Digital transformation is putting government data at risk
The push towards digital transformation in the US government is putting sensitive data at risk, according to a new report from data protection specialist Thales.
Almost all (98 percent) of respondents from federal agencies report that they are using sensitive data within digital transformation technology environments. Yet, less than a third of respondents are using data encryption within these environments.
The report finds that agencies continue to move to multi-cloud environments as part of their digital transformation efforts with 78 percent of respondents using sensitive data in the cloud. Specifically, 66 percent of respondents have 26 or more Software-as-a-Service (SaaS) applications, 52 percent have three or more Infrastructure-as-a-Service (IaaS) applications and 41 percent have three or more Platform-as-a-Service (PaaS) applications. It’s not surprising then that 43 percent perceive complexity as the top barrier to deploying data security.
"In many cases, security problems arise from well-known, long-standing vulnerabilities that agencies have not addressed, including limited use of data encryption and the abuse of privileged user policies," says Nick Jovanovic, VP, federal, Thales Cloud Protection & Licensing. "Modernization and transformation efforts can create new vulnerabilities that result in data breaches, with security measures often being applied after the fact. As such, agencies need platforms that help them to better manage these environments and enable protection down to the data layer."
Although 60 percent of respondents have encountered a data breach and 35 percent have had one during the past year, prevention is at the bottom of the IT security spending priority list. The bottom three security spending priorities include managing previous data breaches (30 percent), addressing compliance/privacy requirements (27 percent) and avoiding data breach penalties (24 percent). What’s more, over 80 percent of agencies are feeling vulnerable, with more than a third feeling extremely vulnerable.
What's also worrying given the raft of new privacy regulations is that roughly a quarter of government agencies indicate that they failed a compliance audit in the last year.
The full report is available to download from the Thales site.