- Research shows government agencies potentially positioned for benefits in the cloud in the current remote workplace environment.
- Cybersecurity remains a challenge as almost all respondents (99%) indicate they have some sensitive data in the cloud that is not encrypted.
- The impact of quantum computing is on the horizon as more than three quarters (78%) of federal agencies surveyed see it affecting them in the next five years.
According to the 2020 Thales Data Threat Report – Federal Government Edition, government is ahead of business with cloud adoption, but cybersecurity remains a challenge. Ahead of global organizations, U.S. federal government agencies have more than half (54%) of their data already stored in the cloud. The report also shows digital transformation (DX) is well underway with 68% of U.S. federal government agencies embedding digital capabilities in the enterprise and aggressively disrupting the services they provide, but this adds to security complexity and creates potential vulnerabilities.
Thales will host a webinar, “Data Security Trends & Threats U.S. Federal Government Agencies Need to Know,” to discuss the report in more detail on Wednesday, April 29 at 1:00 p.m. ET. To join, please visit the registration page.
The research report, now in its eighth year, focuses on findings from more than 100 U.S. federal government respondents, providing comparisons to non-U.S. governments and global organizations.
The federal government is quickly expanding technology use -- trending at the right time
The new research confirms government agencies continue to expand use of a wide variety of technologies including cloud, mobile, and the Internet of Things (IoT) to transform their operations and improve constituent services. This is of particular interest at a time when remote working is at an all-time, unexpected high. In fact, the report showed that the U.S. federal government views itself as a DX leader relative to the rest of the world, as only 30% of non-U.S. government organizations identify as either aggressively disrupting their markets or embedding digital capabilities.
Government agencies have a high sense of data security; compliance still top of mind
U.S. federal government agencies report feeling more secure even as they push DX which creates additional data security complexity. Federal government respondents in the U.S. feel more secure than the global sample, with 71% feeling very or extremely secure, compared to two-thirds (66%) of the global sample and almost half (45%) of non-U.S. governments.
In addition, compliance continues to be top of mind as more than two-thirds (67%) of U.S. federal government respondents are moderately to extremely concerned with meeting compliance requirements when it comes to public cloud data security issues. Compliance requirements also was ranked as the third most important factor impacting IT security spending decisions for U.S. agencies.
Gaps in perception versus reality when it comes to security
The report reveals that agency beliefs are incongruent with the reality painted by survey results. Twenty-nine percent of respondents have been breached in the past year, a higher rate than the global sample (26%). Rates of data encryption are low: nearly all (99%) of U.S. government respondents say at least some of their sensitive data in the cloud is not encrypted. In addition, multi-cloud usage, which presents additional vulnerabilities, remains a top barrier to data security. The research uncovered that agencies are using multiple Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) environments, as well as hundreds of SaaS applications.
While government agencies indicate being concerned about cloud security, the report shows that they seem more worried about issues owned by their cloud providers – such as security breaches– versus internal weaknesses including insider threats. Further, U.S. federal government respondents appear less concerned about issues they can directly control like encryption key management, which could actually lead to greater vulnerabilities.
Future threats: the impact of quantum computing is on the horizon
Data security is expected to become more difficult with the advent of quantum computing. The majority (78%) of U.S. federal government respondents see quantum cryptography affecting their organization within the next five years. Furthermore, nearly all (94%) reported they are concerned that quantum computing will create exposures for sensitive data.
Key takeaways for improving data security
Government agencies face expanding and more complex data security challenges. The following are IDC’s guidance and key takeaways to help them elevate their data security posture and evolve their security policies:
- Agency CISOs may need to serve as project champions.
- Foreign threats are an ongoing threat.
- Invest in modern, hybrid and multicloud-based data security tools that make the shared responsibility model work.
- Adopt a zero trust model.
- Increase focus on data discovery solutions and centralization of key management to strengthen data security.
- Prepare for quantum computing’s impact on cryptography.
- Focus on the right threat vectors.
- Data security solutions, especially encryption, are critical to remain vigilant against today’s data risk reality.
For more key findings and security best practices, download a copy of the 2020 Thales Data Threat Report – Federal Government Edition.
“Government IT security teams need to take a multi-layered approach to data security, from embracing cloud shared security responsibilities and adopting a zero trust access and data protection approach to security that authenticates and validates users and devices accessing applications and networks, while also employing more robust data discovery, hardening, data loss prevention and encryption solutions.”
Frank Dickson, program vice president, cybersecurity products, IDC
“The 2020 Thales Data Threat Report - Federal Government Edition gives us a valuable opportunity to get a deeper sense of challenges agencies face, especially when an unprecedented number of Americans have shifted to work from home. The good news is that federal agencies are embracing the cloud environment, which is crucial during times of crisis. Government agencies are taking security very seriously and they understand the expanding risk surface. However, agencies are not sufficiently investing in the technologies required to appropriately protect their sensitive data as data security still represents a small share of the overall security budget for U.S. federal government agencies."
Tina Stewart, vice president of global market strategy for cloud protection and licensing activity at Thales
Industry insight and views on the latest data security trends can be found on the Thales blog at https://cpl.thalesgroup.com/blog.