The U.S. government is on track to significantly boost spending on cybersecurity solutions. However, evolving requirements to greatly improve federal protection of information technology resources will shape that spending.
In fact, federal cyberprotection goals should be augmented and significantly modified, according to recent studies of the federal market. The linkage between increased federal investing in cybersecurity and the requirements for bolstering IT protection are portrayed in two newly released reports.
Increased federal investments in cyberprotection virtually are inevitable and will occur regardless of any politically partisan differences over the federal budget, one report concluded.
“Owing to instances of criminal activities since September 2001, the U.S. federal government is enforcing the use of cybersecurity products to monitor data traversing through the network and control its access by preventing unauthorized individuals from gaining access,” said a report issued byTechnavio last month.
The Obama administration’s Cybersecurity National Action, launched earlier this year, has bolstered the basis for projecting a robust federal cybersecurity market.
“We noted that President Obama has focused on cybersecurity as one of the critical issues facing the United States,” Amrita Choudhury, research analyst at Technavio, told the E-Commerce Times.
High Growth Rate for Federal Market
The U.S. federal government cybersecurity market was valued at US$5.91 billion in 2015 and is likely to reach $8.8 billion by 2020, growing at a compound annual rate of 8.3 percent, Technavio estimated.
One significant market driver for federal cybersecurity investments is that the “government is focusing on enhancing situational awareness regarding network vulnerabilities and threats in order to prevent intrusions,” the report said.
Also, growing adoption of mobile devices likely will increase the need for cybersecurity products to secure data such as emails, and that will “positively affect the revenue growth in the market.” In addition, the U.S. government is investing in research and development activities for cybersecurity solutions to deter malicious activities, according to the report.
In calculating market size, Technavio considered revenue generated from the sales of two major types of cybersecurity solutions. First are standalone software suites with expected revenue calculated on the basis of licensed solutions and pay-per-use solutions. Integrated solutions are not included in the software suites.
Second are third-party integrated services offered by managed security service providers and deployed on-premises, in the cloud or as a hybrid model. Managed security services include software upgrades, maintenance and network monitoring services, but do not include associated labor costs.
The defense sector will be an important component of cybersecurity investments, according to Technavio.
“The U.S. federal government has increased its spending on security investments for defense and military organizations, which is dependent on the country’s economic condition. The investments are mainly for battlefield management, data protection and wireless security solutions,” Choudhury noted.
“This has led to the shift of defense organizations from traditional security solutions to electronic security solutions,” she said.
Other market factors covered in the report include the following:
- Vendor status: The U.S. federal cybersecurity market is highly fragmented with the presence of many multinational vendors and small regional players. The report provides an analysis of vendors and product offerings and a perspective on the competitive environment, including a vendor matrix.
- Technology options: With U.S. agencies becoming increasingly interested in cloud deployments, the study assesses the impact of cloud and cybersecurity objectives.
- Product segmentation: The report includes a breakout of the market share of services versus solutions utilized in the federal market by year through 2020.
Vormetric Study Examines Investment Priorities
The cybersecurity challenges facing federal agencies are major factors behind increased spending. In addition to higher levels of investment, however, government agencies need to do a better job of directing where those funds should be spent, according to a recent report fromVormetric.
Ninety percent of federal IT security managers believe their organizations still are vulnerable to cybersecurity threats, according to the results of a Vormetric survey conducted in association with451 Research.
A full 61 percent of survey respondents reported experiencing a past data breach, with nearly one in five indicating a breach in the last year, the survey of more than 100 federal IT managers showed.
However, federal cybersecurity investments may not be keeping pace with actual threat factors, survey results indicated.
Responses showed that “federal IT security professionals are like generals fighting today’s wars with the weapons of yesterday,” said Garrett Bekker, senior analyst of information security at 451 Research.
Outdated systems are a critical problem, federal IT managers said during a recent roundtable discussion conducted in conjunction with the survey.
“It’s very hard to protect legacy systems that were never designed with today’s security requirements in mind,” noted Tina Stewart, vice president of marketing at Vormetric.
“But there’s a big caveat: Replacing legacy systems isn’t going to solve one of the root-level problems, which is that federal IT security professionals are misaligned when it comes to how they should protect current platforms,” she told the E-Commerce Times.
Sixty percent of respondents believed that network defenses were very effective at safeguarding data, survey results showed. Also, network defenses were a top investment priority for federal agencies over the next year.
Beyond Legacy IT Protection
“Yet time and again federal and private organizations with state-of-the-art network defenses have had their data stolen as a result of multilayer attacks. It isn’t that network defenses aren’t required. They are a critical element of a layered defense for organization. It’s just that they are no longer 100 percent effective at keeping attackers out,” Stewart noted.
“The problem lies in the common legacy thinking based on a lifetime of IT security experience where network and endpoint protection were enough. Unless priorities change, the theft of data from agencies isn’t likely to stop,” she said.
Building out a big-picture cybersecurity strategy that includes and prioritizes encryption and privileged access controls will be required to meet future cybersecurity challenges, Vormetric contended.
While data-at-rest defenses are the most effective tools for protecting data once other defenses have failed, they were ranked last in terms of U.S. federal spending goals. Just 37 percent planned to increase their spending on data-at-rest defenses, compared to the U.S. average of 45 percent, according to the survey results.
Still, the fact that such defenses are being considered at all is a positive development, Vormetric noted. Another positive is that 58 percent of respondents were planning to increase spending to protect sensitive data, and 48 percent were looking to implement data security to follow industry best practices.
“Public sector organizations need to realize that doing more of the same won’t help us achieve an improved data security posture,” Stewart said. “More attention must be paid to techniques that protect critical information even when peripheral security has failed. Data-at-rest security controls such as encryption, access control, tokenization and monitoring of data access patterns are some of the best ways to achieve this.”