Government IT Priorities: Security Reigns, Cloud Crawls - InformationWeek
Government // Leadership
01:40 PM

Government IT Priorities: Security Reigns, Cloud Crawls

Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud use, data center consolidation, and overall innovation.

Get the August issue of InformationWeek Government

If government ITprofessionals aren't getting much sleep these days, it's likely because they're more worried than ever about catastrophic cyber-security breaches.

In InformationWeek's 2014 Federal Government IT Priorities Survey, 70% of respondents said that cyber- and information security programs are "extremely important" at their agencies, making IT security the highest government IT priority. Another 24% said IT security is at least fairly important. Only 3% said security is "not important at all."

The survey also demonstrated that security is intensifying as the top government IT priority. In last year's survey, 67% of respondents stated that information security is extremely important.

But while our survey indicates that government agencies have a sharp eye on information security, they're falling behind in critical areas such as cloud, data center consolidation, and overall IT innovation.

Protecting Information Gets Complex
Beyond high-profile incidents like the Edward Snowden leaks of NSA documents, government IT pros are understandably troubled by the tens of thousands of cyber-attacks by foreign hackers on government systems and the new risks created by the proliferation of mobile devices. Another source of concern: unnoticed security breaches. A report issued earlier this year by Sen. Tom Coburn, R-Okla., found that nearly four in 10 intrusions into major civilian agency systems go undetected, posing a nightmare for IT managers.

"Information is the new weapon of choice," says one respondent to our survey, Joseph Reddix, CEO of the Reddix Group in Hanover, Md., which supplies IT project management and capital planning services to federal agencies. "When information is weaponized, you're in trouble. Information technology is about information, and it really should be about secure information."

But protecting information is becoming increasingly complicated. "If a foreign national stole plans for the F-35 [fighter plane], which is made in 40-plus different states," Reddix explained, "you only need one part to go bad to cause some big problems. And considering the planes cost $300 [million] to $400 million each, that's an awful lot of money. It can be extremely costly when there's a security breach."

Managers have to take a defense-in-depth approach, embracing the notion that systems are more secure when their various components are protected individually. Reddix says defense in depth should start with two-factor authentication, whereby each user employs security tokens combined with a password or a question/answer to gain access to information. Such a layered security approach makes it impossible to breach an entire system by cracking one password.

At the same time, securing information as it becomes more mobile and "intrinsic to everybody's life" is a growing challenge, Reddix says. As devices proliferate across the government and among consumers, so do the number and complexity of threats. In a mobile security study published last September, the Government Accountability Office reported that the number of variants of malware aimed at mobile devices had risen from about 14,000 to 40,000, or about 185%, in the last year.

Security Comes First
Responses to another question in InformationWeek's 2014 Federal Government IT Priorities Survey reflect federal IT's rising concerns about security. Asked to what degree their agencies are pursuing the government's major IT initiatives, respondents put trusted Internet connections (27%), identity management (20%), and continuous monitoring (13%) in the "very aggressively" category. Continuous monitoring and identity management moved up the list compared with last year's survey, when they were ranked fourth and fifth, respectively.

But the fact that information security ranked ahead of other government IT programs isn't surprising.

Next Page

Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 15 years. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
7/23/2014 | 6:45:52 PM
Re: Unsurprising, but ironic
Amidst the budget challenges, IT security in cloud should be a priority nonetheless. I can understand the security and privacy concern. In this day and age from what we see across other sectors with password and data breaches, government IT is just as vulnerable.
User Rank: Strategist
7/22/2014 | 11:00:25 PM
Re: Unsurprising, but ironic
You're right. There is a huge problem with the lack of cloud-ready IT people. There's a great infographic here:

that outlines the cloud skills gap and how people really need to be educated to manage and support cloud services. Still, I am surprised at the lack of implementation given the Cloud First policy.



User Rank: Ninja
7/22/2014 | 1:13:49 PM
Re: Unsurprising, but ironic
It's interesting to see how much priority the government puts on data loss and identity management, which considering the shortage in IT security talent, means there is still a way to go to ensure they are meeting the same standards of private companies.  Considering the large amount of sensitive information that these agencies are dealing with, it's surprising that this isn't higher on their budget priority lists.
Lorna Garey
Lorna Garey,
User Rank: Author
7/21/2014 | 3:50:02 PM
Unsurprising, but ironic
Security is top of mind for everyone -- that's a given. However, the way agencies lag behind private-sector enterprises in public cloud use is feeding that security pain. Multiple studies show there are not enough top-tier security pros to go around. They are expensive. Government agencies are budget-constrained, and are competing with cloud providers for that talent. They won't win.  
Register for InformationWeek Newsletters
White Papers
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll