2020 Data Threat Report: Federal government ahead of businesses when it comes to cloud adoption

  • Research shows government agencies potentially positioned for benefits in the cloud in the current remote workplace environment.
  • Cybersecurity remains a challenge as almost all respondents (99%) indicate they have some sensitive data in the cloud that is not encrypted.
  • The impact of quantum computing is on the horizon as more than three quarters (78%) of federal agencies surveyed see it affecting them in the next five years.

According to the 2020 Thales Data Threat Report – Federal Government Edition, the government is ahead of business with cloud adoption, but cybersecurity remains a challenge. Ahead of global organizations, U.S. federal government agencies have more than half (54%) of their data already stored in the cloud. The report also shows digital transformation (DX) is well underway with 68% of U.S. federal government agencies embedding digital capabilities in the enterprise and aggressively disrupting the services they provide, but this adds to security complexity and creates potential vulnerabilities.

The research report, now in its eighth year, focuses on findings from more than 100 U.S. federal government respondents, providing comparisons to non-U.S. governments and global organizations.

The federal government is quickly expanding technology use – trending at the right time

The new research confirms government agencies continue to expand use of a wide variety of technologies including cloud, mobile, and the Internet of Things (IoT) to transform their operations and improve constituent services. This is of particular interest at a time when remote working is at an all-time, unexpected high. In fact, the report showed that the U.S. federal government views itself as a DX leader relative to the rest of the world, as only 30% of non-U.S. government organizations identify as either aggressively disrupting their markets or embedding digital capabilities.

Government agencies have a high sense of data security; compliance still top of mind

U.S. federal government agencies report feeling more secure even as they push DX which creates additional data security complexity. Federal government respondents in the U.S. feel more secure than the global sample, with 71% feeling very or extremely secure, compared to two-thirds (66%) of the global sample and almost half (45%) of non-U.S. governments.

In addition, compliance continues to be top of mind as more than two-thirds (67%) of U.S. federal government respondents are moderately to extremely concerned with meeting compliance requirements when it comes to public cloud data security issues. Compliance requirements also was ranked as the third most important factor impacting IT security spending decisions for U.S. agencies.

Gaps in perception versus reality when it comes to security

The report reveals that agency beliefs are incongruent with the reality painted by survey results. Twenty-nine percent of respondents have been breached in the past year, a higher rate than the global sample (26%). Rates of data encryption are low: nearly all (99%) of U.S. government respondents say at least some of their sensitive data in the cloud is not encrypted. In addition, multi-cloud usage, which presents additional vulnerabilities, remains a top barrier to data security. The research uncovered that agencies are using multiple Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) environments, as well as hundreds of SaaS applications.

While government agencies indicate being concerned about cloud security, the report shows that they seem more worried about issues owned by their cloud providers – such as security breaches– versus internal weaknesses including insider threats. Further, U.S. federal government respondents appear less concerned about issues they can directly control like encryption key management, which could actually lead to greater vulnerabilities.

Future threats: the impact of quantum computing is on the horizon

Data security is expected to become more difficult with the advent of quantum computing. The majority (78%) of U.S. federal government respondents see quantum cryptography affecting their organization within the next five years. Furthermore, nearly all (94%) reported they are concerned that quantum computing will create exposures for sensitive data.

Key takeaways for improving data security

Government agencies face expanding and more complex data security challenges. The following are IDC’s guidance and key takeaways to help them elevate their data security posture and evolve their security policies:

  • Agency CISOs may need to serve as project champions.
  • Foreign threats are an ongoing threat.
  • Invest in modern, hybrid and multi-cloud-based data security tools that make the shared responsibility model work.
  • Adopt a zero-trust model.
  • Increase focus on data discovery solutions and centralization of key management to strengthen data security.
  • Prepare for quantum computing’s impact on cryptography.
  • Focus on the right threat vectors.
  • Data security solutions, especially encryption, are critical to remain vigilant against today’s data risk reality.

Frank Dickson, program vice president, cybersecurity products, IDC said, “Government IT security teams need to take a multi-layered approach to data security, from embracing cloud shared security responsibilities and adopting zero-trust access and data protection approach to security that authenticates and validates users and devices accessing applications and networks, while also employing more robust data discovery, hardening, data loss prevention and encryption solutions.”

For more key findings and security best practices, download a copy of the 2020 Thales Data Threat Report – Federal Government Edition.