Government systems, especially at the state and local level, are more at risk from cyber attacks than ever. And federal agencies aren’t immune either as HHS recently learned. More than 100 ransomware attacks were recorded in 2019 alone and they’re continuing in 2020. Not only has this cost millions in payouts and lost productivity, it has exposed sensitive information to bad actors worldwide. Meanwhile, bot attacks, digital identity fraud and phishing continue to build, along with a variety of malware that can steal data or bring a network to its virtual knees. Early on, cloud services, which can help reduce workloads and infrastructure costs while expanding many agencies’ capabilities, was part of the problem, as the security needs of cloud-based workflows weren’t understood by many users. Next-generation cloud solutions have tackled this issue head-on: autonomous capabilities and layered security mean that organizations can potentially have stronger defenses for their cloud infrastructure than for their on-prem systems.
Many agencies are frequently understaffed when it comes to IT security organizations, and they’re often still focused on perimeter controls, such as firewalls and anti-virus programs. While these have their place, they can’t do anything to prevent the spread of malware that’s already within the borders of the network. The cyberthreats against government agencies are relentless and amplified by the number of mobile devices in use by both employees and the public. These additional endpoints, which also connect to any number of public and private systems, make the issues surrounding fraud and malware injection exponentially more difficult.
The human factor plays a big role in security. According to Oracle and KPMG’s 2019 Cloud Threat Report, shadow IT, especially in relation to SaaS programs within divisions of an organization, can mean insiders regularly skirt established security policies; phishing attacks are still successful in opening up attack vectors; and the lack of clarity about who is responsible for security—the cloud service provider or the customer—leads to misconfigurations and missed opportunities.
Still, next-generation cloud solutions can make a significant difference. Cloud vendors are focusing on “continuous audits to make sure systems are secure, as opposed to internal IT decision makers who must prioritize to support operations, modernization, and security,” said, Oracle’s William Sanders, Senior Manager, U.S. and Canada Public Sector Technology Strategy, in a recent GovTech webinar, “Smarter Security for a Better Protected Government” Sanders added that security is often “the least funded elements of state and local governments.”
From a budgetary perspective, a significant advantage of cloud solutions is that they overcome the cost of maintaining older hardware as well as the ongoing costs of software licensing, patching and updating; out of date software and unpatched systems have been cited in numerous attacks. A properly configured cloud solution addresses these concerns and provides agencies with resiliency and redundancy in case of a disaster or physical disruption.
Next-generation clouds can provide greater security through layered controls—if a vulnerability is discovered in one layer of the system, there are more security controls ready and waiting in the next level. This model of isolating data and systems limits the damage that can be caused by infiltration into the system. With autonomous systems fueled by AI and ML, the protection is seamless and invisible to the user or the IT staff – a secret weapon against attacks.
Using artificial intelligence and machine learning, autonomous systems can self-secure, self-update, and operate on their own faster and more precisely than humans, providing significantly greater protection against evolving threats. When these solutions support a mature, next-generation cloud infrastructure, agencies gain the ability to accomplish more while protecting critical data and systems.
In other words, Oracle’s Sanders said, “The cloud should help agencies focus on their core mission instead of administrative and maintenance work; make data-driven decisions; and close the gap between the ‘resources we’ve got’ and the ‘resources we need.’”
Ready to learn more? Read this issue brief.