Consolidation and modernization processes which should improve the cybersecurity of federal IT departments are actually doing the opposite during incomplete transitions, according to research released Tuesday by SolarWinds.
The third annual SolarWinds Federal Cybersecurity Survey also reveals that foreign governments have caught up to careless or untrained insiders as a security threat. Foreign governments and insiders were each cited as the top threat by almost half (48 percent) of the 200 IT and IT security professionals surveyed by SolarWinds, mostly in federal government and military positions. Ten percent more federal IT professionals consider foreign governments a top threat than in 2015, while concerns about insiders dropped five percent.
A reflection of this change is a growing concern around the sophistication of attacks, with 44 percent saying it increased agency vulnerability. By contrast, only 26 percent said the same of attack volume, and 24 percent said end user policy violation is an increasing vulnerability.
Consolidation and modernization processes are increasing IT security challenges according to 48 percent, with 48 percent saying they are incomplete, 46 percent blaming the complexity of enterprise management tools, and 44 percent pointing to a lack of familiarity with new systems. Cloud adoption is seen as increasing challenges by 35 percent.
“As federal IT departments move through the process of consolidation and modernization, the complexity of IT environments increases significantly and the responsibility of managing both legacy infrastructure and upgraded systems places a considerable burden on IT pros,” Mav Turner, director of product strategy, SolarWinds said. “When completed, consolidation and modernization projects will provide more efficient and secure environments, but this isn’t going to happen overnight, so additional attention must be given to securing environments against threats no matter where they originate.”
One in five federal IT professionals said consolidation and modernization have decreased IT security challenges. Replacing legacy software and hardware are each seen as a benefit by over half of those, while 42 percent said simplified administration and management are decreasing challenges.
While the reported obstacles to IT security are the usual mix of factors like internal environment complexity and competing priorities, led by budget constraints, the number of respondents blaming their budgets has dropped by over 10 percent since 2014. This both indicates how seriously federal organizations are treating cybersecurity, and suggests the funds for service providers to help the organizations meet those challenges are there.
Other results from the survey confirm that budgets are increasing, and the organizational challenge will be selecting the right security tools. Solutions designed for the federal government, like CenturyLink’s recently launched FedRAMP compliant IaaS offering, could be widely adopted if they can persuade federal clients that the transitions will be completed securely.
Smart card/common access card solutions which provide dual-factor authentication are considered the most valuable security product by those surveyed, followed by identity and access management. The mean number of security products used is 5.35, with significant variation between products in number of deployments and perceived effectiveness.
Market Connections Inc. director of research services said it is positive that 28 percent of respondents feel more secure, despite 38 percent noting an increase in IT security incidents.