The number of public sector organizations that are ready to implement a cloud-first strategy or move their entire infrastructures to the cloud has decreased by almost 20% since 2018, according to Netwrix.
In fact, only 32% of government organizations would consider implementing a cloud-first strategy, and only 20% would consider becoming 100% cloud. The main reason they cited is lack of resources: 92% of IT teams didn’t receive a budget increase for cloud security in 2019, and 50% of them say they have no financial support when it comes to dealing with cloud security issues.
Other findings revealed by the research include:
- The majority of government organizations store personally identifiable information (PII) of employees and citizens in the cloud (69% and 62%, respectively). Their chief reasons for moving sensitive data to the cloud are cost efficiency (31%), availability for remote workers (28%) and security concerns (21%).
- 28% of government organizations had at least one security incident in the past 12 months. These organizations have two things in common: none of them classified all data they stored in the cloud, and all of them stored all their sensitive data in the cloud. What is even more disturbing, 59% of organizations couldn’t determine whether the incidents they suffered were caused by external threat actors or insiders.
- The majority of organizations plan to strengthen data security in the cloud by encrypting data (61%) and improving data access management (55%). However, not all IT teams receive sufficient budget to support these initiatives: only 8% saw their cloud security budgets increase in 2019. However, those lucky few reported quite a substantial budget increase, which averaged 80%.
- One quarter of organizations that store all their sensitive data in the cloud would consider moving some or all of back on premises. The key reasons to uncloud include high costs (43%), inability to ensure security (29%) and lack of control (14%). They would start by migrating the data of citizens (29%), payment data (29%) and healthcare data (29%).
“Despite initiatives like the Federal Cloud Computing Strategy, many organizations are cautious about using the cloud due to the lack of sufficient budget to ensure controls are in place to protect their data.
“Public sector organizations need to understand what data they have in the cloud and ensure they can classify it according to its level of sensitivity. This approach will enable them to prioritise their cybersecurity efforts and choose appropriate controls within their budgets to keep critical data safe,” said Steve Dickson, CEO of Netwrix.
“Government CIOs demonstrate clear vision in the potential for digital government and its emerging technologies, but fully 45% report they lack the IT and business resources required to execute. Cultural challenges further stagnate progress.” — Gartner, “2019 CIO Agenda: A Government Perspective,” by Alia Mendonsa and Cathleen Blanton, March 29, 2019.