is usually responsible for providing the network connection. The teleworker submits expense reports for this cost that are then reimbursed by the company.
Additional complexity is introduced by this lack of standardization, and by the possibility that failure of a provider, not used by the company centrally but used by teleworkers, will require a recovery plan. The teleworker may also choose to obtain a “bundled” plan for convenience of payment, which also introduces further redundancy issues (non-payment of a “bundled” mobile, home telephone, and broadband invoice will terminate all three communication lines simultaneously).

Decentralization
The two most likely DR scenarios for the teleworker are:

1. the teleworker “island” experiences a local failure, or
2. the “mainland,” or the connection to it fails and the teleworker must failover to an alternate.

In scenario 1, the teleworker will notify the central support organization and should have the ability to use central helpdesk support. In scenario 2, the teleworker will be the principal agent of his own recovery. Unlike an office-based recovery in which a limited number of skilled resources can support a large number of users, the teleworker recovery requires that the teleworker execute their own recovery plan. The teleworker must therefore be better trained to handle situations such as changing destination IP address, hostname, URL or phone number.
The decentralized nature of the teleworking environment promotes easier recovery in that a lower proportion of workers are affected by geographically related incidents such as inclement weather.
In addition, businesses that have standardized the model for the teleworker (as in the remote data entry clerk example) often have redundancy since the volume of work can be redistributed to operating teleworkers, who can operate at a higher volume level until the failed teleworkers are restored.

Lack of Workspace Control
The teleworker is not subject to peer pressure to conform to office protocols. Teleworkers may therefore be less motivated to report incidents that do not affect daily performance or which might reflect negatively on the individual. Without peer or supervisor oversight these incidents are unknown to the central organization. For example, a broken backup drive or faulty tape will not impact a data entry task, and taking the time to fix it may reduce the number of items entered, making it a lower priority for the teleworker.
Additionally, the teleworker’s computer is often multi-use, serving both for corporate access and for personal use. As a result, non-business activities can have business consequences. For example, a teenager using the computer to access hacker sites may well invite compromise of the local machine.

Time of Day Distribution
Teleworkers often work in different time-of-day usage patterns than most office-based employees. Although most teleworkers adopt a consistent individual pattern, they often choose schedules based on unique situational requirements. For example, childcare, which may occupy the teleworker during the early morning, and after school hours. For the recovery planner, the major impact of this factor is the need to ensure 24 x 7 availability since teleworker hours are flexible. This requirement may introduce the necessity of hot backups for remote systems, load balancing, and rolling maintenance (in which only part of a redundant system is taken down for maintenance at any time).
However, there are also some load balancing/peak management improvements since the flexible hours reduce the likelihood of events such as the typical 8:30 a.m. logon peak that happens in an office.
To address the specialized needs of the teleworking environment, both managers and teleworkers must take on new responsibilities.

Recommendations
The following recommendations are designed to address the specialized factors in the teleworking environment as they relate to business continuity and disaster recovery planning.

1. Establish a robust formal notification channel to be used for ANY service interruption to ensure teleworkers are informed about the possibility of disaster recovery plan activation.

This channel provides a reliable means of ensuring the Estimated Time to Repair/Recovery is communicated to teleworkers, as is the decision to invoke the DR procedures. In addition, the reverse information flow provides a reliable means of ensuring the teleworker can communicate to the central organization if a recovery scenario of type (1) is required.

2. Establish clear procedures regarding the centralization and storage of all teleworker data, including contact lists, e-mail addresses, URLs, and any information used to manage teleworker virtual relationships.

The dependency of the teleworker on contact lists, telephone numbers, etc. requires that this information be included in the data backup scheme for the organization. In the interests of security, many teleworking environments adopt a strategy in which data is stored centrally and accessed by the teleworker only as needed. In this case, data backup is handled by the central organization. Note that data should be recoverable by a trusted individual as well as the teleworker. In a recent situation in Norway, a large database was found, after the employee’s sudden death, to be encrypted with an unknown passphrase4.

3. Determine those events which, although not affecting officebased users, will affect teleworkers, such as firewall downtime or penetration attempts from the Internet.

Since the teleworker is both an “outsider” in their access to the corporate network, and an “insider” in their need for access, the conditions in which they will require additional or different strategies from office-based users must be clearly identified and managed.

4. Train new hires immediately upon employment and periodically retrain teleworkers on good practices that would ordinarily be addressed by office protocol, such as interemployee behavior, client interaction, and workspace control.

Since teleworkers do not have the advantage of daily interaction with the office environment, training should be delivered to provide them this information. Training should include:
Workspace Control Best Practices: Maintaining a proper work area, separation of personal and corporate information and assets, care of PC hardware, care with food or beverages in the vicinity of the PC.
Client/Employee Interaction: If the teleworker will interact with clients, the proper tone and demeanor should be demonstrated. In addition, the corporate approach to customer satisfaction should be explained. Also, the degree of authority for the employee should be clearly delineated.
Employee/Employee Interaction: The teleworker should be informed of corporate policies regarding employee/employee interactions, such as diversity and sensitivity policies.

5. Include in each operating procedure the metric by which compliance will be measured, and perform management audits of compliance to ensure procedures are followed. Audit new hires within one month of employment.

Without the casual oversight possible in the office-based environment, managers must formalize the review of employee performance. For example, if backups are required, compliance with backup procedures should be audited. An example spot check would verify that appropriate backups were performed for the critical data set at the appropriate time, and were sent off site as needed. As in a conventional backup strategy, periodic restores of backup media should be performed to ensure the restore is successful. In particular, auditing should be performed on new employees to ensure that backup procedures have been understood, and that the employee understands the importance of compliance.

6. Establish clear teleworker procedures for “mainland” disaster recovery scenarios.

The definition of expectations and tasks that the teleworker will perform in a recovery is crucial to the successful, unassisted recovery of the teleworker’s function once the plan is activated.
7. Perform regular, frequent failover and failback tests with each teleworker.

To ensure the teleworker can perform the recovery unassisted, frequent rehearsal of the recovery plan should be executed. For example, the teleworker could execute the DR plan periodically, redirecting transactions to a redundant server. Not only does this test ensure the teleworker will be prepared for a true recovery, but it also permits spot check monitoring on the underutilized redundant server.

8. Establish disaster recovery goals and expectations in the employee job description.

Teleworkers have DR responsibilities that must be part of their job description and performance objectives that must be established.

9. Establish an informal communications channel shared by teleworker and office-based worker.

Informal and undocumented communications channels that exist in an office-centric environment must be connected to a channel through which teleworkers can connect to the central organization. This channel provides a mechanism for teleworkers to participate in a collaborative culture, especially if decision-making is ad hoc, and informs them of company protocol. It also provides a non-supervisory channel in which employees can ask questions of other employees.
This auxiliary channel will reinforce company policies and protocols regarding DR planning. Informal channels can quickly be implemented using an instant messenger or chat environment.

Conclusion
Teleworking is likely to become an integral part of the business for many organizations over the next few years. As organizations adopt this new model, it is critical that their disaster recovery plans adapt and accommodate these highly virtual employees. With careful planning, the teleworking revolution will enhance DR plans and improve response capabilities organization-wide.


Adelle A. McIlroy, CBCP, CISSP is a security practice lead for International Network Services, a leading global internetworking consultancy, focusing on risk assessment and technical security evaluation and remediation. Please send comments to adelle.mcilroy@ins.com.

To comment on this article, go to 1601-07 at www.drj.com/feedback.

 

«BACK to the Articles Index
©Copyright 2003 Systems Support Inc. All rights reserved. Reproduction in whole or in part in any form or medium without the express written permission of System Support Inc. is prohibited.