Digital transformation is driving IT modernization, IoT, and cloud migrations at a record pace in the federal government. The ability to narrow the gap between taking advantage of digital transformation without compromising security was a reoccurring theme at our 2019 annual Data Security Summit on May 1. The roundtable, including more than a dozen IT and cyber leaders from government and industry, explored the business drivers, challenges and evolving strategies around cybersecurity in government. The discussion was wide ranging, but repeatedly came back to the necessity of data security.
Under the rules of the roundtable, the content of the discussion was not for individual attribution, except for two formal presentations that set the stage. Below are six take-aways that encapsulate the essence of the discussion:
- Our 2019 Thales Data Threat Report- Federal Edition illustrates that the federal government continues to be under attack! Sixty percent of agencies have been breached and 35% of agencies were breached last year--with 14% of those being breach year over year over year. Take those statistics and consider the rapid evolution of digital transformation and cloud adoption and the new complexities they add. Without question, the data landscape continues to expand with limited resources and expertise. The good news is that security vendors (such as ourselves here at Thales) can be relied upon to provide state-of-the-art data centric security methods that ensure you can expand your data landscape without taking on more risk.
- Digital transformation is accelerating the pace at which new technologies are being adopted. While digital transformation increases our agility to adapt mission-critical initiatives and take advantage of faster time to deployment, it also comes with risks. Federal agencies must realize that it can be difficult to narrow the risk exposure at the cost of rapid digital transformations.
- IT modernization and cloud migrations of legacy systems are already putting our infrastructures and application stacks in a much stronger security posture. The ability to take advantage of containers, SaaS, and orchestration is astronomically increasing our ability to react when security patches, flaws, holes, etc. are discovered. This greater security posture happens automatically with updated environments but that still is not enough! We must continue the trend from network-centric security approaches to data-centric ones. Speaking of data-centric approaches, it’s worth noting that this becomes more complicated when migrating to a multi-cloud environment.
- Security policies that work in the agency data center do not transition to multi-cloud approaches. Cloud vendors offer their own recipes for authentication, encryption and key management, but lack of resources and expertise can make it challenging to craft new security policies that govern all. When it comes to these migrations, the data-centric approach is the only way to ensure you are not only protecting your data but have optics into your environment in case an “intent of compromise” event occurs.
- IoT is forever changing the boundaries of the perimeter. IoT devices are multiplying at an alarming rate. However, the challenge with IoT devices is that they are difficult to protect. They typically do not provide encryption, seamless upgrades for flaws and updates, or optics. And while IoT continues to generate more data then imaginable, how do we take advantage of what IoT has to offer without increasing risk? It’s also important to take into consideration that every IoT device is a new IP connection that will always be a hackable entry point into any network.
- Although the data landscape continues to evolve whether that be via cloud or digital transformation, we must continue to consider our options to protect that data no matter where it resides. Data growth will continue to skyrocket...and so will the concerted efforts of cyberterrorists and cybercriminals as our 2019 Data Threat Report-Federal Edition illustrates. We must continue to find ways to protect data through encryption with access controls, key management and tight security policies.
For more key findings and security best practices, download a copy of the new 2019 Thales Data Threat Report -- Federal Edition. Thales also will host a webinar on Thursday, May 30 at 2:00 PM ET about “The Changing Landscape of Data Security for U.S. Federal Agencies.” To join, please visit the registration page.