Government agencies are under pressure to implement 24/7 monitoring of IT networks and user activity to better detect and respond to threats, and continuous monitoring of technical controls is once again the top security priority for the year. One way to magnify monitoring capabilities is through the use of a Security Operations Center (SOC), an approach that more than half of public sector respondents have adopted.
Also at the top of the agenda is improving security of cloud computing, which has been embraced by the majority of respondents—often without a cloud security strategy in place. And it makes sense that, as more than three-quarters of agencies say they allow employees to use smartphones and tablets, security for mobile devices is also an imperative.
As consumers and third-party partners become more concerned about how their sensitive data is gathered and shared—and global governments dial up scrutiny of how information is used across borders—data privacy has become an increasingly critical requirement for the public sector. Respondents say they plan to address several privacy initiatives over the next 12 months, with an emphasis on privacy training and awareness.
Many public sector respondents are also preparing for the increased privacy requirements that the Internet of Things (IoT) will bring. This year, 40% of respondents say they are investing in security for the Internet of Things, and 52% of agencies say they have an IoT security strategy in place or are currently implementing one.
Government organizations are pivoting toward a model of cybersecurity and privacy that can both protect and enable the agency. This approach is built upon a range of technologies that can be interconnected in the cloud, including solutions like proactive monitoring and analysis of security intelligence, Big Data analytics, and biometrics for advanced authentication.
Not all components are cutting edge, however. More than a third of respondents say they are using open-source software, which has been around for decades, in place of traditional enterprise software and middleware. Among agencies that have embraced open-source, 42% say the technology has improved their cybersecurity and privacy program.
Today, the majority of public sector agencies employ cloud computing, with a private cloud the most commonly implemented platform. As the cloud becomes increasingly secure, organizations are also running more sensitive workloads and data in the cloud, including operations and finance. To secure workloads and data in the cloud, most agencies say they use encryption, identity access and authentication.
What’s more, 51% of government agencies employ cloud-based managed security services to help integrate, manage and improve cybersecurity and privacy programs. Top uses include authentication, identity and access management, and real-time monitoring and analytics.
“As cloud-based technologies mature and deliver new levels of secure service, the public sector is beginning to see the value of cloud-centric cybersecurity analytics. This type of solution allows agencies to ingest massive amounts of unrelated data and uncover relationships that turn ambiguous information into actionable intelligence. With centralized security analytics, organizations can scrutinize activity across the entire enterprise to help strategically manage cybersecurity risks, protect critical assets and ultimately offer truly differentiating business advantages.”