Government // Leadership
News
7/21/2014
01:40 PM
50%
50%

Government IT Priorities: Security Reigns, Cloud Crawls

Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud use, data center consolidation, and overall innovation.

Get the August issue of InformationWeek Government

If government ITprofessionals aren't getting much sleep these days, it's likely because they're more worried than ever about catastrophic cyber-security breaches.

In InformationWeek's 2014 Federal Government IT Priorities Survey, 70% of respondents said that cyber- and information security programs are "extremely important" at their agencies, making IT security the highest government IT priority. Another 24% said IT security is at least fairly important. Only 3% said security is "not important at all."

The survey also demonstrated that security is intensifying as the top government IT priority. In last year's survey, 67% of respondents stated that information security is extremely important.

But while our survey indicates that government agencies have a sharp eye on information security, they're falling behind in critical areas such as cloud, data center consolidation, and overall IT innovation.

Protecting Information Gets Complex
Beyond high-profile incidents like the Edward Snowden leaks of NSA documents, government IT pros are understandably troubled by the tens of thousands of cyber-attacks by foreign hackers on government systems and the new risks created by the proliferation of mobile devices. Another source of concern: unnoticed security breaches. A report issued earlier this year by Sen. Tom Coburn, R-Okla., found that nearly four in 10 intrusions into major civilian agency systems go undetected, posing a nightmare for IT managers.

"Information is the new weapon of choice," says one respondent to our survey, Joseph Reddix, CEO of the Reddix Group in Hanover, Md., which supplies IT project management and capital planning services to federal agencies. "When information is weaponized, you're in trouble. Information technology is about information, and it really should be about secure information."

But protecting information is becoming increasingly complicated. "If a foreign national stole plans for the F-35 [fighter plane], which is made in 40-plus different states," Reddix explained, "you only need one part to go bad to cause some big problems. And considering the planes cost $300 [million] to $400 million each, that's an awful lot of money. It can be extremely costly when there's a security breach."

Managers have to take a defense-in-depth approach, embracing the notion that systems are more secure when their various components are protected individually. Reddix says defense in depth should start with two-factor authentication, whereby each user employs security tokens combined with a password or a question/answer to gain access to information. Such a layered security approach makes it impossible to breach an entire system by cracking one password.

At the same time, securing information as it becomes more mobile and "intrinsic to everybody's life" is a growing challenge, Reddix says. As devices proliferate across the government and among consumers, so do the number and complexity of threats. In a mobile security study published last September, the Government Accountability Office reported that the number of variants of malware aimed at mobile devices had risen from about 14,000 to 40,000, or about 185%, in the last year.

Security Comes First
Responses to another question in InformationWeek's 2014 Federal Government IT Priorities Survey reflect federal IT's rising concerns about security. Asked to what degree their agencies are pursuing the government's major IT initiatives, respondents put trusted Internet connections (27%), identity management (20%), and continuous monitoring (13%) in the "very aggressively" category. Continuous monitoring and identity management moved up the list compared with last year's survey, when they were ranked fourth and fifth, respectively.

But the fact that information security ranked ahead of other government IT programs isn't surprising.

Next Page

Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 15 years. View Full Bio

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MDMConsult14
50%
50%
MDMConsult14,
User Rank: Moderator
7/23/2014 | 6:45:52 PM
Re: Unsurprising, but ironic
Amidst the budget challenges, IT security in cloud should be a priority nonetheless. I can understand the security and privacy concern. In this day and age from what we see across other sectors with password and data breaches, government IT is just as vulnerable.
kbannan100
50%
50%
kbannan100,
User Rank: Strategist
7/22/2014 | 11:00:25 PM
Re: Unsurprising, but ironic
You're right. There is a huge problem with the lack of cloud-ready IT people. There's a great infographic here: 

http://bit.ly/1pkao0O

that outlines the cloud skills gap and how people really need to be educated to manage and support cloud services. Still, I am surprised at the lack of implementation given the Cloud First policy.

--KB

Me: bit.ly/1iMdSE5  

 
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
7/22/2014 | 1:13:49 PM
Re: Unsurprising, but ironic
It's interesting to see how much priority the government puts on data loss and identity management, which considering the shortage in IT security talent, means there is still a way to go to ensure they are meeting the same standards of private companies.  Considering the large amount of sensitive information that these agencies are dealing with, it's surprising that this isn't higher on their budget priority lists.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
7/21/2014 | 3:50:02 PM
Unsurprising, but ironic
Security is top of mind for everyone -- that's a given. However, the way agencies lag behind private-sector enterprises in public cloud use is feeding that security pain. Multiple studies show there are not enough top-tier security pros to go around. They are expensive. Government agencies are budget-constrained, and are competing with cloud providers for that talent. They won't win.  
2014 US Salary Survey: 10 Stats
2014 US Salary Survey: 10 Stats
InformationWeek surveyed 11,662 IT pros across 30 industries about their pay, benefits, job satisfaction, outsourcing, and more. Some of the results will surprise you.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.