Lack of budget compromises government cloud adoption

Netwrix has released findings from the 2019 Netwrix Cloud Data Security Report which revealed that the number of public sector organisations that are ready to implement a cloud-first strategy or move their entire infrastructures to the cloud has decreased by almost 20% since 2018.

In fact, only 32% of government organisations would consider implementing a cloud-first strategy, and only 20% would consider becoming 100% cloud. The main reason they cited is lack of resources: 92% of IT teams didn’t receive a budget increase for cloud security in 2019, and 50% of them say they have no financial support when it comes to dealing with cloud security issues.

Other findings revealed by the research include:

• The majority of government organisations store personally identifiable information (PII) of employees and citizens in the cloud (69% and 62%, respectively). Their chief reasons for moving sensitive data to the cloud are cost efficiency (31%), availability for remote workers (28%) and security concerns (21%).
• 28% of government organisations had at least one security incident in the past 12 months. These organisations have two things in common: none of them classified all data they stored in the cloud, and all of them stored all their sensitive data in the cloud. What is even more disturbing, 59% of organisations couldn’t determine whether the incidents they suffered were caused by external threat actors or insiders.
• The majority of organisations plan to strengthen data security in the cloud by encrypting data (61%) and improving data access management (55%). However, not all IT teams receive sufficient budget to support these initiatives: only 8% saw their cloud security budgets increase in 2019. However, those lucky few reported quite a substantial budget increase, which averaged 80%.
• One quarter of organisations that store all their sensitive data in the cloud would consider moving some or all of back on premises. The key reasons to uncloud include high costs (43%), inability to ensure security (29%) and lack of control (14%). They would start by migrating the data of citizens (29%), payment data (29%) and healthcare data (29%).

An infographic which further outlines the findings of the global 2019 Netwrix Cloud Data Security Report for the public sector is also now available. The infographic provides an industry perspective of the data that government organisations store in the cloud, the state of their cloud data security, and their plans for protecting data in the cloud and further using cloud technology.

“Despite initiatives like the Federal Cloud Computing Strategy, many organisations are cautious about using the cloud due to the lack of sufficient budget to ensure controls are in place to protect their data. Public sector organisations need to understand what data they have in the cloud and ensure they can classify it according to its level of sensitivity. This approach will enable them to prioritise their cybersecurity efforts and choose appropriate controls within their budgets to keep critical data safe,” said Steve Dickson, CEO of Netwrix.

“Government CIOs demonstrate clear vision in the potential for digital government and its emerging technologies, but fully 45% report they lack the IT and business resources required to execute. Cultural challenges further stagnate progress.” — Gartner, “2019 CIO Agenda: A Government Perspective,” by Alia Mendonsa and Cathleen Blanton, March 29, 2019.