Federal government agencies worry about security

February 14th, 2019   |     |  security & compliance

Private industry isn’t the only one worried about security. Agencies at the federal level, across the board, are concerned about attacks. And as federal agencies continue to move to the cloud, their IT departments are focused on finding identity and access management (IAM) solutions that offer comprehensive security.

The new survey, conducted by OneLogin and CITE Research, shows the concerns of federal agency IT professionals. Conducted in the fall of 2018, it reveals that agencies moving to the cloud may be not have proper cybersecurity measures in place.

Staffing and preparedness are top concerns

The survey was conducted with 150 IT professionals whose titles were manager or higher, including 23 percent at the C-suite level. These IT professionals overwhelmingly believe their agency’s technology is on par or even superior to that of Silicon Valley, with 84 percent reporting a high level of confidence.

But they aren’t so confident in their staff’s ability to respond to cyberattacks. Almost half, 48 percent report they simply don’t have enough IT staff to protect their organization from cyber attack. And 47 percent don’t believe their agency is fully prepared for an attack.

Federal agency respondents don't believe they have enough staff to protect from cyber attacks and aren't fully prepared

Attack fears vary by seniority and type of agency

Overall, the attacks that IT professionals were most concerned about are:

Device theft and ransomware attacks were also high on the list. Younger IT professionals expressed more concern about device theft (50 percent) and older professionals expressed greater concern about ransomware (45 percent).

Fears also varied by agency type: civilian agencies were most concerned about phishing and ransomware attacks while DOD and intelligence agencies expressed concern about device theft.

IT professionals focus on unified access management

When asked about their current security, agencies reported using a wide variety of security tools, ranging from firewalls and on-prem identity and access management (IAM) systems to MFA and secure web gateways.

With most agencies managing hybrid environments and no sign of that changing, IT professionals expressed a need for centralized access management. A whopping 75 percent of those surveyed said they would feel more secure with a centralized access management platform that included SSO, MFA, and RBAC for both cloud and on-prem apps.

Want to know more?

Download and read the full survey results.

Read the State of the Federal IT Landscape report

If you work for a federal agency and have similar concerns, you may want to review our full length paper detailing the results of the survey in light of the evolution of the technology landscape, and the opportunity to rethink existing access management approaches.

About the Author

Justin Calmus is the Chief Security Officer at OneLogin. Before joining OneLogin, Justin served as CIO and CSO at Zenefits, was director of enterprise security at Salesforce, manager of security engineering at LinkedIn, and VP of Hacker Success at HackerOne, the leading bug bounty platform. Today, Justin architects and leads OneLogin’s risk management, security and compliance efforts.

View all posts by Justin Calmus

About the Author

Justin Calmus is the Chief Security Officer at OneLogin. Before joining OneLogin, Justin served as CIO and CSO at Zenefits, was director of enterprise security at Salesforce, manager of security engineering at LinkedIn, and VP of Hacker Success at HackerOne, the leading bug bounty platform. Today, Justin architects and leads OneLogin’s risk management, security and compliance efforts.

View all posts by Justin Calmus

Secure all your apps, users, and devices