More than two-thirds (67 percent) of U.S. federal IT managers are concerned with cyber security as they modernize data centers, which makes security all the more challenging, according to a MeriTalk study of 300 federal IT managers. The survey was underwritten by Palo Alto Networks.
Advanced target attacks/advanced persistent threats topped the list of data center security concerns for 58 percent of managers. Other critical concerns include malware on host servers at 55 percent and network viruses at 49 percent. Unauthorized device access and denial-of-service attacks came in at 47 percent and 37 percent, respectively.
Most federal managers (72 percent) gave themselves an A or B grade for efforts to maintain security through the data center modernization process, but more than half say they are missing key security measures.
As federal IT managers work to meet Federal Data Center Consolidation Initiative (FDCCI) goals and complete the modernization process, 41 percent believe integration will prove to be the top cyber security challenge.
Other key challenges for IT managers are the time it takes to provision, performance shortcomings, fragmented solutions, and a lack of security for virtual machines. Also notable is that 70 percent of managers said they have doubts about their data centers’ security within the data center fabric.
Looking ahead, 43 percent of managers indicated their agencies need to establish or enhance security policies and best practices, specifically investing more in security measures (46 percent), improving education (43 percent), sharing best practices among agencies (41 percent), and improving compliance with federal regulations (39 percent).
"The threats to federal systems will of course continue to grow," said Pamela Warren, director of government and industry initiatives at Palo Alto Networks. She noted the U.S. move to continuous diagnostics and mitigation (CDM) is an important step to providing government agencies with ongoing visibility to what is happening on their network all the time, rather than only during periodic reviews.
"Government agencies must work hard to maintain the best security practices using the NIST Cyber Security Framework, the ISO 27000 series of standards and ensure they are including SCADA security in their overall security planning," she said. "The threats of today and the future will not be limited to the IT infrastructure."