Government Agencies Lack Security in Public Cloud Deployments

Public sector data breaches have been on the rise in 2016, hitting government agencies hard all across the globe. According to the latest breach figures in the US alone, 38% of breached records are attributed to government and military agencies, second only to healthcare for largest numbers of breached records. Although government agencies only account for 7% of total breaches, these breaches tend to be devastatingly large.

A recent HyTrust survey found that government agencies are taking unnecessary risks with their use of the public cloud. The HyTrust Government Cloud Survey 2016 demonstrates that nearly 20% of agencies using the public cloud do not encrypt data. This data comes from a survey of 59 government and military organizations, so represents only a small sample size. Moving outward, the same question was asked of 400 IT professionals, with an even higher percentage (28%) using the public cloud without encryption in place. Although encryption is only a base standard for data protection on the endpoint or in the cloud, it points to a lack of visibility and control over data stored in the cloud.

The Obama administration mandated that federal agencies try to make use of a Cloud First policy, a strategy which has ultimately seen the closure of thousands of data centres, reducing operating costs and avoiding capital expenses. However, while there have been obvious cost and efficiency benefits to this Cloud First policy, this survey and data from other surveys indicates that all is not well in the use of the cloud by government agencies.

“Agencies shall use cloud infrastructure where possible when planning new mission or support applications or consolidating existing applications. Agencies should take into consideration cost, security requirements, and application needs when evaluating cloud environments.” – August 1, 2016 memo on Data Center Optimization Initiative consistent with the Cloud First Policy

The continued rise in data breaches in the government sector undermine the importance of embracing new technology, including the cloud, with data security at the core. Creating a top-down culture of security, with ongoing education and prevention, can help support technologies put in place to increase the visibility and control over data, even if that data lives on the endpoint or in the cloud. In our whitepaper, Five Steps to Prevent Data Breaches in State and Local Government Agencies, we lay out a layered approach to security that will allow state and local government IT security leaders to effectively take back control and to prevent and remediate data breaches appropriately.

Absolute DDS can provide federalstate and local government agencies the visibility needed to regain visibility and control over data. With Absolute DDS, government agencies can remotely monitor all endpoint devices, with automatic alerts for unusual device or user behaviour or the presence of sensitive data, even if that data is stored in the cloud. Absolute DDS provides the visibility you need into your entire security stack, helping you determine the status of complementary security applications with automatic zero-touch reinstallation of key applications to ensure that data remains protected at all times.