Government services, agencies, and branches face severe security and compliance risks, which continue to increase year over year.
- Accenture’s State of Cybersecurity Resilience reports a 31% increase in security attacks from 2020 to 2021 alone.
- According to the 2021 World Economic Forum report on global risks, cybersecurity measures deployed by organizations, even in the government, are being overwhelmed by the increasing sophistication of cyberattacks.
Recent technological developments such as automated systems, online communication and collaboration tools, and the cloud have enabled faster, more efficient, and more flexible operations for government agencies, cloud vendors, consultancy firms, and managed service providers. Government agencies have adopted (and continue to adopt) various data hosting, sharing, and storage platforms such as Microsoft 365, Google Workspace, Hosted Exchange, and IMAP-POP.
However, government bodies hosting federal data need effective and secure backup and archiving processes for several reasons. One is to avoid government data loss, which would negatively impact government services financially (through increased costs with remediation and recovery) and reputationally (through outages that result in diminished confidence and loss of trust). Cybercriminals continue to exploit government system vulnerabilities, primarily through third-party providers and contractors.
Another reason is that government agencies face regulatory and compliance requirements. According to Federal Acquisition Regulations, data retention requirements should be set at three to six years for government agencies. For contractors, it’s three years after the final payment of the contract. Of course, this is a case-to-case basis, and some documents require a more extended retention period. Failure to meet compliance requirements means regulatory fines and sanctions.
Let’s delve deeper into how government services benefit from backup and archiving and how they can implement these tools most effectively.
The Current State of Government Services
According to Verizon’s annual Data Breach Investigations Report, system intrusions have become an increasingly significant problem for government agencies and public administrations. In terms of motive, here are the key drivers for government data breaches:
- Financial: 80%
- Espionage: 18%
- All other motivations <1%
Both financial and espionage motives have been a consistent challenge for government institutions. In 2018, espionage was the top motive for 66% of data breaches. However, as tactics developed, so did the reasoning behind them. “Financial” became the leading motive for almost 100% of data breaches in 2020, which was likely due to the economic crisis that gripped the world that year as a result of the pandemic. The most common types of data compromised are personal information and credentials.
One of the most notable data breaches in recent years was the SolarWinds data breach in 2020. A threat actor group backed by the Russian government infiltrated the government platform provider’s systems and affected 300,000 of their customers, which included US federal institutions and agencies across the country.
As a result, many organizations and government service providers have been forced to rethink the security of their supply chain. According to a report from IronNet:
“Nine in 10 companies (91%) have re-evaluated the cybersecurity of their supply chain following the SolarWinds attack. IT security professionals think that better detection technology (44%) and better infrastructure for information sharing (41%) would have helped companies in the context of the SolarWinds attack.”
Compliance for Government Services and Institutions
Another primary reason government data needs protection is to ensure compliance and protect agencies from potentially costly liability.
US government agencies (as well as many of those who serve them) are required to retain electronic communications records for two reasons: (1) to satisfy their obligations as employers and potential litigants just like non-government organizations, and (2) to comply with regulations and laws that exist at all levels of state, local and national government.
Non-US government agencies and service providers have similar legal requirements to safeguard and make accessible electronic records within platforms like Microsoft 365, Google Workspace, and more.
Some regulations that US federal government agencies adhere to are:
- The Freedom of Information Act – The Freedom of Information Act is a federal law requiring “the full or partial disclosure of previously unreleased information and documents controlled by the United States government upon request.”
- Federal Rules of Civil Procedure (FRCP) – This regulation governs court procedures for civil cases in US Federal District Courts. Its counterpart, the Federal Rules of Criminal Procedure, is for criminal cases. For example, Rule 26 of FRCP requires witnesses called for expert testimony to submit a report that includes:
- The witness’s qualifications, including a list of all publications authored in the previous 10 years; and
- A list of all other cases in which, during the previous 4 years, the witness testified as an expert at trial or by deposition.
- Federal Information Security Management Act (FISMA) – FISMA requires each federal agency to “develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other sources.”
Dropsuite Keeps Government Data Safe
Backup and archiving should be seen as a critical tool in the defense of government services. Without backup and archiving, they expose themselves to data loss and non-compliance penalties.
By contrast, with an effective backup and archiving system in place, government agencies protect themselves from having to pay the ransoms that accompany ransomware attacks. Recovery time and costs against malware attacks are reduced greatly, and compliance is maintained.
Dropsuite specializes in helping government service providers keep critical data safe, secure, and protected. Our custom cloud-based solution efficiently backs up, stores, preserves, and, if necessary, quickly restores data at a moment’s notice. These capabilities extend across a range of ecosystems, including, but not limited to, Microsoft 365, Google Workspace, IMAP-POP, and Hosted Exchange.
Dropsuite’s easy-to-use, secure, and scalable backup and recovery tools not only provide compliance but also enable continuity. Government institutions can set federal data retention rates for as long as necessary to maintain compliance – for example, the seven years of data retention required by the Sarbanes-Oxley Act. Agencies can also address the discovery processes through legal or time-based holds on any platform where pertinent government data is stored.
Case in point: In a public records request, citizens and advocacy groups have the right to request public information. These obligations are not always easy to fulfill and can significantly strain government services and entities. Having a backup and archiving service in place would help with compliance and reduce strain on the IT teams tasked with ensuring system and data availability. IT teams can quickly pull up archived data through Dropsuite’s search capabilities and provide the requested information in a timely fashion.
Government agencies and contractors can easily set up an automated backup and archiving system, even with a minimal IT budget. Dropsuite provides industry-leading backup and recovery solutions for a very low cost-per-seat license, coupled with military-grade encryption that ensures data security both in transit and at rest.
Talk to our experts here to learn more about how Dropsuite secures data for government services.