Many security leaders are still trying to unravel how the pandemic altered how employees communicate and conduct their day-to-day work lives moving forward. The shift to hybrid and remote work has resulted in many positive outcomes, including workers having more flexibility, improved mental health, and of course, a non-existent commute. One area where this shift has had a massive impact is in the cybersecurity realm.
These paradigm shifts have become even more apparent in the government and US public sector, where employees today continue dragging their feet on a full return to the office. As a result, more employees are working remotely and accessing data on uncontrolled networks that are easily susceptible to data breaches — forcing agencies and organizations to think about their cyber protection posture as they witness an astounding increase in cyberattacks.
This comes as no surprise, as government entities harbor incredibly sensitive data, which leads to being a prime target for malicious actors. One doesn’t have to look hard to see a growing list of high-profile cyberattacks taking place within the U.S. public sector. This has pushed the Biden administration to urge private sector companies to provide agencies with the support and help they need to immediately strengthen their cyber best practices.
For organizations to be successful, they must accelerate their cyber defense optimization strategies and look to cloud-based cyber protection solutions to keep them safe from new and persistent threats.
The rise of cloud adoption in the U.S. public sector
With the work landscape continuing to evolve, the public sector is increasingly dependent on remote networks and data management systems, leading to the mass adoption of cloud computing solutions. In a January 2021 Deloitte survey, 70% of state and local government executives highlighted that the cloud is their preferred environment for hosting citizen and mission data.
The cloud has helped agencies improve efficiency and enabled them to reduce overhead costs. For example, the US Navy recently completed its largest cloud migration to date, moving its Enterprise Resource Planning system from an outdated on-premises system to a modern cloud environment for 70,000 worldwide users.
Similarly, the Office of Recovery Services (ORS), a Utah Department of Human Services division, migrated its 25-year-old information system from its legacy mainframe to a Java-based application hosted on the cloud, reducing its operational costs by 37%. These trends point to a new cyber defense quandary in the U.S. public sector, as bad actors are now able to facilitate attacks with less effort due to the use of artificial intelligence (AI) and automation tools.
Revamping U.S. public sector cybersecurity policy
Work from home life is here to stay, which means sensitive government data will remain accessible via public cloud networks. The pandemic has exposed many issues within the U.S. public sector’s infrastructure and practices, which entail legacy information technology (IT) systems, siloed systems and outdated databases.
This became clear when many legacy systems could not manage the massive surges in demand for critical services such as unemployment insurance or other human services, which accelerated cloud migration for government agencies.
These all have an array of security vulnerabilities that ultimately result in poor user experiences and major operational delays. It is no question that in today’s cloud-based landscape, public sector agencies can no longer afford to be relaxed about data privacy and security.
The path to zero trust
One of the notable issues with legacy systems is that they do not implement zero trust architecture. Zero trust enforces strict policies that control access to network resources, treating every incoming connection as a potential threat until proven otherwise. While it seems obvious that all government entities should have this in place, it’s challenging to transform these legacy information technology (IT) systems from the ground up, not to mention having to deal with inaccessible funding or a lack of real cybersecurity expertise.
Luckily, with increased funding available through the recent Executive Order on Improving the Nation's Cybersecurity and the Office of Management and Budget (OMB) honing in on a strategy to move the U.S. government toward a zero trust approach, the cybersecurity field is headed in the right direction.
How to utilize existing cybersecurity technology
In order to be fully protected, U.S. public sector agencies must be digitally resilient while being able to meet stringent regulatory, operational, encryption and storage standards.
One of the most important considerations when researching a cloud-based cybersecurity solution is adopting one that has already achieved the necessary certifications and compliance requirements. For example, organizations can adopt solutions that already adhere to industry standards such as HIPAA, CJIS, FIPS 140-2, and NIST SP 800-171. This means they already meet the distinct needs of education, healthcare, criminal justice, nonprofit organizations and state and local governments.
With increased pressure being placed on government entities, the U.S. public sector’s IT transformation efforts are headed in the right direction. However, cybersecurity practitioners in the public sector are nowhere near the end goal. The good news is cybersecurity transformation doesn’t have to be years away — but, to achieve this, trusted, certified solutions will need to be mandated. This will be key for these agencies to become adept at keeping up with cloud adoption and mitigating the risk of attacks.