While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Despite the tough economic climate over the past 18 months, public-sector organizations are shoring up resources devoted to IT security, according to new research from PricewaterhouseCoopers.
In fact, the downturn raised concerns about the potential for increased breaches. For the first time in the 11 years that PwC has conducted an IT security survey, the state of the economy ranked among the top drivers of public-sector security initiatives. It was fourth behind internal policies, regulatory compliance, and disaster recovery and continuity of operations.
It’s rare that security fails to be mentioned at some point during almost any tech briefing or CIO event. For instance, the crucial nature of security and keeping it top of mind came up this week during a CIO panel at the 2009 Geospatial Intelligence Foundation Symposium in San Antonio.
“We are doing a lot of work in identity and access management,” says Kelly Miller, deputy CIO for the National Security Agency. The reason? “So that we can again balance the risk of who has access to the common data that we are looking for and the common repositories and still maintain a security posture that is acceptable to us across all of our security domains.”
Of the 899 government officers who responded to the PcW survey (37 percent in North America), little more than half noted that “the increased risk environment has elevated the role and importance of the information security function.” An equal number, however, pointed out that cost-reduction efforts have made it more difficult to achieve security targets.
Even so, only 15 percent of public-sector respondents reported that they had reduced spending on security, and those cuts were in the range of 10 percent or less. (In all, the survey included responses from 7,200 executives worldwide.)
“It appears that some public-sector organizations are reluctant to cut too deeply into security — and may, to some extent, be protecting the security function’s budget,” the survey report points out.
By comparing the data from this year with that from 2008, PwC identified some increase in efforts around security. Respondents were asked if they had done the following:
Yet, the data suggests that the most troubling factor remains what organizations don’t know. Even given increases in focused security initiatives, one out of every two government officials who responded to the survey said they did not know if the total number of security incidents has risen.
A chief factor in this challenge could well be the rising demand for services and access to data by users. During the GEOINT panel, Miller referred to this as a “huge appetite” among the federal government’s users of intelligence data.
Priscilla Guthrie, Intelligence Community CIO for the Office of the Director of National Intelligence, added that keeping pace with rising data demands and dealing with potential threats “is going to require us to do risk management sometimes in near real time. And that is something, again, that is a little different from what we’ve had to deal with as a community.”