"The lack of automation and reliance on error-prone manual tasks are complicating the problem, and misconfigurations and data breaches will only increase with a dispersed and reduced security workforce"
Reggie Best, President, Lumeta
Government departments are increasingly undertaking large scale deployments to public and hybrid cloud infrastructures. However, new research recently conducted by FireMon is uncovering widespread cloud security issues resulting from a shortage of skilled cloud security professionals trying to keep up with the pace of these deployments combined with small budgets and a lack of adequate software that can both automate and provide visibility across disparate tools and systems. According to their research, misconfigurations are the leading cause of data breaches, whilst almost half of government cloud security teams still only use manual processes to secure their hybrid cloud environments.
FireMon provide solutions such as firewall behaviour testing, workflow integration, traffic flow analysis and rule recertification. Based in Kansas and Dallas, their solutions help hundreds of organizations around the world control their complex cloud security infrastructures.
Some of the top finding contained in their report were:
- 54% believe the pace of their cloud deployments have surpassed their ability to provide adequate cloud security.
- 77% spend less than 25% of their budget on cloud security.
- 7% do not spend any of their security budget on cloud security.
- 53% have less than 10-person security teams, and 33% of this group had less than five-person security teams.
- Only 22% use cloud security tools that work across multiple environments to manage hybrid networks.
To find out more, we spoke to FireMon’s Reggie Best, president of Firemon’s Lumeta business, who leads the integration of core product functionality for real-time visibility and leak-path detection into the FireMon platform.
“The lack of automation and reliance on error-prone manual tasks are complicating the problem, and misconfigurations and data breaches will only increase with a dispersed and reduced security workforce because of COVID-19” said Reggie.
Prior to the coronavirus outbreak, governments were already struggling to protect their cloud infrastructures from misconfigurations and the increased threat of data breaches. However, because of COVID-19, government organizations have faced a huge increase in cybersecurity threats where cybercriminals have taken great advantage of the rushed requirement to facilitate a functional remote government workforce.
“Cyberthreats are nothing new to the government sector” explains Reggie. “Only recently a third-party government supplier exposed hundreds of thousands of applications containing birth-certificate data because of a storage bucket misconfiguration.”
“The challenges of a dispersed IT team will now become part of the new normal. Even when staff return to the office, government organizations will continue to see the same shrinking security budgets and lack of a skilled IT workforce.”
During this time of rising cybercrime and as direct targets of cybercriminals looking to obtain valuable data, governments’ cloud security systems need to be second to none. The answer to their problems has to be through providing better training for their IT security teams and to fully utilize better cloud security solutions, such as those provided by FireMon, that can both automate critical cloud security tasks and provide real-time cloud visibility that helps their overworked and under-staffed security teams.
