When it comes to federal cybersecurity, fresh survey results reveal that IT consolidation and modernization projects open up gaping holes in defenses for almost half (48%) of respondents.
This is due in part to incomplete transitions, according to SolarWinds’ third annual Federal Cybersecurity Survey.
When it comes to federal IT transformation, government agencies, which are often beleaguered by unwieldy red tape in the best of times, often face frustration when it comes to modernizing applications and making incremental updates. The hardware-based procurement process favors forklift replacements rather than organic, agile transformation. Typically, a system is conceived, built and rolled out, in that order, and it can take weeks, months, even years to see the project through to completion. This leaves obsolescence a lingering problem, so many projects are abandoned before completion.
"As federal IT departments move through the process of consolidation and modernization, the complexity of IT environments increases significantly and the responsibility of managing both legacy infrastructure and upgraded systems places a considerable burden on IT pros," said Mav Turner, director of product strategy, SolarWinds. "When completed, consolidation and modernization projects will provide more efficient and secure environments, but this isn't going to happen overnight, so additional attention must be given to securing environments against threats no matter where they originate."
Organizational obstacles present IT security challenges too— Behind budget constraints (29%), the greatest obstacles to improving IT security are complexity of internal environments (16%) followed by inadequate collaboration with other internal teams (12%).
While a fifth (20%) of respondents indicated that modernization and consolidation can have a number of benefits, like replacing legacy software and equipment for more productivity-enhancing approaches, and simplified administration and management (42%), these are not always realized. Survey respondents reported that for many employees, new enterprise management tools are too complex (46%), and there is a lack of familiarity with new systems (44%).
The survey also explored threat perception. It found that incursions by foreign state-sponsored attackers was a top concern, along with careless or untrained insiders.
Foreign governments saw an increase of 10 percentage points over 2015, to 48% of respondents indicating it as a top security threat. And 53% of respondents saw insiders as the biggest threat, but is still higher than 2014 (42%).
When asked to compare their agency's IT security attack vulnerability with last year, respondents claimed the increased sophistication of threats (44%) made their agencies more vulnerable followed by volume of attacks (26%) and end-user policy violations (24%).
Fortunately, many departments and agencies are implementing tools and strategies to mitigate IT security threats, and a full 84% of respondents see their investment in security tools increasing (51%) in 2016 or staying the same (33%) as it was in 2015.
Only 36% of respondents said their agencies have security information and event management (SIEM) products in place, but those that have a SIEM solution implemented said that they are significantly more equipped to detect almost every single threat listed in the survey. Also, 72% of respondents currently use smart card/common access card for authentication, and 38% say increased use of smart cards for dual-factor authentication makes them less vulnerable to security attacks.
There are signs that such investment is having a positive impact: Of the 62% of respondents whose agencies currently use patch management software, 45% have seen a decrease in the time required to detect a security breach and 44% a decrease in the time required to respond. And of the 62% of respondents whose agencies currently use configuration management software, 47% have seen a decrease in the time required to respond to security breaches.
"SolarWinds' annual cybersecurity survey tracks the sources of IT security threats and challenges that federal IT professionals face. This year it was good to see that 28% of respondents feel less vulnerable in spite of 38% seeing an increase in the number of IT security incidents," said Laurie Morrow, director of research services, Market Connections, which carried out the survey.