Brent Hansen | Federal CTO
As the U.S. federal government contends with a tidal wave of demands in the COVID-19 battle, agencies are pushed to unprecedented limits. Some good news: the U.S. government is excelling with digital transformation (DX) which is critical in this time of crisis as the cloud becomes a crucial dynamic with the world working remotely. New digital capabilities are enabling data to be more fully utilized. Unfortunately, some ground is also being lost in a tradeoff between aggressively transforming technology and data security.
Increased use of technology, but a security disconnect
For the past eight years, Thales has closely studied findings of annual IT research that delves into issues federal IT decision makers face. This year’s 2020 Thales Data Threat Report – Federal Government Edition reveals that as the U.S. federal government aggressively implements cloud, mobile, and the Internet of Things (IoT), a leader relative to the rest of the world – even when compared to the business sector. This could prove beneficial considering how the workforce so rapidly moved to a remote environment. This year’s report also tells us that the vast majority (71%) of federal IT professionals believe data is very secure – a finding that’s incongruent with reality.
Breaches remain an issue
Breach rates continue to rise and encryption is still too low. Nearly all (99%) of federal agencies say they have at least some sensitive data in the cloud that’s not encrypted, and 29% have been breached in the past year. COVID-19 places additional strain on data security as more people work from home (stretching IT departments), and with hackers capitalizing on the overall situation.
Looking to the future: IT modernization is never done
Fortunately, for the past couple of years, Federal CIO Suzette Kent has been publicly speaking about IT modernization and stressing that agencies should never consider it to be “done.” Her concept that technology is a “constantly evolving journey in which agencies must always be looking ahead” likely contributes to confidence federal agencies have in deploying new digital capabilities, and helps with zero-trust progress.
The report showcased that more than half (54%) of the federal government’s data is in the cloud – including unencrypted sensitive data – so we know there’s more work to do. For example, while zero-trust is the right approach, it’s not fail-proof. This strategy requires continuous validation and verification, reinforced with security measures such as encryption and tokenization. And, with quantum computing on the horizon – which 78% of federal government respondents believe will affect their organization in the next five years – agencies must get started on planning their infrastructure adjustments now.
As the remote workforce continues to expand, and federal agencies take on larger workloads, agency CISOs may need to serve as project champions and advocate for a larger proportional share of overall security budget. Business continuity depends on it.