The State of Data Security in the Federal Government

Just_Super/iStock.com

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now
By Lloyd Mitchell,
President, Thales Trusted Cyber Technologies

By Lloyd Mitchell

|

Most agencies don’t have a solid grasp of what data they have or where it is located.

Despite substantial annual spending on federal cybersecurity, breaches are still being reported at a disturbingly high rate. Nearly half of U.S. federal government respondents in the 2021 Thales Data Threat Report noted they have experienced a security breach at some point, and of these, 47% said they had experienced a breach in the last 12 months. While not every breach is the size and scale of the now infamous SolarWinds attack of last year, this rate is disturbing. Clearly, as attackers get better at their job, it gets harder for security professionals to do theirs. 

The Federal Edition of the 2021 Thales Data Threat Report looked at various aspects of data management and security in a wide-ranging survey of more than 2,600 security professionals and executive leaders, including 100 from U.S. federal agencies. Here are a few important takeaways to help illustrate the severity and scope of today’s cyberattacks. These are noteworthy given the recent White House Executive Order to Improve the Nation’s Cybersecurity.

Understanding where data resides

Most agencies don’t have a solid grasp of what data they have or where it is located. In fact, just over one-fourth (28%) of federal respondents have full knowledge of where their data is stored, and just one-third (33%) claimed to be able to fully classify their data. You cannot protect your sensitive data if you do not know where it is. Dedicating time and resources to discover and classify data is essential in order to apply the relevant measures to protect it.

Increased cloud migration

2020 was the year of accelerated digital transformation. Roughly one-quarter (29%) of federal respondents now store more than half of their data in the cloud, and 57% of respondents indicated that 31-50% of the data that is stored in an external cloud is sensitive. However, cloud migration has proven to scale at a much faster rate than encryption. Only 15% of respondents stated that more than half of their sensitive data stored in the cloud is encrypted. This is alarming given that encryption is a key element of the White House executive order. Part of the reason may be that encryption and key management can be complex, and skilled personnel with both cloud platform and security expertise are in high demand. For all of their many benefits, cloud computing and hybrid environments have also layered on considerable complexity—and complexity is oftentimes the enemy of good security.

A tangled web of key management systems

Another common challenge is the web of key management systems. The survey found that the largest percentage (41%) of federal agencies currently employ between five and seven separate key management products, while a small number (9%) have as many as 8-10 key management products. These typically include a mix of key management software, hardware security modules (HSMs), homegrown solutions, and spreadsheets or flat files. While having a complex management system prevents organizations from knowing exactly where everything is stored, it is also costly and complex for IT organizations to protect data using multiple encryption technologies across disparate data silos. Centralizing management ensures keys are secure and always provisioned to authorized encryption services.

Moving forward 

The eye-opening statistics from the 2021 Thales Data Threat Report demonstrate that modern cybersecurity requires a mindset shift in which security is implicitly attached to data and the users who need to access it. If we don’t change the game, federal agencies will continue to suffer from continuous data breach attacks that have far and wide implications—including financial. We must empower our federal government to protect data at every turn, and in the event of an attack, ensure alerts are raised immediately, whether it’s malware, ransomware or a phishing campaign.

The good news is that secure data storage and encryption is on the horizon for federal agencies. The recent executive order is the first full acknowledgement of the necessary mindset shift at the national level. By mandating the use of encryption and multi-factor authentication, it puts the focus on what matters most: data and identities. At the end of the day, security needs to be designed around both the data, with end-to-end encryption, and the users, through multi-factor authentication. The federal government should accept nothing less to secure their data and operations.

Lloyd Mitchell is the president of Thales Trusted Cyber Technologies.

NEXT STORY: Low- and Middle-Income Countries Lack Access to Big Data Analysis – Here’s How to Fill the Gap

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.