While it may seem like decades that we’ve been talking about the security concerns of Bring Your Own Device (BYOD), cloud implementations, and now the Internet of Things (IoT), a recent eBook authored by analyst firm, Enterprise Strategy Group (ESG), and sponsored by Axonius finds that these IT trends are all still real problems for the federal government and its agencies.
The eBook, entitled, “As IT Complexity Increases, Visibility Plummets,” explores many of the different reasons why today’s networks are increasingly complex, and examines how this increased complexity impacts asset management and the network security of government organizations.
What ESG ultimately found is a government IT landscape that isn’t getting simpler, but rather becoming increasingly and exponentially complex. It also found a government cybersecurity workforce of cyberwarriors that – despite having many tools in place – still see large gaps in their ability to manage, monitor and secure their networks.
Clouds and sensors and devices, oh my!
While it should come as no surprise to many that government agencies are embracing cloud solutions and implementing IoT programs and projects, the metrics shared by ESG are truly eye-opening. The mandate to think “cloud first” has truly been a success across much of the government, with ESG finding that the role of the physical data center is possibly more diminished than ever before. Instead, approximately 52 percent of all government VMs now reside in the cloud, and containerization within the cloud is becoming increasingly prevalent.
While this movement to the cloud may come with cost savings and scalability benefits for agencies, it also comes with significant security concerns. Of the 200 cybersecurity professionals that ESG surveyed for their research, 69 percent admitted to having gaps in their cloud visibility and transparency. Not surprising, 75 percent also admitted to having, “experienced several serious cloud VM security incidents.”
But the lack of transparency and visibility isn’t limited to the cloud. More than half of the individuals surveyed claim to have active IoT projects, and the disparate nature of IoT devices creates its own problems for IT and security personnel. Approximately 58 percent of respondents claimed that device diversity is among their biggest management challenges.
All told, less than half of respondents felt confident in their visibility strategy for the IoT devices on their network. And that’s a problem that ESG anticipates will only grow. Most respondents foresaw that the sheer number of sensors, network-enabled gadgets and other IoT devices will exceed all other devices that they support within just three years.
And that’s saying something considering just how many devices their organization’s employees utilize.
On average, ESG claims that employees use approximately four different devices on organization networks each week. It’s doubtful that the organizations, themselves, are issuing that many devices. That indicates that BYOD is not just a concept, it’s a reality. And it’s happening even when it’s not supposed to. Approximately half of ESG’s survey respondents claimed that their organizations restricted or banned BYOD. Not surprisingly, more than 60 percent are concerned that those policies are being ignored.
What does all of this mean? Government networks aren’t nearly as simple, manageable or defensible as they once were.
The networks, themselves, are more complex than ever before – mixing traditional data center architecture with an increasing number of cloud services and solutions. The number of endpoints connecting to the network are increasing almost daily – with IoT adoption accelerating and employees shirking BYOD policies. And trying to keep a finger on all of this is becoming increasingly difficult as the complexity increases.
Solutions worse than the problem?
As the infrastructure has changed and evolved, and IT has become more complex, government IT and cyber professionals have found themselves adopting an increasing ecosystem of siloed cybersecurity tools.
On average, ESG found that teams are utilizing up to 100 different cybersecurity tools. However, even with all of these tools in place, respondents still report having massive transparency and visibility gaps and hazy pictures of just what assets comprise and connect to their networks.
One of the largest steps in managing and securing a network is understanding it. That involves analyzing and inventorying all of the assets so that they can be known, managed and protected. Unfortunately, according to ESG, the average IT asset inventory can take more than two weeks. Considering the rapid pace of technology and the constantly-shifting IT landscape, that means inventories are obsolete before they’re ever completed.
Worse, conducting asset audits and inventories can require 89 hours of labor across multiple teams. And some organizations conduct them as many as 16 times per year. That’s more than 1,400 hours a year spent just doing inventories, instead of actively threat hunting or doing other, higher-value tasks.
It’s for this reason that ESG thinks asset management platforms could be a worthwhile investment for government organizations, “….eliminating multiple existing tools, closing IT and security gaps, and freeing up critical resources to focus on other priority initiatives.”
And the respondents agreed. Approximately 90 percent thought their threat hunting and incident investigations would benefit from reducing their asset-related workload. And 85 percent anticipated increasing their investment in asset management in the next 24 months.
To learn more , click HERE to download a complimentary copy of the eBook, “As IT Complexity Increases, Visibility Plummets.”