A Closer Look at the Priorities of Leading Agencies
Mobile devices can impact information security
Progressive or leading edge agencies expressed concern about the proliferation of mobile devices and the impact of cloud computing on security, and are most likely to be investigating single-sign on authentication alternatives, in their ongoing efforts to improve agency IT threat prevention infrastructures.
Based on the results of the 1105 Government Information Group Content Solutions Information Security Survey, agencies furthest along in developing strong IT security protections were primarily, and not surprisingly, in federal defense-related agencies. Survey respondents from federal defense organizations were found to be the most mature their IT threat prevention infrastructures. In addition, other self-styled ‘progressive’ agencies with regard to technology procurement practices, said they were more apt to be investigating single sign-on authentication solutions.
At the same time, the proliferation of mobile devices with confidential information and access to internal systems was viewed an increasing security concern, by 78% of respondents. The remaining 22% were either neutral or not in agreement with this concept. In addition, the rise of cloud computing also generated a strong response. Cloud computing was cited by the majority, 67% of respondents, as a source of increasing security concern. However, another 25% of respondents were neutral as to whether cloud computing is a security concern. And a total of 8% of respondents disagreed with the statement that cloud computing created security concerns.
One potential source of data leakage, cited by 64% of respondents, was government employees, who can unknowingly bring threats into an agency’s IT infrastructure via their internet connections. Just under 15% of respondents were unsure whether employees pose a threat, and 22% said they disagreed with this assessment regarding employees.
Among those agencies furthest along in IT security planning, at least a quarter of those respondents noted that anti-virus, anti-spyware, anti-malware, anti-spam and encryption solutions are already in use within their organizations. Interestingly, 6% of those surveyed also said they are most apt to be seeking better data encryption solutions for endpoint security in the coming year.
When it comes to network security, intrusion detection was cited as most widely deployed, mentioned by 30% of respondents. Another 26% respondents said they have already implemented firewall and VPN services and 23% said IP security solutions have already been implemented. Only 13% of respondents have implemented personal firewalls and vulnerability software. And 15% said they had already installed multi-function security devices on their networks. In the coming year, the greatest number of respondents, 9% of those surveyed, said they would implement vulnerability software, while another 8% will implement multi-function security devices. The total number of responses exceeded 100% because survey respondents were asked to select all applicable choices.
While nearly all agencies surveyed cited the use of at least one threat prevention initiative, DoD agencies were most likely to have ten or more such initiatives under way. More than 60% of civilian agency respondents cited eight IT security initiatives implemented. And state and local government respondents were least likely to have ten or more initiatives in place.