The Changing Face of Data Security in the U.S. Federal Government Results from The 2019 Thales Data Threat Report Federal Edition
2019 Thales Data Threat Report – Respondent Demographics Sweden U.K. U.S. Netherlands Germany Japan India US federal agency sizes surveyed 100% - $250M+ 53% - $750M+ 26% - $1B+ ANZ 1,200+ SENIOR IT SECURITY EXECUTIVES SURVEYED GLOBALLY 100 EACH: INDIA, ANZ, JP, UK, DE, NE, SWE 500 U.S. – 100 EACH: FED GOV, HC, RETAIL, FIN SRV Storyline: More than ever it is crucial that organizations manage and safeguard personal information and address their risks and legal responsibilities in relation to processing personal data, to address the growing amount of applicable data protection legislation. A well constructed and comprehensive compliance program can solve these competing interests and is an important risk management tool. Understanding cybersecurity mandates on a global scale is critical to any multinational company that collects and retains customer data, trade secrets, and other confidential data or operates in a critical infrastructure sector, such as energy, financial services, healthcare and defense/government contractors.
Is Agency Digital Transformation putting sensitive data at risk? Federal agencies are nearly universal in implementing digital transformation initiatives. But agencies pervasively use sensitive personal, financial, and national security data. Are these deployments secure?
Agency digital transformation universal uses sensitive data High rates of adoption combined with sensitive data expands risks to data Digital transformation and sensitive data use Adoption rates by digital transformation technology 98% Using sensitive data with digital transformation technologies Cloud, big data, IoT, containers, mobile payments, blockchain, social media SaaS 95% IaaS 93% PaaS 92% Mobile Payments 90% Big Data 86% IoT 93% Containers 81% Blockchain 82% Use now Planned to add within 12 months
Are agency digital transformation deployments secure? Despite high levels of belief in the security of deployments, most feel vulnerable, few secure data with encryption Agency vulnerability to data threats. 42% are very or extremely vulnerable Organizations think their digital transformation initiatives are secure – But are they? 79% 30% 79% Believe Their digital transformation initiatives are very or extremely secure But only 30% or less use data encryption With their digital transformation environments today
Agency Data Breach Rates U.S. federal agency data breach rates are significantly high, with over half of all breaches occurring in the last year 60% 35% 14% Breached ever Breached in the last year Breached multiple times have been breached both in the last year and previously
“ While DX is driving benefits to agencies and constituents alike, it is introducing new difficulties for information security professionals, including the potential to put government secrets and constituents’ sensitive data at risk” – 2019 Thales Data Threat Report
The multicloud agency – Sensitive data use brings risk Using cloud 90%+ of enterprises using each cloud environment type: SaaS, IaaS and PaaS 90%+ “Agencies will need to implement security tools and platforms designed for modern, hybrid, and multi-cloud architectures, not jerry- rigged from legacy technologies” – 2019 Thales Data Threat Report 78% Using sensitive data In cloud environments Use more than 25 SaaS applications Multi-cloud usage is high, bringing even more risk Use 3 or more IaaS vendors Use 3 or more PaaS environments
What’s needed to solve agencies cloud data-at-rest security problems What’s needed to solve agencies cloud data-at-rest security problems? Encryption! “Data must be protected where it sits, in the data center, in the cloud, or at its termination point.” Top 3 cloud data security issues Top 3 data security tools needed in the cloud Security of agency data if the cloud provider fails or is acquired 57% Security breaches/attacks at the service provider 55% Meeting compliance requirements and regulations (PCI DSS, FISMA, NIST… 55% Encryption of cloud data 39% Specific written compliance commitments 39% Detailed in-cloud security information (Physical and IT) 38%
2019 agency IT security spending priorities Data breaches and compliance requirements are not top IT security spending priorities for agencies Implementing security best practices 44% Reputation and brand protection 38% Requirements from business partners/customers 37% Increased use of cloud computing 34% Competitive/strategic concerns 34% Executive directive 32% Past data breach 30% Compliance requirements 27% Avoiding data breach penalties 24%
Data privacy and sovereignty regulations “Prioritize compliance issues. With the overarching impact of federal and global data regulations, 2019 could be considered ‘the year of data protection’.” - 2019 Thale Data Threat Report How will agencies meet these regulations? Encryption Data Privacy 86% of agency IT security pros polled said that their organizations would be affected by data privacy or data sovereignty regulations 86% Encrypting personal data Tokenizing personal data (an encryption technology) Moving data to compliant locations Use local hosting and cloud providers Not affected by these regulations
Threat vectors shift to external attackers “Federal government respondents believe they are more vulnerable to security threats than most other industries.” 2019 Thales Data Threat Report 48% 54% 47% 45% 42% 35% 36% 37% 33% 34% Cybercriminals Privileged users Cyberterrorists Partners w/internal access Service provider accounts Hactivists Executives Competitors Ordinary employees Other IT accounts Nation-states Contractor accounts 82% of agencies feel vulnerable Somewhat Vulnerable Very/extremely vulnerable 42% 40% 82% Past data breach
Beyond cloud – digital transformation increases risks The problem: massive adoption combined with sensitive data Adoption rates for digitally transformative technologies beyond cloud 86% 92% 90% 82% 95% Using or planning to use Big Data Using or planning to use IoT Using or planning to use Mobile Payments Using or planning to use Blockchain Using or planning to use Social Media Rates of sensitive data use with digital transformation technologies 40% Big Data 40% IoT 45% Mobile Payments 32% Blockchain 40% Social Media RESEARCH AND ANALYSIS FROM:
Digital transformation – Encryption required “You need new data security methods to protect today’s IT landscape, and this starts with encryption.” - IDC 49% 44% 45% 39% IoT Encryption the top tool needed to drive IoT adoption Cloud Data encryption is a top tool needed to enable more cloud use Big Data Encryption needed to enable more big data usage Containers Availability of encryption increases adoption
Digital transformation data – Requires protection Cloud Cloud Cloud Network Palo Alto Networks Cisco Cloud Endpoint Symantec McAfee FireEye Carbon Black Application Application Database File System Storage/SED’s Now, from a partner view, here is where the Vormetric Data Security Platform fits in the security stack. Partners are very familiar with security solutions for network and endpoint. But digital transformation is really dissolving the perimeter and you need to protect sensitive data everywhere it goes. And that is where Vormetric Data Security Platform excels by protecting data across the enterprise on disks, file systems, databases, applications all the way to the cloud. And unlike network and endpoint segments which are pretty much saturated, we offer a major growth market for partners.
The Changing Face of Data Security in the U.S. Federal Government Results from The 2019 Thales Data Threat Report Federal Edition