Federal agencies continue to prioritize cybersecurity in their data strategies, but many are falling short of the visibility, agility, and integration required to meet today’s threat landscape, according to new research from MeriTalk and NetApp.
The study, Modern Data Defense: Balancing Security, Efficiency, Accessibility, and Innovation, surveyed 100 Federal IT decision-makers and found that while 49 percent cite security as the most important element of their data strategy, just 60 percent consider their current approach highly effective. Only six percent of respondents said their agencies excel across all four pillars of data strategy: security, access, innovation, and efficiency.
“Federal agencies are under immense pressure to modernize while safeguarding mission-critical data,” said Matt Lawson, Director, Solutions Engineering, NetApp. “This research underscores the need for a more integrated approach to data security – one that breaks down silos, embraces automation, and builds resilience into every layer of infrastructure.”
Legacy Systems, Cloud Transition Create Structural Drag
Among the top barriers to stronger security: legacy systems (cited by 45 percent), challenges balancing access with zero trust (44 percent), and fragmented toolsets that lack integration. Despite broad cloud adoption, many agencies face operational friction. Seventy-five percent say the volume of disparate systems and vendors hampers data access, with agencies averaging more than seven storage providers each.
Cloud-driven transformation remains a double-edged sword. While most agencies say their security posture has improved with the shift, many are still adapting governance, automation, and incident response protocols to fit consumption-based and multicloud environments. The top change made to support cloud and OPEX models was shifting from traditional appliances to cloud-based security services (64 percent).
AI Emerges as a Key Enabler, but Integration Lags
Artificial intelligence is on every agency’s roadmap, but full integration is a work in progress. Just 43 percent have deployed AI-driven or automated security tools, though all respondents plan to expand AI usage in the next two to three years. Top AI priorities include anomaly detection (60 percent), predictive vulnerability analytics (56 percent), and automated compliance enforcement (55 percent).
Agencies that rate themselves as highly effective in three or more strategic areas are more likely to invest in managed security services, consolidate vendors, and adopt AI for threat detection. These agencies are also significantly more likely to plan future deployments of AI-driven monitoring and anomaly detection (76 percent vs. 51 percent of others).
Closing the Gap: Recommendations for Resilience
To bridge the gap between strategic intent and operational reality, the report outlines several recommendations for Federal agencies:
- Integrate security into broader data strategies to reduce silos and improve governance.
- Streamline vendor ecosystems to strengthen control and consistency.
- Accelerate AI adoption with a focus on operational maturity and real-world use cases.
- Enhance resilience in contested and high-threat environments through edge computing, encryption, and specialized training.
With 80 percent of respondents acknowledging their agency’s data security strategies are not evolving fast enough to keep pace with threats, the report concludes that the future of Federal data defense will depend not on more tools, but on smarter alignment of strategy, structure, and security.
For more insights, view the full Modern Data Defense report: https://www.meritalk.com/study/modern-data-defense-balancing-security-efficiency-and-more/