Government IT leaders are updating their IT infrastructures for a various reasons, but the most significant challenge to change is the factor is cybersecurity.
Based on the research findings of IBM’s “Government Index for IT Modernization”, is conducted on a survey of current and former government IT decision makers in the United States.
The survey comes after a slew of recent cyberattacks, like the SolarWinds and Kaseya that have brought attention to cyber threats and security vulnerabilities. As a matter of fact, in May, U.S. President Joe Biden signed an executive order directing federal agencies to “modernise” and protect their data from cyberattacks.
As government agencies consider their “long-term strategies” IBM created the “Government Index for IT Modernization” study to provide insights into the “crucial role” of cybersecurity and privacy in cloud adoption and modernization.
The findings of the study “sheds new light” on the challenges that government decision-makers confront in modernising their IT systems.
Security Modernization
As a reason to upgrade IT systems, security trumps cost savings by nearly two to one. Over 75% of respondents said that migrating and maintaining data from legacy systems to the cloud is a difficulty task for their agency, with security being the biggest roadblock but also a major motivator. Security risks are cited by nearly 70% of those polled as the most significant impediment to transitioning to modern cloud systems.
As cyberattacks are on the rise, and budget costs to protect data are as well. According to the IBM, the government agencies will spend the most on cybersecurity in FY22 planning.
Contrasting Security Preparedness
From ransomware to post-quantum attacks, 64 percent to 82 percent of respondents said that their agency is “very prepared” or “somewhat prepared” for a wide spectrum of cyber threats.
Over 40 percent believe that implementing Biden’s cybersecurity executive order to adopt zero trust and encrypt all data will take three or more years. Over half of cloud administrators which is almost 50 percent feel that complicated passwords and two-factor/multi-factor authentication — which is 51 percent — aren’t usually required.
Cloudy Visibility
The use of a combination of security tools for on-premises and cloud threats is reported by 50% of respondents, resulting in a visibility gap. Concerns about security are preventing 46 percent of respondents from interacting with third-party vendors.
The research findings state that managing security risk across an expanding attack surface is projected to make cybersecurity even more difficult.
According to IBM, the average US federal agency uses ten or more cloud providers and collaborates with hundreds of third parties.
Howard Boville, Head of IBM Cloud Platform, said “With the president’s executive orders, the U.S. federal market is facing a massive transformation to its cybersecurity strategy, which requires a great deal of technological modernization,”
“While this is a priority for government IT decision makers, our survey found that they view security as both a driver and barrier to modernization.
“Enterprise technology providers are stewards of massive volumes of personal data, and we need to do our utmost to protect this data. A public and private sector partnership that adopts an open and secured hybrid cloud architecture with sophisticated security capabilities can help agencies ensure that data truly remains theirs, even in a multi-cloud environment.”
Cyber Risk Management During Modernization
IBM has a long history of working with the federal government in the United States, assisting it in “innovate, adapt and transform over a multi-decade journey.”
Based on the findings of the “Government Index for IT Modernization,” IBM offers the following recommendations to the market for “managing risk while modernizing”:
To “embrace innovation” in the cloud, government bodies should pursue open and secure hybrid cloud architectures, which focuses on helping them keep data secure. Governments can use a hybrid cloud approach to securely manage data across on-premises, off-premises/cloud, and edge environments.
New cybersecurity measures should be introduced to help protect data in hybrid cloud environments, regardless of where it resides.
Because complexity is the “enemy of security,” the modernization strategy should include a secure architecture with advanced capabilities that do not “compromise or monetize” customer and citizen data.