Some of the biggest technology trends in federal government also present the greatest security risks, according to a survey of IT executives from civilian and defense agencies.
Seventy-nine percent of 217 senior IT executives across federal government surveyed by the Ponemon Institute on behalf of software vendor CA viewed the growth in collaboration software applications as a security risk that increases the chance of confidential or sensitive information being compromised. Similarly, 52 percent of respondents said Web 2.0 applications such as social networking, messaging, blogging and wikis contribute to data breaches and botnet attacks that infiltrate computers with malicious code, and 63 percent of respondents saw the susceptibility of mobile devices to malware infections and network intrusion as contributing significantly to endpoint security risks.
"Many people are uncomfortable with the sheer amount of data that they're storing and transmitting," said Tim Brown, CA's chief security architect. "There's a big realization that the adversary has changed and is now attacking enterprises and agencies to steal critical information and take control of machines. The technology in government has not necessarily kept up with the nature of the threats."
The survey identified 10 security megatrends that respondents believe threaten sensitive and confidential data, core information systems and critical infrastructure. Among those trends are technologies gaining wide adoption by federal agencies, including cloud computing, virtualization, mobility, open source, and Web 2.0 tools that enhance information sharing and collaboration.
The increasing threats of cyber crime and terrorism, and data breaches are other trends that could significantly affect an organization's security posture, IT executives reported.
"Organizations are concerned about these issues and clearly trying to manage the threats; but in general, it wasn't clear whether some are better equipped to respond than others," said Larry Ponemon, chairman of the Ponemon Institute. You'd expect those that frequently deal with sensitive information, like intelligence agencies, would be well-equipped, but these problems are not necessarily skewed to one organization or federal department.
In most cases, secure implementation and best practices can reduce risks introduced by specific technologies. Controls should be put in place to alert computers' users when security policies are being violated, for example, and clouds that enable software sharing via the Internet should be internal clouds accessible only to federal agencies, or incorporate custom security controls to ensure the data maintained can't be compromised.
"They realize they need to get their house in order and enable sharing in a secure fashion," Brown said. "Technology has to be the enabler and if utilized correctly, can make [agencies] more secure."