How Montana is navigating its ‘work-from-anywhere’ policy

Montana CTO Matt Van Syckle said continued remote work will require new considerations of state government's software and cybersecurity capabilities.

As vaccines are doled out with increasing frequency across the country, remote work isn’t going away, Montana Chief Technology Officer Matt Van Syckle explained in a virtual conference on Monday. Instead, he said, state agencies should consider adopting a “work-from-anywhere” policy with their employees to take control of what will now be an “ever-evolving” work environment.

The difference that distinguishes his state’s work-from-anywhere policy from a work-from-home policy, Van Syckle said during an event hosted by VMWare, is that Montana will encourage state employees to work in different state-owned buildings, potentially with different teams, as much as it will support hybrid or fully in-office work schedules. The different work systems, which have yet to be fully fleshed out, Van Syckle said, will also place a priority for the state on ensuring its thousands of digital applications are cloud-accessible, something Van Syckle said the state is also still working on.

“The work-from-home strategy, we tried to approach it as a work-from-anywhere strategy, and I think it’s going to bode well for the future of state government here in Montana,” he said.

But allowing staff to work from anywhere requires a robust IT infrastructure, Van Syckle said, something that not every state or agency had during the sudden closure of government buildings at the onset of the pandemic. To solve that problem in early 2020, he said, many of his fellow CIOs and CTOs used virtual private networks to connect remote employees to state servers. But since that sudden shift to remote work, VPNs have become a sort of “boat anchor” for government IT officials, Van Syckle said, limiting the digital access of remote employees.


“Some legacy apps, you need to be almost in this building on this desktop logged in with this username and password on Fridays of a leap year in order for it to work just right,” Van Syckle said. “And that doesn’t work well in a work-from-anywhere environment. You need to have a cloud-native app or a modern workplace in order to deliver that app. So I think we need to get back to basics in identifying those apps that have this unique work environment needed in order to function.”

Removing manual processes will be Montana’s next priority for ensuring a successful work-from-anywhere environment, Van Syckle said. That will include automating Montana’s cybersecurity processes and instating zero-trust architecture “all the way out to applications, desktops, service-delivery and to the user,” he said. As ransomware attacks on state enterprises increase in frequency and become more lucrative for malicious actors, he said, agencies can’t rely on manual responses to keep up with the state’s entire application library.

“We see that because the bad guys are automating their attacks,” Van Syckle said. “It’s not enough to say ‘we got an alert, we’re going to notify a 24/7 operations response center.’ We need to have that response automated. So the ability for phishing attacks to be automatically detected, automated response and automated remediation. Those things should be zero-touch.”

Ryan Johnston

Written by Ryan Johnston

Ryan Johnston is a staff reporter for StateScoop, covering the intersection of local government and emerging technologies like blockchain, artificial intelligence and 5G.

Latest Podcasts