Forcepoint and Ponemon Institute Survey Identifies U.S. Federal Agency Pain Points in Cloud Migration

Rachael Lyon
June 4, 2019, 8:57 am CDT

AUSTIN – June 4, 2019 – Global cybersecurity leader Forcepoint today announced the findings from a recent survey of cloud influencers and decision makers in the federal government. Conducted by the Ponemon Institute, the survey examines the current state of cloud management and identifies the successes and challenges U.S. government agencies are facing as they move critical business operations to secure cloud environments.

Key conclusions from the survey findings indicate agencies are growing more reliant on the cloud and cloud applications while simultaneously struggling to manage security and control over those applications. For example, though nearly half of respondents indicated they currently rely on a private cloud or on-premises infrastructure, in the future, most respondents (43%) expect to deploy a hybrid cloud environment, up from 31% today.

“Agencies understand that cloud applications are the path forward for increased efficiency, improved citizen experience, and better collaboration with mission partners, but this digital transformation requires that data flows both freely and securely regardless of where it resides,” said Eric Trexler, vice president, Global Government and Critical Infrastructure, Forcepoint. “If government is to meet its aggressive goals for cloud migration, public sector organizations must first adopt frictionless security solutions that allow agencies to work at the speed of cloud. Security teams must support agency cloud needs without forcing the business teams to enable less secure workarounds or allowing Shadow IT efforts that plague most agency networks today.”

Use of SaaS solutions is important to agency goals but difficult to quantify

While cloud adoption is growing, with 55% of survey respondents reporting they have “strongly embraced the cloud,” it is still largely being deployed in the familiar setting of on-premises data centers. Respondents report embracing Software-as-a-Service (SaaS) as part of their agency’s cloud strategy, with 82% of respondents reporting that adoption of SaaS is important to helping them meet agency goals.  

The need for SaaS solutions and current reliance on on-premises clouds is creating challenges around visibility and governance of cloud usage.

  • 42% of agencies report more than 250 SaaS applications running in their environment
  • Only 23% of respondents were “highly confident” in the number of SaaS applications reported. This lack of clarity as to what is actually running on the cloud is feeding security concerns.


Security concerns are inhibiting federal cloud adoption

Though agencies are working to adopt Cloud Smart principles that provide guidance on a risk-based approach to cloud adoption, security concerns continue to be the number one reason that cloud migration and management are so difficult.

  • 65% of agencies state that the inability to achieve a strong security posture in the cloud is their biggest concern when migrating to the cloud
  • 67% list security as the top factor inhibiting cloud adoption
  • As a result of these concerns, most respondents believe that they are at the midpoint of their cloud adoption strategy; on a scale of 1 (just started) to 10 (complete), respondents, on average, rate their cloud adoption at 5.8.


Shadow IT and the use of non-FedRAMP-approved cloud providers are pervasive within government

Respondents claim an average of 283 SaaS applications running in their agencies’ IT environments. If nearly half of those applications are not FedRAMP compliant, as respondents claim, then government IT managers will continue to be plagued by a growing list of security vulnerabilities and limited visibility into their agency’s IT environment.

  • 56% of respondents claim that the lack of visibility and control over cloud usage is a primary reason that cloud deployments are hard to manage
  • 69% of respondents reported that less than half of their applications are FedRAMP authorized
  • On average, respondents claim that only 43% of the cloud providers used within their agency are FedRAMP authorized


“It is nearly impossible to protect an agency’s high-value assets, if the agency doesn't have visibility into where its data is and who is accessing it,” continued Trexler. “This situation is further complicated by the exponential growth in data collected by government organizations. Agencies need an evolving threat strategy to keep pace with the volume of data, especially as that data moves into cloud environments that may not be FedRAMP compliant.”

The survey included input from 618 cloud influencers and decision makers across the federal government who are knowledgeable about their agencies’ cloud infrastructures and cloud security technologies. Among those surveyed were managers and executives, IT staff, technicians, and consultants.

Additional Resources

About Forcepoint

Forcepoint is the global human-centric cybersecurity company transforming the digital enterprise by continuously adapting security response to the dynamic risk posed by individual users and machines. The Forcepoint Human Point system delivers Risk-Adaptive Protection to continuously ensure trusted use of data and systems. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries.