Insight by Axonius

What the pandemic-driven increase in IT complexity means for federal agencies

This content is provided by Axonius.

Of all the effects of the COVID-19 pandemic, perhaps the least surprising is that it increased IT complexity for federal agencies. The massive migration to telework, the technical demands placed on agency networks, the accelerated adoption of cloud services, and the necessary shift in cybersecurity priorities all contributed to that increased complexity. So what does that mean for federal agencies? What are their plans to deal with it? And what happens post-pandemic?

Axonius partnered with Enterprise Strategy Group (ESG) to survey more than 500 IT professionals to get a clear picture of what this increased complexity looks like, identify emerging trends, and predict how priorities will change in the future. The vast majority – 72% – reported increasing complexity, surprising nobody. So Axonius asked why.

“The number one reason was the increased number of remote workers,” said Nathan Burke, chief marketing officer at Axonius. “Last year, we asked the same question. Only 27% reported the move to remote work as a driver of increased complexity, versus 55% this year.”

Not far behind that, 51% of respondents said privacy and security regulations also added to IT complexity. And that goes hand-in-hand with the increase in remote work, which fueled adoption of cloud productivity and collaboration services that come with their own specific security and privacy regulations.

These specific drivers of IT complexity aren’t expected to end any time soon, as most people are preparing for a slow return to the office. While the majority of workers will return on-site, it’s expected there will be more teleworkers than there were pre-pandemic.

“Across all industries, an additional 35% of the workforce went remote. And of that 35%, about half (17%) are expected to stay remote,” Burke said. “The reality is that people have discovered — in some cases — that they like working from home. They’re more productive at home. And, I think federal IT and security teams need to be ready to support flexible work environments that support a hybrid, remote and in-office workforce for a while.”

And most IT departments aren’t fully ready for the in-office component of that hybrid dynamic. While 36% of IT departments said they’re ready for people to return to the office en masse, 63% said there’s still more work to do, with 7% admitting they are not very prepared. There are a number of considerations to ensuring that readiness, from making sure everyone has the equipment they need and multifactor authentication enabled to preparing to address vulnerabilities after everyone hits the network at once.

That hybrid workforce dynamic also means cloud infrastructure is going to continue to be a priority for most agencies. The pandemic accelerated cloud adoption, according to 87% of respondents, and 53% of all infrastructure is now in the cloud.

“My favorite example is when you talk to people about moving to the cloud, you think about going to Amazon or Google or whoever,” Burke said. “You don’t think about when you’re running PowerPoint and click autosave, it’s saving to Azure.  Almost everyone is in a multi cloud environment — even if that’s just running Teams or Zoom — whether they know it or not.”

That means data is spread across multiple infrastructures, clouds, and tools, making both visibility and policy enforcement more difficult. Seventy-nine percent admitted there is a visibility gap between what they can easily see and what they would like to see about their cloud infrastructure. The survey also found that those reporting better visibility across multiple cloud instances saw a 70% reduction in security incidents.

This is where Axonius comes in. Axonius connects to all the different security tools where data resides, correlating it to provide a view that meets security needs. Federal IT and security teams already have access to most of the data they need,  it’s just fragmented and difficult to compile.

And that need for increased visibility isn’t limited only to data. More than 80% of respondents said they plan to increase investment in identity and access management, which is more important now due to the hybrid nature of the workforce. It’s necessary to help secure remote workers, but IT departments also need to see what’s in their on-premises environments, and understand the hardware, software, and configuration of anything that’s attempting to access the network.

This is an area where federal agencies can benefit from applying automation. Creating an asset inventory is a time and resource intensive process. And the less time people spend in that process, the more they can spend improving vulnerability assessment and patching. It becomes an opportunity cost.

This is where the value is,” Burke said. “They didn’t get into cybersecurity to count machines. And they can take a job across the street tomorrow for $20,000 more, and federal agencies just can’t compete with that. So the only way that you can compete is give them interesting work. Do the fun stuff.”

Comments

Sign up for breaking news alerts