Thales Blog

Getting Data Security Right: Government

August 20, 2015

Capital domeLast month was a big month for federal cybersecurity initiatives. With the announcement of the cybersecurity sprint results, many questions were posed by security professionals and businesses alike.

The results announced on July 31 were positive and include:

  • Federal Civilian agencies increased their use of strong authentication for privileged and unprivileged users from 42 percent to 72 percent – an increase of 30 percent since agencies last reported their quarterly data on
  • Specifically, Federal civilian agencies increased their use of strong authentication for privileged users from 33 percent to nearly 75 percent – an increase of more than 40 percent since agencies last reported their quarterly data on
  • Thirteen agencies, or more than half of the largest agencies – including the Departments of Transportation, Veterans Affairs and the Interior – have implemented the same level of strong authentication for nearly 95 percent of their privileged users.

However, when it comes to protecting data security, it’s a marathon, not a sprint.

ClickToTweet: Protecting data - It's a Marathon, not a sprint

As our fearless leader Alan Kessler noted earlier this month in his blog post, the federal government has seen better days. While Tony Scott has initiated a broad strategy, protecting data security requires specifics. Federal agencies must develop defined measures with the right use of technologies in order to combat both insider threats and nation-state attacks.

As we make our way into 2016, data security on a federal level will continue to be a concern. From legislation to military initiatives, the government must be up to the task to amplify efforts to protect our nation’s data.

Among other initiatives, it includes re-architecting infrastructure and applications for multi-factor authentication, obtaining and implementing new security solutions and changing people’s attitudes and work productivity. On the IT side, the single shift that would make the most difference is to take to heart the reality that analysts and industry pundits have been telling us for the last few years: it isn’t if your networks and applications will be penetrated, it’s when.

In tandem must come the protection of critical assets inside networks – most especially data and critical infrastructure. For too long, much of our IT establishment has spent their careers defending network boundaries and end points from intrusion. Now, not only are these perimeters penetrable, but they are also dissolving as government and industry adopt cloud and SaaS solutions. A cybersecurity shift is crucial if we want to prevent attackers from gaining access to government networks and stopping insider attacks like those initiated by Edward Snowden.

As noted in my previous blog post, the federal breaches are broad-reaching and are affecting practically every sector globally. While it’s urgent the federal infrastructure be fortified, we also need to re-examine the problem by observing the optics of a successful breach. With the volatile threat landscape and the rise of increasing threats, it’s clear that corporations and government agencies should team up more frequently to alleviate the risks of a cyber warfare.


Let’s get data security right.

Questions or thoughts? Tweet to me @Wayne42675 or visit to learn more.