SPECIAL RESEARCH REPORT
   systems, with only 35 percent calling it challenging. One thing is certain: IoT often requires new security
procedures. Seventy-three percent of respondents said they have or plan to have real-time monitoring of IoT assets and data,
and the same amount have or plan to have classification of IoT devices. An even 70 percent said they secure or plan to secure data transmission from IoT devices, while 68 percent said
they apply or plan to apply multifactor authentication to IoT controllers and devices.
Figure 6:Budgets impact IT security posture
The ability to secure networks and infrastructure, ultimately, comes down to affordability, and that is something
most government IT leaders say is a problem. Even as IT budgets increase, there is not enough to cover competing priorities and managers must make tough decisions about expenditures.
Conclusion
The survey shows both how far cybersecurity has come, but also how much IT managers have yet to do. With new technologies come cyber pros and cons that leaders must weigh from the outset. Governmentwide initiatives are helping IT shops beef up their security postures, and managers are responding.
Overall, survey respondents said they are familiar with federal efforts to improve the country’s security posture. Eighty-six percent said they are familiar with TIC, while 82 percent said they are familiar with the 2017 executive order. Only 3 percent and 4 percent, respectively, said they had not heard of either.
But support needs to come in other forms, too. Sixty-two percent of respondents said that budgets are not keeping pace with security demands. Upcoming fiscal year budget allocations in IT security improvements indicate the strongest investment in cloud security solutions, with 46 percent of respondents saying they plan to increase their budget allocation for them. Next is network security at 40 percent, mobile and endpoint security at 37 percent, IoT security at 34 percent, and identity and access management at 26 percent.
What’s more, respondents said they are more concerned about ongoing attack vectors at other agencies than they are about their own efforts. That could be a sign of complacency or genuine confidence. Either way, no agency is in a position to feel completely comfortable with its cybersecurity setup.
Moving forward, IT managers still have a lot to learn about cloud, mobility and IoT, and the vulnerabilities they can create. They also need to familiarize themselves with the defense tools and processes at their disposal so that they can make the best choices to maximize security not only at their agency, but governmentwide.
For more information on how to tackle cybersecurity challenges within your organization, visit www.carahsoft.com
 39%
Agree somewhat
Agree strongly
5%
62% Agree 23%
9%
Disagree somewhat Strongly disagree Neither agree nor disagree
  24%
 As they adopt IoT, agencies are putting classification, monitoring and control of the proliferation of IT devices first. Twenty-three percent of respondents said they’re investigating or considering classification methods, while 15 percent said they are studying real-time monitoring of IoT assets and data.
   Figures Source: GCN Government IT Cybersecurity Research Study