Government battling legacy systems, spending and staffing issues
Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, Federal Edition, issued in conjunction with analyst firm 451 Research. When it comes to data breaches, 34% of federal respondents experienced a data breach in the last year and 65% experienced a data breach in the past. Almost all (96%) consider themselves ‘vulnerable’, with half (48%) stating they are ‘very’ or ‘extremely’ vulnerable. This number is higher than any other U.S. vertical polled for the 2017 report.
Click to Tweet: 34% of U.S. federal IT pros say agency breached in last 12 months #2017DataThreat http://bit.ly/2oiJhuK
IT security staffing and spending playing a role
Sixty-one percent of U.S. federal respondents are increasing security spending this year – up from last year’s 58% figure. But when compared to other industries this number is markedly lower (81% of healthcare respondents, 77% of retail respondents and 78% of financial services respondents claim to have increased spending). The federal spending figure may explain why 53% of federal respondents cite lack of budget and lack of staff (also 53%) as the top reasons for data insecurity.
Garrett Bekker, principal analyst for Information Security at 451 Research says:
“The U.S. federal government is racing to boost data security against odds not generally faced in the private sector today. A major challenge in securing the far-flung systems in the U.S. federal government is the plethora of aging legacy systems still in place, with one example being a 53 year-old Strategic Automated Command and Control System at the Department of Defense that coordinates U.S. nuclear forces and uses 8-inch floppy disks. In short, this ‘perfect storm’ of very old systems, tight budgets, and being a prime cyber-crime target has created a stressful environment.”
Advanced technologies – and the role of encryption in protecting them
Pressures to use advanced technologies (cloud, Big Data, IoT, and containers) are only making the problem worse. While 92% of federal respondents will use sensitive data in an advanced technology environment this year, 71% of federal respondents believe this will occur without proper security in place.
On a positive note, encryption is cited as the top data security control (60%) for ensuring data privacy and enabling digital transformation through the use of advanced technologies. Additionally, 73% of respondents would increase their cloud service deployments if offered data encryption in the cloud (with federal agencies maintaining control of the keys). Sixty-three percent of respondents also list data encryption as the first choice for enabling further IoT deployments, and 55% cite encryption as the top security control for increasing container adoption.
Peter Galvin, VP of strategy, Thales says:
“U.S. federal agencies are fighting an uphill data security battle. In addition to the issues cited, the federal sector has one of the most hopeful views of compliance, with 64% of respondents viewing it as ‘very’ or ‘extremely’ effective in preventing data breaches. As the breach count rises, it’s fair to question whether meeting compliance mandates are enough. There is encouraging news, however. Like their private sector peers, public sector IT employees are clearly interested in digital transformation through the use of new technologies. This innovation is admirable, but it must be paired with increased data security.”
Federal government agencies looking to existing legacy data sources while also taking advantage of advanced technologies should strongly consider:
- Deploying security tool sets that offer services-based deployments, platforms and automation;
- Discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
- Leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies
Please download a copy of the new 2017 Thales Federal Report for more detailed security best practices.