A lack of budgeted funds for cloud initiatives is slowing down Federal government cloud adoption, according to a report from Netwrix released today.
“Despite Federal government initiatives to encourage cloud adoption, the number of public sector organizations that are willing to implement a cloud-first strategy or become 100 percent cloud has dropped by 20 percent since 2018,” the report found
Netwrix, an information security and governance software vendor, found in its 2019 Netwrix Cloud Data Security Report that a mere 32 percent of government organizations “would consider implementing a cloud-first strategy, and only 20 percent would consider becoming 100 percent cloud.”
The primary reason cited for the hesitancy to fully embrace loud is a lack of resources. The vast majority (92 percent) of government IT teams said that they didn’t receive a budget increase for cloud security in 2019, and half said they don’t have financial support when it comes to managing cloud security issues.
“Despite initiatives like the Federal Cloud Computing Strategy, many organizations are cautious about using the cloud due to the lack of sufficient budget to ensure controls are in place to protect their data,” Steve Dickson, CEO of Netwrix, said in a statement. “Public sector organizations need to understand what data they have in the cloud and ensure they can classify it according to its level of sensitivity. This approach will enable them to prioritize their cybersecurity efforts and choose appropriate controls within their budgets to keep critical data safe.”
Despite half of government organizations citing financial concerns regarding cloud security, 69 percent of organizations are storing personally identifiable information (PII) of employees in the cloud and 62 percent are storing PII of citizens in the cloud. As for why organizations are moving PII to the cloud, 31 percent of IT teams said they are looking to improve cost efficiency, 28 percent said they need the information available for remote workers, and 21 percent said it was due to security concerns.
Despite citing security for a reason to move sensitive data to the cloud, more than a quarter (28 percent) of government organizations had one or more security incidents in the past 12 months. The report noted that organizations that suffered security incidents have two things in common: “none of them classified all data they stored in the cloud, and all of them stored all their sensitive data in the cloud.” The report further noted that “59 percent of organizations couldn’t determine whether the incidents they suffered were caused by external threat actors or insiders.”
As for how organizations are attempting to improve cybersecurity, 61 percent are looking to encrypt all data stored in the cloud, and roughly half are planning to improve their data access management. Though the Federal government is increasingly urging agencies to embrace the cloud, the survey found that roughly 25 percent of organizations that store all of their sensitive data in the cloud would consider moving some or all of back on-premises, starting with citizen data, payment data, and healthcare data. Key motivators for that decision include high costs, inability to ensure security, and lack of control.