Survey: Federal IT Security Pros Struggle, As Cloud and Mobile Initiatives Gain Momentum

nCircle, the leader in information risk and security performance management solutions, today announced results of the nCircle 2012 Federal Information Security Initiatives Trend Study. The company surveyed over 100 respondents in the federal IT security community, including senior management, IT operations, security professionals, and risk and audit managers from government agencies and contractor organizations.

Highlights from the study include:

  • Meeting security compliance requirements is the top concern for federal respondents.
  • 95% of agency respondents indicate that one-third or less of their infrastructure has migrated to the cloud.
  • While the federal cloud initiative is moving slowly, there is a growing level of confidence in the technology and policies that can enable higher risk use of the cloud. Over 30% of respondents report they are migrating moderate impact data.
  • Only 13% of respondents acknowledge a role for Federal Risk and Authorization Management Program (FedRAMP) baseline security controls in advancing their migration to the cloud, and 53% have not determined a role for FEDRAMP.
  • 82% of respondents said they have a mobility/Bring Your Own Device (BYOD) security policy in place.
  • 91% of those with a mobile security policy in place enforce it, however, 62% do not have a strategy for monitoring the variety of mobile devices being introduced into the government space.

“In the current economic and political environment, IT initiatives perceived to cut agency costs, like cloud migration and BYOD, are moving forward rapidly and require increased focus from agency IT security personnel,” said Keren Cummins, nCircle’s director of federal markets. “These same professionals report a disconnect between the pace at which these initiatives are evolving and agencies’ ability to effectively secure them. Given the rapid changes in agency IT environments driven by the push to cut costs, it’s easy to understand why compliance is an increasing concern.”

The online and in-person study was conducted between April 19 and July 6, 2012. nCircle has conducted the annual study for three years and decided to add targeted questions focused on key federal information security initiatives that have significant impact on government risk management this year.

To see the complete study, please visit:

About nCircle
nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer’s premises, as a cloud-based service, or in combination, for maximum flexibility and value.