The modernization of the federal government’s IT and security systems is a crucial step for both the protection against cyber-attacks and provision of services that better suits current executive demands. In a recent article from Federal News Radio, Vice President of Federal Operations at Vormetric, Wayne Lewandowski, discussed the proposed 35% increase in federal cybersecurity spending as well as the unveiling of the Cybersecurity National Action Plan (CNAP). The proposed plan calls for the establishment of a national cybersecurity commission, a $3.1 billion Information Technology Modernization Fund, the creation of a federal CISO position, and a public service campaign to raise awareness among citizens about threats posed by online activity.
But securing federal infrastructure is nothing new. The government has already taken several vital steps to modernize, and in turn make it easier to secure, its IT infrastructure. From incorporating FedRAMP certified clouds, to the convergence of monolithic infrastructure into more modern systems, and the use of more-advanced firewalls and forensic tools, government’s cyber posture has been strengthening over the past few years. However, even with these steps and proactive policies, federal IT in its current state is still not be able to completely halt attacks.
A recent report based on input from IT security leaders demonstrated some concerning results. 90% of respondents feel vulnerable to data threats and 61% had already experienced a security breach. Of that 61%, 1 in 5 respondents had a breach within the past year. Astoundingly and in spite of missions to mitigate threats, the data shows there is still a lot to be done to bridge the cybersecurity gap.
But as Lewandowski says, “it’s not all doom and gloom.” Federal government leaders have a number of assets at their disposal, including some of the greatest minds in cyber threat and attack prevention as well as the support and research of industry. The difference between a breach and prevention will be how these resources are used and what they’re used to defend. Perhaps most importantly, government CISOs and security leaders should look not only to defend the perimeter of their networks but also the data inside the system.
Implementing Data Security
The Vormetric Data Threat Report revealed that 58% of respondents are spending more to protect sensitive data and 48% want to implement data security protocols that follow established best practices. Therefore, to ensure greater security and compliance, many organizations are encrypting data used for applications, file repositories, and other enterprise systems and then integrating access-based controls as a secondary defense mechanism. However, encrypting large amounts of information can often be a confusing and lengthy process. Miscommunication about objectives and responsibilities can further complicate the transition.
An optimal solution to sensitive data security should provide organizations with efficiency and robust security. Even more, these encryption solutions should keep transparency in mind and be extendable to meet the needs of tomorrow. And while 34% of federal agencies plan to implement application-layer encryption and another 27% are looking to implement tokenization, leaders should be careful to choose solutions that address an array of cyber concerns, not just single-function products that can be costly and futile as cybersecurity tools and solutions continue to develop in the coming years.
A New Kind of Encryption Approach
While “old school” encryption is often invasive and involves column-level database, PKI-based, or native point encryption, Vormetric’s approach is simple and easy to manage, reducing confusion and saving time and money. Vormetric Data Security solutions offer both policy-based data security, centralized key administration, and support for data management. Agents provide a strong, yet transparent, shield that evaluate all information queries against customizable filters and policies, all under decryption-based controls to monitor data and who accesses it. Regardless of the content, database, or application, and whether physical, virtual, or in the cloud, Vormetric’s Data Security enables confidence and speed by encrypting the data that builds federal government organizations.
It is imperative that government continues to modernize its IT systems to prevent future breaches and ensure the safety of sensitive information. And while there are no absolutes when it comes to security, data encryption is one option to aid in this complex process and remove many threat and attack vectors from infiltrating systems. For more information on data security and encryption with Vormetric, check out this securing sensitive data whitepaper and the 2016 Vormetric Data Threat Report.