Government security IT issues were highlighted in 2015 with a major security breach at the Office of Personnel Management in which personal details of more than 22 million former, current and prospective federal employees, contractors and others were compromised. Other security breaches have also received publicity recently, including a hack of the U.S. State Department.

This large number of sophisticated attacks against government agencies has led to cybersecurity being identified as a critical focus area within government. However, many such organizations face budget constraints, as well as problems finding and retaining skilled and experienced security personnel.

Increased Use of Cloud Services Improves Security

Many government organizations are responding by increasing their use of cloud services, not only to achieve cost savings and efficiency gains, but to improve their capabilities in security and compliance. This will help them to modernize their IT infrastructures, which 92 percent of federal IT managers state is an urgent priority, with security being the driving force.

Federal Government Initiatives

The federal government is also directing agencies to assess the health of their networks and to take the necessary steps to improve security. Toward the end of 2015, it called on agencies to immediately patch critical vulnerabilities, identify high-value assets, restrict privileged users and expand the use of strong authentication. One result seen was an increase in the use of strong authentication from 42 percent of agencies to 72 percent during the 30-day sprint.

The federal government has also now published the Cybersecurity Strategy Implementation Plan, which focuses on five objectives:

  • Prioritize the identification and protection of high-value assets and information.
  • Improve the ability to detect and rapidly respond to cybersecurity incidents.
  • Ensure the ability to rapidly recover from cybersecurity incidents.
  • Take steps to recruit and retain highly qualified cybersecurity workforce talent.
  • Improve the ability to efficiently and effectively deploy existing and emerging technologies.

Improving Network Security

Further research from MeriTalk indicates that one of the greatest challenges that agencies face is the amount of security data that is generated in their networks. Because of this, 78 percent state that at least some of their security data goes unanalyzed and, while 70 percent are able to monitor cybersecurity data feeds in real time, few have the ability to analyze it effectively. However, 92 percent state that they are taking steps to improve cybersecurity capabilities, including upgrading or investing in existing security technologies, deploying network analysis and visibility solutions, and investing in cybersecurity training.

Focus on Endpoints

Government agencies are also embracing innovative technologies, especially those that empower users and provide them with greater mobility and flexibility. Mobile devices are increasingly powerful and employees utilize to access vast swathes of data, including sensitive information related to their work. It is therefore best practice to ensure that mobile devices issued by government agencies provide high levels of security. Samsung Knox provides such capabilities, with security built into both the hardware and the software that runs on them. For government needs, it also provides the ability to customize devices, installing apps and conforming to government-grade security certifications.

Solving government security IT issues, as with many enterprises, requires focusing both on internal networks, as many breaches take time to detect, as well as on external endpoints and users, since external attacks are one of the main ways hackers can gain an initial foothold on the network. Given the high and growing volume of security attacks and incidents, government agencies must be proactive in addressing security IT issues.

Samsung KNOX delivers defense-grade security on Galaxy mobile phones and tablets. Find out more about how Knox can protect your business.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth