Cloud computing has become a trending topic for federal CIOs in the last few years, according to Netwrix.
In response to the Obama administration’s cloud-first initiative announced in 2011, organizations have reduced the number of applications (such as email) hosted in government-owned data centers in favor of using cloud-based services. However, cloud adoption can be challenging for agencies, since hackers are constantly improving their techniques to compromise cloud environments.
This problem is more relevant than ever in light of the considerable increase in data breaches targeting federal and local government agencies, including the OPM, the NSA and the U.S. Navy.
Major cloud security trends in government industry
Agencies are skeptical of cloud migration because of security. 87% of government agencies in the U.S. are not ready to move their data to the cloud because of security issues. The major barriers that keep them from cloud adoption are concerns about unauthorized access and account hijacking (80%), the risk of losing control over data (60%), and issues associated with data backup and recovery (53%).
Insider misuse is the biggest concern. 40% of respondents believe they would not be able to enforce the required security policies on a cloud provider’s site. Even more organizations (80%) are worried about the activity of their own users in the cloud, holding that employees pose a bigger threat to data integrity than anyone else.
Government agencies appreciate cloud flexibility and cost-efficiency. Despite the documented concerns, 50% of respondents said that the cloud has improved the security of their systems and data. The key benefits that government agencies have realized through cloud adoption are higher availability of systems (70%), flexibility in resource utilization (50%) and cost savings (40%).
Visibility is the key to security. Regardless of the security mechanisms in place, IT systems are always vulnerable to malicious activities by insiders or external hackers. No wonder that 93% of government agencies agreed that visibility into user activity in the cloud is a basic component of security and business integrity.
“One of the toughest challenges for governments today is the need to protect highly sensitive data against culprits. Strengthening security is impossible without a deep understanding of what’s going on across all levels of the IT environment. Visibility combined with user behavior analytics can help government agencies validate security policies, increase user accountability and mitigate the risk of data loss, as well as become more confident about using cloud technologies,” said Michael Fimin, CEO of Netwrix.
Download for free the latest issue of SysAdmin Magazine, that covers cloud adoption and cloud security, among other topics.