2012 ncircle federal security and compliance trends survey
DESCRIPTION
DGI ConferenceTRANSCRIPT
© 2012 nCircle. All rights reserved.
2012 nCircle Federal Security and Compliance Trends Survey
Preliminary Results
DGI Cyber Conference – May 31, 2012
Keren Cummins, Director of Federal Markets, nCircle
2 © 2012 nCircle. All rights reserved. nCircle Company Confidential
What part of the US Government do you work
for?
Civilian; 80.0%
Mili-tary; 14.3%
Intelligence; 5.7%
Respondent Profile To Date
Employee; 47.1%
Con-trac-tor; 52.9%
Are you an employee or a contractor?
3 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Respondent Profile (Cont.)How many employees in your
organization?
249-999
1,000-1,999
2,000-4,999
5,999-9,999
10,000 or greater
28.6%
11.4%
17.1%
14.3%
28.6%
Senior Management (CIO, CISO, Security operations manage-
ment)
IT Operations
Security
Risk or Audit
Other
18.6%
14.3%
52.9%
7.1%
7.1%
What is your role within your organization?
4 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Top Concern
What is your biggest security concern for 2012?
Cloud computing
Securing virtualized infrastructure
VOIP vulnerabilities (Vishing)
Social media
Mobile devices / BYOD
Advanced persistent threat
Web application vulnerabilities
Meeting security compliance requirements
15.2%
9.1%
1.5%
1.5%
19.7%
12.1%
9.1%
31.8%
5 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Cloud Implementation Trends
What percentage of your organization's infrastructure
is currently outsourced to cloud vendors?
What category of data is your organization migrating
to the cloud?
One third or less
More than one third
Greater than two thirds
93.9%
4.5% 1.5%
Low impact Moderate impact
Both
68.2%
10.6%
21.2%
6 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Cloud Implementation Trends
Have FedRAMP’s baseline security controls advanced your agency’s migration to the cloud?
Yes
No
Undetermined
11.3%
38.7%
50.0%
7 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Mobile Security Trends
Does your organization have a mobile device security policy?
Does your organization enforce your mobile device security policy?
Yes
No
80.0%
20.0%
Yes
No
88.0%
12.0%
In your opinion, which mobile devices carry the greatest security risks? (select all that apply)
Android devices
Apple iOs devices (i-
Phone, iPad)
RIM devices (Blackberry)
Nokia OS devices
Windows Phone
Other
85.7%
65.1%
31.7% 27.0%38.1%
1.6%
8 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Mobile Security Trends
As government expands its use of mobile devices, do you have a strategy for monitoring them?
Yes
No
37.1%
62.9%
10 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Oversight & Legislation Trends
Will the current proposed cyber security legislation improve cyber security in the private sector?
Yes
No
28.6%
71.4%
11 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Oversight & Legislation Trends
Has the practice of monthly reporting into CyberScope reduced your agency’s FISMA compliance burden?
Yes
No
14.5%
85.5%
12 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Oversight & Legislation Trends
Has participation in CyberStat review session(s) improved your agency’s overall security performance?
4.8% 6.5%
32.3%
56.5%
13 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Continuous Monitoring Trends
Of these, which is your agency’s greatest challenge in implementing a continuous monitoring program?
Budget / funding
Insufficient technology for the task
Business processes
Bureaucratic barriers
53%
14%
21%
11%
14 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Continuous Monitoring Trends
Have you seen measurable reductions in your agency’s risk based on continuous monitoring efforts to date?
Yes
No
I don't know
25.8%
50.0%
24.2%
http://connect.ncircle.com/
15 © 2012 nCircle. All rights reserved. nCircle Company Confidential
Current Threat Landscape
Select the most significant security threat category your
organization faces:
Do you feel that the risk of advanced persistent threats is
greater for the public sector than the private sector?
Cyber crime
Hacktivists
Nation state attacks
45.5%
13.6%
40.9%
Yes
No
61.3 %
38.7%