Government IT Priorities: Security Reigns, Cloud Crawls - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Leadership

Government IT Priorities: Security Reigns, Cloud Crawls

Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud use, data center consolidation, and overall innovation.

Get the August issue of InformationWeek Government

If government ITprofessionals aren't getting much sleep these days, it's likely because they're more worried than ever about catastrophic cyber-security breaches.

In InformationWeek's 2014 Federal Government IT Priorities Survey, 70% of respondents said that cyber- and information security programs are "extremely important" at their agencies, making IT security the highest government IT priority. Another 24% said IT security is at least fairly important. Only 3% said security is "not important at all."

The survey also demonstrated that security is intensifying as the top government IT priority. In last year's survey, 67% of respondents stated that information security is extremely important.

But while our survey indicates that government agencies have a sharp eye on information security, they're falling behind in critical areas such as cloud, data center consolidation, and overall IT innovation.

Protecting Information Gets Complex
Beyond high-profile incidents like the Edward Snowden leaks of NSA documents, government IT pros are understandably troubled by the tens of thousands of cyber-attacks by foreign hackers on government systems and the new risks created by the proliferation of mobile devices. Another source of concern: unnoticed security breaches. A report issued earlier this year by Sen. Tom Coburn, R-Okla., found that nearly four in 10 intrusions into major civilian agency systems go undetected, posing a nightmare for IT managers.

"Information is the new weapon of choice," says one respondent to our survey, Joseph Reddix, CEO of the Reddix Group in Hanover, Md., which supplies IT project management and capital planning services to federal agencies. "When information is weaponized, you're in trouble. Information technology is about information, and it really should be about secure information."

But protecting information is becoming increasingly complicated. "If a foreign national stole plans for the F-35 [fighter plane], which is made in 40-plus different states," Reddix explained, "you only need one part to go bad to cause some big problems. And considering the planes cost $300 [million] to $400 million each, that's an awful lot of money. It can be extremely costly when there's a security breach."

Managers have to take a defense-in-depth approach, embracing the notion that systems are more secure when their various components are protected individually. Reddix says defense in depth should start with two-factor authentication, whereby each user employs security tokens combined with a password or a question/answer to gain access to information. Such a layered security approach makes it impossible to breach an entire system by cracking one password.

At the same time, securing information as it becomes more mobile and "intrinsic to everybody's life" is a growing challenge, Reddix says. As devices proliferate across the government and among consumers, so do the number and complexity of threats. In a mobile security study published last September, the Government Accountability Office reported that the number of variants of malware aimed at mobile devices had risen from about 14,000 to 40,000, or about 185%, in the last year.

Security Comes First
Responses to another question in InformationWeek's 2014 Federal Government IT Priorities Survey reflect federal IT's rising concerns about security. Asked to what degree their agencies are pursuing the government's major IT initiatives, respondents put trusted Internet connections (27%), identity management (20%), and continuous monitoring (13%) in the "very aggressively" category. Continuous monitoring and identity management moved up the list compared with last year's survey, when they were ranked fourth and fifth, respectively.

But the fact that information security ranked ahead of other government IT programs isn't surprising.

Next Page

Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 15 years. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
7/21/2014 | 3:50:02 PM
Unsurprising, but ironic
Security is top of mind for everyone -- that's a given. However, the way agencies lag behind private-sector enterprises in public cloud use is feeding that security pain. Multiple studies show there are not enough top-tier security pros to go around. They are expensive. Government agencies are budget-constrained, and are competing with cloud providers for that talent. They won't win.  
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll