ARMONK, N.Y. — Cybersecurity is both the primary reason government IT leaders are modernizing their IT infrastructures and the top barrier to change.
The findings comes from the “Government Index for IT Modernization” by IBM, which is a study based on a survey of current and former U.S. decision makers in government IT, according to the company last month.
The study comes after a string of recent cybersecurity breaches, including the SolarWinds and Kaseya cyber attacks, have spotlighted cyber threats and vulnerabilities.
As a result, President Joe Biden issued an executive order in May, urging federal agencies to “modernize” and protect their data from threats.
IBM developed the “Government Index for IT Modernization” study to provide insights into the “critical role” of security and privacy in cloud adoption and modernization, as government agencies decide their “long-term strategies.”
The study’s data “sheds new light” on what obstacles government decision makers face in their IT modernization:
Modernization Drives Security
- Security outweighs reducing costs by almost double as the reason to modernize IT infrastructures
- Over 75% of respondents cited migrating and managing data from legacy systems to the cloud as a challenge for their agency, with security was cited as the top barrier but also as a main driver
- Nearly 70% of those surveyed view security risks as the top barrier when migrating to modern cloud platforms
- With cybersecurity attacks on the rise, so too are budgets to protect data
- Agencies will spend the most on cybersecurity in planning for FY22.
Contradictions Over Security Readiness
- Between 64% and 82% of respondents believe their agency is “very prepared” or “somewhat prepared” for a wide range of threats, from ransomware to post-quantum attacks
- Over 40% believe it will take three or more years to comply with Biden’s cybersecurity executive order to implement zero trust and encrypt all data
- Over half say their cloud administrators do not always require complex passwords (50%) and two-factor/multi-factor authentication (51%)
Visibility Gets Cloudy
- 50% of the respondents report their agency is using a mix of security tools for on-premises and cloud threats, creating a gap in visibility
- Security concerns are holding 46% back from working with third-party vendors
- Managing risk across a growing attack surface is expected to further complicate security
The average federal agency is using 10 or more cloud providers and working with hundreds of third parties, according to IBM.
“With the president’s executive orders, the U.S. federal market is facing a massive transformation to its cybersecurity strategy, which requires a great deal of technological modernization,” said Howard Boville, head of IBM Cloud Platform.
“While this is a priority for government IT decision makers, our survey found that they view security as both a driver and barrier to modernization.
“Enterprise technology providers are stewards of massive volumes of personal data, and we need to do our utmost to protect this data. A public and private sector partnership that adopts an open and secured hybrid cloud architecture with sophisticated security capabilities can help agencies ensure that data truly remains theirs, even in a multi-cloud environment.”
Managing Risk During Modernization
IBM has a long history of collaboration with the U.S. federal government, helping it “innovate, adapt and transform over a multi-decade journey.”
Based on the results of the “Government Index for IT Modernization,” IBM is making the several suggestions to the market for “managing risk while modernizing”:
- Government entities should consider open and secure hybrid cloud architectures to “embrace innovation” in the cloud, which focuses on helping them keep data protected. A hybrid cloud approach can help governments securely manage data across on premises, off premises/cloud and edge environments
- New approaches for cybersecurity should be adopted to help protect data across hybrid cloud environments – no matter where data resides
- Complexity is the “enemy of security,” and the approach to modernization should incorporate a secure architecture, including sophisticated capabilities that will not “compromise or monetize” customer and citizen data. To help mitigate third-party risks it’s vital to close any loopholes in the data security supply chain, encrypting data being stored and transmitted and using confidential computing to protect data in use.
The “Government Index for IT Modernization” study was conducted online by Morning Consult in June 2021 on behalf of IBM.
The firm surveyed over 500 current and former IT government decision makers based in the U.S. across local, state, federal agencies.
All respondents were required to have “significant insight or input” into their agency’s IT decision making.
See more: Top Cloud Security Companies & Solutions