94% of Government Agencies Now Use the Cloud, But Security is a Growing Concern
Driven in part by the Obama Administration’s 2011 Cloud First Initiative, and the rollout of services by Amazon Web Services and Microsoft Azure, adoption among government agencies is now extremely high. But that doesn’t mean it’s secure, as a survey of government agencies by Netwrix has found
A survey of government agencies across North America, Asia Pacific and Europe has found that 94% are now using cloud technology to store sensitive data, but security has not kept pace.
"The survey showed that governments are determined to use cloud services more actively,” says Steve Dickson, CEO of Netwrix. “Many factors are driving this cloud adoption, from the need for IT modernisation to the desire for more innovation to the promise of cost savings. However, cloud security remains a weak spot for government agencies.”
In fact, almost a third of government agencies said they felt the introduction of cloud services had worsened their overall security.
Impact of Cloud Adoption on the Overall Security of IT Infrastructure
Of particular concern was the prospect of sensitive data being accessed by unauthorised individuals, as well as the fact that the behaviour of employees was not possible to adequately monitor.
“Many [government agencies] see unauthorised access to data as the main security concern, and the lack of visibility into the activities of business users and IT staff complicates threat mitigation,” says Dickson. “Until agencies make cloud security their top priority, this issue will remain unresolved.”
Top Cloud Security Concerns
However, despite many of the biggest data breaches being in part the result of employee behaviour, government agencies appear to be under-rating this threat, placing it behind external actors. Given the use of compromised credentials, Netwrix believes this should be a priority for such organisations.
Biggest Perceived Security Risks
Despite concerns, government agencies are generally planning to increase their use of the cloud in the coming years, with almost a quarter intending to move more sensitive data to the cloud, and 40% intending to transfer their entire infrastructure to the cloud.
Government Agencies Future Plans for Cloud Adoption
But while this may be seen as a problem, James Brown, EMEA vice president at Alert Logic, argues that it can be achieved with robust security.
“If approached correctly the cloud can deliver great security benefits, but if you use your existing tools and processes for security, you can actually reduce the levels of security when moving to the cloud; this seems to be reflected in the report,” says Brown.
"One of the biggest difficulties for security professionals is the speed of change that can be achieved in the cloud, and often a breakdown in the traditional processes or new tools that are used to enact that change. With this great agility and power of the cloud, comes great responsibility. Just as it is easy for a developer to make data public in the cloud, it is just as easy to write checks to stop it happening. However, the security world is lagging behind. The greater benefits for security lie in automating the checks and balances that traditionally were done with checklists and procedures."