Nick Jovanovic | VP, federal, for cloud protection and licensing activity at Thales
Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity. Most federal security issues are a result of well-known long-standing vulnerabilities that agencies have not addressed. These vulnerabilities can span from limited use of data encryption to the abuse of privileged user policies. However, modernization and transformative technologies are creating new vulnerabilities resulting in data breaches. Security measures continue to be more reactive than proactive.
Our annual Thales Data Threat Report-Federal Edition, released today, found that 98% of federal agencies are storing sensitive data within a digitally transformative environment. Taking the leap into these technologies may feel like the right direction, but only 30% of those using emerging environments are taking proper steps to encrypt and protect the data. As concerns over data misuse have grown and the public is more aware, federal agencies are leaving themselves open to potentially damaging attacks, more costly than the security measures that would protect against them.
The Future is Multi-cloud
The cloud, arguably not an “emerging” technology, has picked up more speed as a digitally transformative environment for government agencies. While most agencies have used cloud-based storage, the increasing adoption of multi-cloud systems is becoming more prevalent. Multi-cloud environments include cloud storage from more than one vendor, such as AWS and Azure for example.
Our 2019 federal report found that 78% of respondents were using sensitive data in a cloud environment. Specifically, 66% of respondents have 26 or more Software-as-a-Service (SaaS) applications, 52% have three or more Infrastructure-as-a-Service (IaaS) applications and 41% have three or more Platform-as-a-Service (PaaS) applications. It comes as no surprise that 43%, almost half, perceive complexity as the top barrier to deploying data security.
Data Breaches aren’t Slowing Down
Government agencies are reporting breaches at a steady rate with 60% of respondents admitting that they have encountered a breach. Despite 35% of the breaches occurring in the past year alone, breach prevention is at the bottom of the IT security spending list. In fact, the bottom three security spending priorities are managing previous data breaches (30%), addressing compliance/privacy requirements (27%) and avoiding data breach penalties (24%). The problem? The perception of solid security being too difficult to manage. Furthermore, over 80% of agencies feel they are already vulnerable to a data breach.
Regulations Stoke the Flames
With New York’s CISO regulation, California’s Internet of Things (IoT) law and Europe’s General Data Protection Regulation (GDPR), the future of big data looks to be massively regulated. Roughly 25% of agencies indicated that they have failed a compliance audit in the last year. To combat sustained compliance failure more than half of respondents intend to implement encryption and tokenization as their strategies to assuage compliance concerns.
Despite the lack of encryption technology currently in use across the federal government, there appears to be a hunger to implement standard security practices. As digital transformations expand the number and position of attack vectors, the layers of security must expand and be repositioned to address the needs of the client. As a result, agencies require flexible, consolidated security platforms that will enable them to manage greater amounts of complexity, spanning legacy on-premises as well as cloud-based and edge-oriented technologies.
For more key findings and security best practices, download a copy of the new 2019 Thales Data Threat Report - Federal Edition. Thales also will host a webinar on Thursday, May 30 at 2:00 PM ET about “The Changing Landscape of Data Security for U.S. Federal Agencies.” To join, please visit the registration page.