Federal

Network Security
Survey Report
April 20, 2015

2015 Market Connec1ons, Inc.

EXECUTIVE SUMMARY

About the Study

As networks become increasingly complexand more data moves across the
networkvulnerability to security breaches can increase. Despite the volume of
unencrypted inter- and intra-agency data traversing most enterprises, many federal
agencies are not implemenCng procedures to protect the network because it is
expensive and degrades performance. The right tools can help agencies overcome
these network security obstacles, and provide end-to-end protecCon of data within
the data center and in transitwithout adding complexity to the network.

Government market research rm Market ConnecCons, Inc. conducted this study to

learn to what extent agencies feel their data is protected in transit, the challenges
they face in addressing data protecCon proacCvely and any gaps between prioriCes
and acCons.

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

EXECUTIVE SUMMARY

Key Research Findings

PrevenCon is the highest priority within an agencys cybersecurity strategy.
Only 26% of agencies feel their data on the network is fully protected.
o
o

The ability to protect data on the network diminishes the further the data travels.
Budget constraints, limited resources, complexity and impact on the network performance
are top challenges for agencies when protecXng the data on the network.

EncrypCng the data on the network is important to 95% of respondents.

Seventy-six percent of agencies encrypt their data. A majority (62%) focus on SSL.
o

In most cases, agencies are are focused on SSL encrypXon to secure web-based
applicaXons. Yet there are many other applicaXons that need to be encrypted in transit.
What encrypXon is used in those cases?

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

EXECUTIVE SUMMARY

Key Research Findings (conCnued)

Those who are not encrypCng their data are not doing so because of budget
constraints and the impact on network performance.
Eighty-seven percent believe it is important to base their network protecCon
strategy on the Suite B encrypCon algorithm.

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

SECURITY, CHALLENGES AND PRIORITIES

Cybersecurity PrioriCes
Agencies cybersecurity prioriXes for 2015 include a widespread focus on prevenXon (72%),
although idenXcaXon (47%) and remediaXon (48%) are also high prioriXes.
High priority in 2015

Moderate priority in 2015

Not a priority in 2015

0%

47%

48%

48%

46%

4%

5%

6%

PrevenXon

IdenXcaXon

RemediaXon

25%

72%
50%

75%

24%
100%

N=200

What are your agencys cybersecurity priori1es for 2015 with regard to preven1on, iden1ca1on, and remedia1on?
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

SECURITY, CHALLENGES AND PRIORITIES

Cybersecurity Budget
In most instances, agencies cybersecurity budgets are esXmated to remain unchanged from the
previous scal year. In line with its relaXvely higher priority, 24% of respondents anXcipate budgets
for prevenXon to rise in FY 2015.
Increase in FY 2015
0%

About the same in FY 2015 as previous scal year

Decrease in FY 2015

16%

14%

76%

80%

6%

8%

6%

PrevenXon

IdenXcaXon

RemediaXon

24%
25%

50%

71%
75%

100%

N=200

To the best of your knowledge, in each of the following areas did your agencys cyber security budget increase, decrease, or stay about the same as the previous scal
year?
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

SECURITY, CHALLENGES AND PRIORITIES

Cyber and Network Security

Only one-quarter of agencies feel their data on the network is fully protected. Similarly, just
23% rate their agency as fully cyber-secure.
1-Not at all protected

Network-level
4%
security

22%

Agency-level cyber
5%
security

0%

20%

5-Fully protected

48%

24%

10%

26%

48%

30%

40%

50%

23%

60%

70%

80%

90%

100%

N=200
In your opinion, how would you best rate your agencys overall cyber security protec1on, and your agencys level of network security?
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

PROTECTION PROTOCOLS

Agency StandardizaCon
Historically, agencies have used rewalls, encrypXon appliances and routers with encrypXon
modules. Some of these tools can impact performance and do not suciently protect data on the
network.
Agency StandardizaCon
Firewalls

85%

67%

EncrypXon appliance
Router with
encrypXon module
Other
N=151

0%

58%

1%
25%

50%

75%

100%

Note: MulXple responses allowed

For the trac on your network today, what has your agency standardized on to perform encryp1on/decryp1on? (select all that apply)

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

SECURITY, CHALLENGES AND PRIORITIES

Top Challenges ProtecCng Data

Budget constraints, limited resources, complexity and impact on network performance are top
challenges for agencies when protecXng the data on the network.

Budget constraints

75%

Lack of internal resources to

implement/maintain

56%
48%

Complex to implement/maintain

46%

Impact on network performance

IncompaXble hardware and
sojware

36%

Lack of bandwidth/capacity
Other
N=200

Note: MulXple responses allowed

0%

32%
8%
10%

20%

30%

Lack of internal resources

to implement/maintain

40%

What are the top challenges you face with regard to protec1ng your data on the network? (select top 3)

50%

60%

70%

FedCiv

Defense

52%

68%

80%

= staXsXcally signicant dierence

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

SECURITY, CHALLENGES AND PRIORITIES

10

Network ConnecCon Speed

Typical connecXon speeds between data centers or remote oces vary widely. Sixty-seven
percent run at 10Gbps or faster. At these speeds, the encrypXon method can become more of a
hindrance than a help.
100Gbps

16%

40Gbps

20%

10Gbps

31%

1Gbps

16%

100Mbps

12%

Other
N=200

4%
0%

5%

10%

15%

20%

25%

30%

35%

What is your agencys typical network connec1on speed between data centers or remote oces?
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

SECURITY, CHALLENGES AND PRIORITIES

11

Ability to Protect Data in Transit/

Over the Network
The ability to protect data on the network diminishes the further the data travels.

0%

25%

58%

49%

33%

50%

75%

100%

N=198

36%

45%

61%

6%

6%

7%

Within data center

Internally (between or within

buildings on the same campus)

Agency to agency

How would you rate your agencys ability to protect the following aspects of data in transit/ over the network?
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

PROTECTION PROTOCOLS

12

Data EncrypCon Importance

EncrypXon of data on the network is considered important by 95% of respondents.

Very important

64%

31%

Somewhat important

Neither important nor

unimportant

95%
IMPORTANT

4%

Somewhat/
0%
very unimportant
0%
N=200

10%

20%

30%

40%

50%

60%

70%

How important is encryp1on of data on the network, rela1ve to the overall security of your agencys data?
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

PROTECTION PROTOCOLS

13

ProtecCng Data
Although agencies may think they are protecXng their data at sucient levels, a majority are
focused on SSL encrypXon to secure web-based applicaXons. This does not address other inight
trac types that require a minimum of 128 bit soluXons for Secret and 256 bit encrypXon
soluXons for Top Secret inight data sets.
Protocols to Protect Data
User credenXals (for
applicaXon security only)

80%

EncrypXon

N=198

Secure Socket Layer

(SSL)
64 bit

76%

62%
9%
20%

128 bit

Access Control List (ACL)

(permissions anached to
an object)
Unsure

Level of EncrypCon

49%
32%

256 bit
5%

Unsure

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

N=151

0%

9%
20%

40%

60%

80%

Note: MulXple responses allowed

What protocols do you require to protect your networks data when in transit? (select all that apply)

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

PROTECTION PROTOCOLS

14

Reasons for Not EncrypCng Data

Those who are not encrypXng their data are not because of budget constraints and the impact
on the network performance.

Budget constraints

45%

Impact on network performance

39%

IncompaXble hardware and sojware

32%

Lack of internal resources to implement/maintain

29%

Complex to implement/maintain

29%

Lack of bandwidth/capacity

18%

Other
N=38

3%

0%

10%

20%

30%

40%

50%

Note: MulXple responses allowed

For what reason(s) are you not encryp1ng the data on your network? (select all that apply)
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

PROTECTION PROTOCOLS

15

Importance of Suite B
Eighty-seven percent of respondents believe it is important to base their network protecXon
strategy on the Suite B encrypXon algorithm.
Strategy Based on Suite B Importance
56%

Very important
Somewhat
important

31%

Neither important
nor unimportant
Somewhat/
very unimportant
N= 151

0%

11%

2%
20%

40%

60%

Suite B is a set of

cryptographic algorithms
promulgated by the
NaXonal Security Agency
as part of its Cryptographic
ModernizaXon Program.
It is to serve as an
interoperable cryptographic
base for both unclassied
informaXon and most
classied informaXon.

Note: MulXple responses allowed

How important is it that your network data security strategy is based on Suite B (a government cer1ed solu1on) versus some other standard approach?
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

RECOMMENDATIONS

16

RecommendaCons
Despite the priority agencies place on security and prevenCon, the study results
show there is no place within the enterprise where data is fully protected to
prevent cyber-aaacks. It is criCcal to ensure your encrypCon strategy expands as
your enterprise grows to accommodate addiConal users and networking services.

Checklist for selecCng a data protecCon soluCon for your network
! Simple to implement and maintain
! Does not impact your network or increase network costs due to complexity and
management overhead
! Protects the dierent types of data on your network and is Suite B compliant if you have
Secret and Top Secret data
! Can handle your data connecXon speed today as well as into the future

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

BACKGROUND AND APPROACH

17

About the Survey

Market ConnecCons designed and
conducted a blind online survey among
200 federal government IT decision
makers and inuencers in February 2015.
Two hundred completed interviews yields a
+/-6.9% margin of error.
Sixty dierent agencies parXcipated in the
survey.

Throughout the report, notable

signicant dierences are reported.
StaXsXcal analyses were conducted for
agency type (federal civilian vs. defense).
Due to rounding, graphs may not add up
to 100%.

Sample Agencies Represented

(In AlphabeXcal Order)

Air Force

Department of State (DOS)

Army

Department of the Interior

(DOI)

Congress

Department of TransportaXon
(DOT)

Department of Agriculture
(USDA)

Department of Treasury
(TREAS)

Department of Commerce Department of Veteran Aairs

(DOC)
(VA)
Department of Defense (DOD)

Federal AviaXon
AdministraXon (FAA)

Department of Energy (DOE)

Judicial/Courts

Department of Homeland
Security (DHS)

NaXonal InsXtutes of Health

(NIH)

Department of Housing and

Urban Development (HUD)

Navy

Department of JusXce (DOJ)

US Postal Service (USPS)

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

RESPONDENT CLASSIFICATIONS

18

Job Role
A wide variety of agency roles are represented, the most common of which are Chief InformaXon
Ocer, Network Manager, Data Center Manager/Director and Security Administrator.
Chief InformaXon Ocer

13%

Network Manager

12%

Data Center Manager/Director

9%

Security Administrator

8%

Network Administrator

6%

Network Architect

4%

Chief Security Ocer

3%

Security Architect

2%

Other
N=200

What is your role at your agency?

ExecuCve Director
Project Manager
Program Manager
IT Director

42%
0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

RESPONDENT CLASSIFICATIONS

19

Decision Making Involvement

Nearly half of respondents menXon they evaluate or recommend network data protecXon
soluXons (46%), or are part of a team that does so (45%). Thirty-two percent also describe their
role as managing or implemenXng network data protecXon soluXons. And 18% make the nal
decision regarding network data soluXons.
Evaluate or recommend network data
protecXon soluXons

46%

On a team that makes decisions regarding

network data protecXon soluXons

45%

Manage or implement network data protecXon

soluXons

32%

Make the nal decision regarding network data

protecXon soluXons

18%

Other involvement in network data protecXon

N=200

8%
0%

10%

20%

30%

40%

50%

Note: MulXple responses allowed

How are you involved in decisions or recommenda1ons regarding your agencys network data protec1on? (select all that apply)
FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

RESEARCH TO INFORM YOUR BUSINESS DECISIONS

Contact InformaCon
Dave Glantz, Director of Research Services
DaveG@marketconnecXonsinc.com | 703.378.2025, ext. 104

Monica Mayk, MarkeCng Director
MonicaM@marketconnecXonsinc.com | 703.378.2025, ext. 107

Susan Rose, Thought Leadership Content Lead
SusanR@marketconnecXonsinc.com | 703-944-7685

FEDERAL NETWORK SECURITY SURVEY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025

20