Thales: 34% of U.S. Federal Government Agencies Experienced Data Breach in Last Year
Government battling legacy systems, spending and staffing issues
Sixty-one percent of U.S. federal respondents are increasing security spending this year – up from last year’s 58 percent figure. But when compared to other industries this number is markedly lower (81 percent of healthcare respondents, 77 percent of retail respondents and 78 percent of financial services respondents claim to have increased spending). The federal spending figure may explain why 53 percent of federal respondents cite lack of budget and lack of staff (also 53 percent) as the top reasons for data insecurity.
“The U.S. federal government is racing to boost data security against odds not generally faced in the private sector today. A major challenge in securing the far-flung systems in the U.S. federal government is the plethora of aging legacy systems still in place, with one example being a 53 year-old Strategic Automated Command and Control System at the Department of Defense that coordinates U.S. nuclear forces and uses 8-inch floppy disks. In short, this ‘perfect storm’ of very old systems, tight budgets and being a prime cyber-crime target has created a stressful environment.”
Advanced technologies – and the role of encryption in protecting them
Pressures to use advanced technologies (cloud, Big Data, IoT, and containers) are only making the problem worse. While 92 percent of federal respondents will use sensitive data in an advanced technology environment this year, 71 percent of federal respondents believe this will occur without proper security in place.
On a positive note, encryption is cited as the top data security control (60 percent) for ensuring data privacy and enabling digital transformation through the use of advanced technologies. Additionally, 73 percent of respondents would increase their cloud-service deployments if offered data encryption in the cloud (with federal agencies maintaining control of the keys). Sixty-three percent of respondents also list data encryption as the first choice for enabling further IoT deployments, and 55 percent cite encryption as the top security control for increasing container adoption.
Peter Galvin, VP of strategy, Thales e-Security says:
“U.S. federal agencies are fighting an uphill data-security battle. In addition to the issues cited, the federal sector has one of the most hopeful views of compliance, with 64 percent of respondents viewing it as ‘very’ or ‘extremely’ effective in preventing data breaches. As the breach count rises, it’s fair to question whether meeting compliance mandates are enough. There is encouraging news, however. Like their private sector peers, public sector IT employees are clearly interested in digital transformation through the use of new technologies. This innovation is admirable, but it must be paired with increased data security.”
Federal government agencies looking to existing legacy data sources while also taking advantage of advanced technologies should strongly consider:
- deploying security tool sets that offer services-based deployments, platforms and automation;
- discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
- leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies.
Please download a copy of the new 2017 Thales Federal Report for more detailed security best practices.
Industry insight and views on the latest key-management trends can be found on the Thales e-Security blog at blog.thalesesecurity.com.
About Thales e-Security
Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 64,000 employees in 56 countries, Thales reported sales of €14.9 billion in 2016. With over 25,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.
Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market. The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.
Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and Hong Kong.