The very bodies that should set an example in protecting sensitive data are the same ones that are failing to comply with existing standards, new research indicates.
As government agencies embrace new technologies, they are struggling to implement proper data security, with 80% of agencies feeling “vulnerable,” and more than a third feeling “extremely vulnerable.”
A Thales survey shows that almost all (98%) of federal agencies are using sensitive data within digital transformation technology environments, including cloud, big data, mobile payments, social media, containers, blockchain and Internet of Things (IoT) solutions. However, less than a third of respondents are using encryption within these environments, even though encryption is heralded as the cornerstone for securing sensitive data, the report notes.
Government agencies are progressively moving to multi-cloud environments as part of their digital transformation efforts. 66% of respondents have 26 or more Software-as-a-Service (SaaS) applications, 52% have three or more Infrastructure-as-a-Service (IaaS) applications and 41% have three or more Platform-as-a-Service (PaaS) applications. 78% are storing and managing sensitive data in the cloud. Unsurprisingly, many agencies cite “complexity” as the main barrier to deploying adequate data protection safeguards.
The results are even more worrying considering that over half (60%) of agencies have suffered a breach and more than a third (35%) have been the target of an attack in the past year. According to the report, the bottom three security spending priorities are managing previous data breaches (30%), addressing compliance/privacy requirements (27%) and avoiding data breach penalties (24%). Furthermore, a quarter of agencies failed a compliance audit last year.
With prevention at the bottom of the spending priority list, government agencies are ill equipped to fend off adversaries who are increasingly targeting large organizations, including (more recently) critical infrastructures.