CLOSING IN FEDERAL ENDPOINT SECURITY

Similar documents
CYBERSECURITY RESILIENCE

MOVING MISSION IT SERVICES TO THE CLOUD

HOW IT INVESTMENT STRATEGIES HELP AND HINDER GOVERNMENT S ADOPTION OF CLOUD & AI

IT Risk & Compliance Federal

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

The 2013 Digital Dilemma Report: Mobility, Security, Productivity Can We Have It All?

IT Security: Managing a New Reality

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Disaster Unpreparedness June 3, 2013

Sales Presentation Case 2018 Dell EMC

Government IT Modernization and the Adoption of Hybrid Cloud

Information Systems Security Requirements for Federal GIS Initiatives

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

THE POWER OF TECH-SAVVY BOARDS:

U.S. Department of Homeland Security Office of Cybersecurity & Communications

ACM Retreat - Today s Topics:

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

As Enterprise Mobility Usage Escalates, So Does Security Risk

Which Side Are You On?

Todd Sander Vice President, Research e.republic Inc.

A Guide to Closing All Potential VDI Security Gaps

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Building a Threat Intelligence Program

Security Survey Executive Summary October 2008

Cyber Resilience. Think18. Felicity March IBM Corporation

- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more

Sage Data Security Services Directory

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Effective Cyber Incident Response in Insurance Companies

FISMA Cybersecurity Performance Metrics and Scoring

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

ALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT

CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

How Switching to the Cloud Drives Employee and Agency Growth

Security in Today s Insecure World for SecureTokyo

Make security part of your client systems refresh

The Deloitte-NASCIO Cybersecurity Study Insights from

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Training and Certifying Security Testers Beyond Penetration Testing

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

THALES DATA THREAT REPORT

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Building a Resilient Security Posture for Effective Breach Prevention

Healthcare IT Modernization and the Adoption of Hybrid Cloud

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

State of South Carolina Interim Security Assessment

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Cyber Attacks & Breaches It s not if, it s When

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Tripwire State of Cyber Hygiene Report

Introduction to Device Trust Architecture

Automating the Top 20 CIS Critical Security Controls

Business continuity management and cyber resiliency

Mobile Security: Move Beyond The Basics And Overcome Mobile Paralysis

Security and Privacy Governance Program Guidelines

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Cyber Security Program

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

External Supplier Control Obligations. Cyber Security

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Evolving Threats Call For Integrated Endpoint Security Solutions With Holistic Visibility

State of the Cyber Training Market January 2018

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Innovate or die!? Modern IT Workplace Security. Alex Verboon Cyber Security Consultant

REPORT. proofpoint.com

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

What It Takes to be a CISO in 2017

STUDY REVEALS GROWING DEMAND FOR HIGH-SPEED DATA COMMUNICATIONS

Why you should adopt the NIST Cybersecurity Framework

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Made for the way you work: Big ideas and innovation from Windows 10 and Lenovo

Ensuring System Protection throughout the Operational Lifecycle

Solutions Technology, Inc. (STI) Corporate Capability Brief

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

VALUE OF A CYBERSECURITY SELF-ASSESSMENT

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

FEDERAL ISSUE BRIEF ACCESS DENIED: Threats to Endpoint Security in the Federal Government. Sponsored by:

Cyberbit Range. A Global Success Story by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary

The Cost of Denial-of-Services Attacks

White Paper. View cyber and mission-critical data in one dashboard

Preparing your network for the next wave of innovation

2018 Report The State of Securing Cloud Workloads

Defensible Security DefSec 101

CALIFORNIA CYBERSECURITY TASK FORCE

2016 Survey: A Pulse on Mobility in Healthcare

Spotlight Report. Information Security. Presented by. Group Partner

Transcription:

CLOSING IN FEDERAL ENDPOINT SECURITY More than half of agency IT officials worry about cyberattacks involving endpoint devices as a means of accessing agency networks. Yet many aren t taking advantage of technology they may already have to reduce their risks. A new report looks at what matters most to federal CIOs and IT leaders in securing endpoint devices accessing their networks and where the key gaps remain. PRESENTED BY UNDERWRITTEN BY

In a new survey of federal civilian and defense agency IT and cybersecurity decision makers, CyberScoop & FedScoop identify: The top priorities and concerns IT officials face in securing mobile and endpoint devices capable of connecting to the internet The endpoint security features and capabilities most important to them to reduce vulnerabilities and improve mission effectiveness Where agencies stand in implementing various endpoint security strategies and tools The top challenges agencies face in implementing modern endpoint security Where agencies could use greater guidance 2

KEY FINDINGS The state of endpoint security in federal government Federal agencies are further along than is often assumed in implementing methods to secure smartphones, tablets, sensors, wearables and other endpoint devices accessing their networks. Defense/ intelligence agencies are outpacing civilian agencies in embracing biometrics and alternative forms of authenticating users to improve endpoint security. However, the growing proliferation of devices accessing agency networks including employees personal devices is driving up risks. More than half of agency IT officials are concerned about network attacks from endpoint devices. And while 6 in 10 say securing government-issued mobile devices is a top concern over the next 12-18 months, many may be overlooking technology they already have or own to address security concerns. The endpoint security gaps federal IT/security officials still face Top priorities: Preventing cybersecurity breaches via endpoints and improving the time it takes to identify and recover when security incidents occur top the list of mobile security priorities over the next 12-18 months. Top concerns: Securing government-issued devices, addressing network and endpoint attacks and meeting endpoint security mandates are chief concerns over the next 12-18 months. Top needs: Agencies need the ability to centrally manage and configure mobile devices and remotely lock down devices and recover data if a breach occurs. And they need greater guidance on emerging security threats, meeting federal security mandates and technical support for securing devices. 3

WHO WE SURVEYED CyberScoop & FedScoop conducted an online survey of qualified federal government information technology and cybersecurity officials who have decisionmaking responsibility or influence regarding cybersecurity services, solutions, requirements, budgets or contractors. Of the 167 survey respondents: Federal job roles: Work for Defense, Military or Intelligence agencies 36% 64% Work for Civilian agencies 34% 30% 18% 17% 2% Other IT management Mission /program management or implementation IT Implementation and maintenance C-suite / Executive level IT decision maker 4

KEY FINDINGS TOP PRIORITIES Top mobile security priorities in the next 12 18 months among federal IT/security officials are: Preventing cybersecurity breaches from endpoint connectivity 64% Improving time to identify and recover when security incidents occur 46% TAKEAWAY Significantly more IT managers (61%) see improved identification and recovery time as a priority than their mission/program colleagues (34%) suggesting potential alignment gaps within agency management. Question: What are your mobile security priorities over the next 12-18 months? (Select all that apply.) 5

KEY FINDINGS TOP PRIORITIES Federal IT/security officials are also focusing on: Creating better management & monitoring dashboards (42%) Finding cost-effective endpoint cybersecurity solutions (39%) Simplifying secure configuration and management (37%) 4 in 10 Securing personal devices (33%) Reducing downtime by being able to quickly & easily reconfigure & reload user information on mobile devices (37%) 1 in 3 TAKEAWAY While currently available technology makes it possible to configure mobile devices remotely using containers and other controls, it appears many organizations are not taking advantage of those capabilities. Question: What are your mobile security priorities over the next 12-18 months? (Select all that apply.) 6

KEY FINDINGS TOP CONCERNS Top mobile security concerns in the next 12 18 months among federal IT/security officials are: Network attacks (62%) Securing government-issued devices (61%) 6 in 10 Endpoint attacks (54%) More than half Question: What are your mobile security concerns over the next 12-18 months? (Select all that apply.) 7

KEY FINDINGS TOP CONCERNS Federal IT/security officials express a number of concerns about the risks associated with endpoint devices, including: Increased risks due to 42% unknown 40% apps and independent devices Securing personal devices accessing federal networks Insufficient funding to meeting endpoint security needs 33% 32% Security risks due to Internet of Things TAKEAWAY Significantly more IT managers (49%) see insufficient funding as a top concern than their mission/ program colleagues (17%). Question: What are your mobile security concerns over the next 12-18 months? (Select all that apply.) 8

KEY FINDINGS TOP CONCERNS Federal IT/security officials are also concerned about: Meeting federal endpoint security mandates Lack of endpoint security guidance 48% 29% TAKEAWAY Agencies face a host of federal security requirements (such as FISMA, NIST 800-53, FIPS). Many of those mandates reflect outdated solutions or haven t kept up with changes in mobile technologies. Officials need more current guidance on emerging threats and practical technical guidance. Question: What are your mobile security concerns over the next 12-18 months? (Select all that apply.) 9

THE STATE OF FEDERAL ENDPOINT SECURITY MOBILE ACCESS 90% + of organizations provide secure mobile access for work-issued devices. But only about one-quarter or fewer support secure mobile access via workers personal devices. SUPPORT BY APPLICATION WORK-ISSUED PERSONAL Document/image management Agency-specific mission support systems Office productivity suite Email Business systems (i.e. financial, HR) Database/analytics Collaboration/chat 16% 16% 19% 18% 17% 28% 28% 95% 94% 94% 94% 93% 93% 89% Question: For which of the following applications does your organization support secure mobile access? (Select all that apply.) 10

THE STATE OF FEDERAL ENDPOINT SECURITY MOBILE ACCESS TAKEAWAY While roughly 20% of IT/security officials say their organizations support personal devices accessing their networks, 40% expressed concern about securing personal devices. Another FedScoop survey* found among federal workers: 33% rely on personal laptops, 49% rely on personal smartphones and 74% rely on personal tablets for work, even though federal agency IT managers don t support most of those devices. This gap between the use of personal devices accessing federal networks and agency IT support for them points to a significant risk. The use of more modern devices and endpoint security practices, including containerization and centrally managed configuration tools, represent opportunities for agencies to improve their overall security posture. * FedScoop Workforce Productivity Study July 2017 Question: For which of the following applications does your organization support secure mobile access? (Select all that apply.) 11

THE STATE OF FEDERAL ENDPOINT SECURITY IMPLEMENTATION STATUS 3 in 4 of federal IT/security officials have implemented, or are in the process of implementing: NOT YET IMPLEMENTED CONSIDERING/PLANNING IN PROCESS FULLY IMPLEMENTED MULTI-FACTOR AUTHENTICATION (79%) 4% 17% 28% 51% SINGLE SIGN-ON (76%) 6% 18% 38% 38% IDENTITY MANAGEMENT (73%) 8% 19% 35% 38% SECURING ENDPOINTS (75%) 5% 20% 50% 25% Far fewer (25%) have fully implemented securing endpoints (using endpoint detection and response, network access control, end-to-end encryption, application control, etc.) Question: How far along is your organization in adopting the following? (Select all that apply.) 12

THE STATE OF FEDERAL ENDPOINT SECURITY IMPLEMENTATION STATUS 6 in 10 (or more) of federal IT/security officials have implemented, or are in the process of implementing: NOT YET IMPLEMENTED CONSIDERING/PLANNING IN PROCESS FULLY IMPLEMENTED REMOTE DEVICE MANAGEMENT (67%) 11% 22% 25% 42% SECURING MISSION-CRITICAL FIELD DEVICES (69%) ROLE-BASED SECURITY (69%) ROLE-DRIVEN SECURE ACCESS (60%) 10% 21% 34% 35% 9% 22% 36% 33% 13% 27% 28% 32% DERIVED CREDENTIALING (59%) 15% 26% 38% 21% Question: How far along is your organization in adopting the following? (Select all that apply.) 13

THE STATE OF FEDERAL ENDPOINT SECURITY IMPLEMENTATION STATUS TAKEAWAY Defense and intelligence agencies are further along than civilian agencies in implementing certain endpoint security approaches: NOT YET IMPLEMENTED CONSIDERING/PLANNING IN PROCESS FULLY IMPLEMENTED SECURING MISSION-CRITICAL FIELD DEVICES DEFENSE CIVILIAN 8% 18% 11% 22% 24% 49% 40% 27% LOCATION-BASED SECURITY DEFENSE CIVILIAN 14% 16% 28% 50% 30% MULTIPLE USER PERSONAS DEFENSE CIVILIAN 24% 30% 28% 41% 28% 11% 23% 24% 22% 21% 9% BIOMETRICS DEFENSE CIVILIAN 27% 31% 26% 42% 31% Question: How far along is your organization in adopting the following? (Select all that apply.) 15% 16% 12% 14

THE STATE OF FEDERAL ENDPOINT SECURITY TOP CHALLENGES Cost, funding and approval processes plus lack of internal skills rank as top obstacles to implementing endpoint security. 46% 45% 45% 32% 29% 28% 25% 24% 23% 20% 17% Cost of new technologies Lack of funding Too many layers of approval Lack of internal skills/expertise to implement & maintain modern endpoint security services & solutions Implementation takes too long Lack of accredited cybersecurity services & solutions Lack of cooperation between mission/ business/program & IT operations Lack of buy-in from mission/business/ program organization Lack of awareness on what endpoint security options are available Lack of buy-in from IT leadership Lack of approved vendors Question: What are the top challenges to implementing modern endpoint security in your organization? (Select all that apply.) 15

THE STATE OF FEDERAL ENDPOINT SECURITY TOP CHALLENGES TAKEAWAY Civilian agency respondents are significantly more likely to cite lack of funding as an obstacle compared to their defense counterparts. Defense/intelligence agency respondents cite greater challenges than their civilian counterparts regarding layers of approval and implementation takes too long. CHALLENGES CIVILIAN LACK OF FUNDING 53% 31% LAYERS OF APPROVAL 38% 56% IMPLEMENTATION TAKES TOO LONG 19% 44% DEFENSE Question: What are the top challenges to implementing modern endpoint security in your organization? (Select all that apply.) 16

KEY GAPS IN ENDPOINT SECURITY TOP GUIDANCE NEEDS Areas where organizations need guidance on endpoint security: Staying ahead of emerging security threats (53%) More than half Meeting government-issued security mandates (39%) Securing mobile devices (35%) Providing secure, mission-critical field applications via mobile devices (33%) More than 1/3 TAKEAWAY Civilian agencies are significantly more likely than defense/intelligence agencies to need guidance on providing secure field applications and on derived credentialing. Question: In which areas of endpoint security do you feel your organization needs guidance? (Select all that apply.) 17

KEY GAPS IN ENDPOINT SECURITY TOP GUIDANCE NEEDS Other areas where organizations need guidance on endpoint security: Understanding endpoint security risks (30%) Meeting NIST security guidelines (29%) Derived credentialing (26%) Allowing multiple user personas on devices (26%) Multi-factor authentication (23%) TAKEAWAY IT managers are significantly more likely than mission/ program managers to need guidance for their organizations on meeting NIST guidelines and multi-factor authentication. Question: In which areas of endpoint security do you feel your organization needs guidance? (Select all that apply.) 18

KEY GAPS IN ENDPOINT SECURITY TOP CAPABILITY NEEDS Features and capabilities that matter most for improving endpoint security according to federal IT/security officials: 50% Ability to centrally manage and configure mobile devices 47% Implementing remote management to instantly lock down endpoint devices and secure data 47% The ability to remotely recover data and information if a breach occurs TAKEAWAY Significantly more defense/ intelligence IT/security officials (57%) said remote recovery of data was important to them than their civilian agency colleagues (38%). Question: Which of the following endpoint security features and capabilities are most important to you? (Select all that apply.) 19

KEY GAPS IN ENDPOINT SECURITY TOP CAPABILITY NEEDS Additional features/capabilities that matter most for improving endpoint security: 43% Ability to centrally manage a large ecosystem of devices 40% Military-grade security down to the hardware* 38% Secure containerization * Applies security controls to the hardware, kernel, boot and application layers, not just the operating system. TAKEAWAY Significantly more civilian IT/ security officials (57%) said military-grade security down to the hardware was important to them than their defense/ intelligence colleagues (30%). Question: Which of the following endpoint security features and capabilities are most important to you? (Select all that apply.) 20

CONCLUSIONS 1 Government agencies are making varying progress in implementing a number of proven methods for securing mobile and endpoint devices. Agencies struggling with limited budgets could take greater advantage of technology they may already have or is readily available in the commercial market to improve endpoint security, such affordable devices 2that support biometrics, derived credentialing and containerization. 3 modern 4 reducing Cost, funding and cumbersome approval processes are top obstacles to security implementation. But so is lack of internal expertise to implement endpoint security services and solutions. Agency leaders must seek ways reduce alignment gaps between the interests of mission/business managers seeking to improve productivity and service and the competing needs of IT managers responsible for security risks. 21

ABOUT CyberScoop is the leading media brand in the cybersecurity market. With more than 350,000 unique monthly visitors and 240,000 daily newsletter subscribers, CyberScoop reports on news and events impacting technology and security. CyberScoop reaches top cybersecurity leaders both online and in-person through our website, newsletter, events, radio and TV to engage a highly targeted audience of cybersecurity decision makers and influencers. FedScoop is the leading tech media brand in the federal government market. With more than 210,000 unique monthly visitors and 120,000 daily newsletter subscribers, FedScoop gathers top leaders from the White House, federal agencies, academia and the tech industry to discuss ways technology can improve government and identify ways to achieve common goals. With our website, newsletter and events, we ve become the community s go-to platform for education and collaboration. CONTACT Wyatt Kash Sr. Vice President, Content Strategy Wyatt.Kash@FedScoop.com 917-930-8531 PRESENTED BY UNDERWRITTEN BY

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback