Agencies claim confidence in meeting Memorandum M-22-09 requirements despite continued challenges with security team staffing.
BOULDER, Colo. – August 15, 2023 – Swimlane today announced the release of its report “Security Automation: A Strategic Imperative for Federal Agencies” based on research conducted by Dimensional Research. The report reveals that federal agencies are prepared to meet the Zero Trust executive order requirements from the Biden Administration with just over a year until the deadline.
Dimensional Research surveyed 106 security professionals and executives at U.S. federal agencies. The research investigated the confidence level of these agencies in meeting the memorandum’s requirements and the tools leveraged to overcome challenges in adopting the key components of a Zero Trust architecture.
“As a country, we are confronted with a multitude of unprecedented cybersecurity challenges that have put cybersecurity front and center in the federal government,” said James Brear, CEO of Swimlane. “It’s more critical than ever that the public sector is empowered by the right solutions that will keep our country protected while staying on top of regulatory compliance. This research should serve as a starting point for conversations around how technology can enable security teams to respond swiftly to incidents to safeguard national interests and public trust.”
Security Automation is a Necessity. Are Federal Agencies Ready? 67% of government agencies are confident or very confident they are prepared to meet the Zero Trust requirements laid out by the U.S. government’s Memorandum M-22-09, which includes implementing Security Orchestration, Automation, and Response (SOAR) technology. When asked how agencies are arming themselves with the tools needed to meet all the criteria of implementing a Zero Trust architecture and solve the sophisticated security challenges, 64% of federal agencies said they are choosing low-code security automation.
Memorandum M-22-09 has shined a spotlight on its importance. According to the recently published Forrester Tech Tide™: Zero Trust Threat Detection And Response report, “SOAR tools help security teams orchestrate response processes and automate response actions. When properly managed, this can remove manual and repetitive work performed by security analysts for investigation and response. SOAR can also be used for metrics gathering and incident case management. Ultimately, SOAR acts as middleware to facilitate communication and action between security tools that would otherwise not be able to interact.”1
Grappling with Security Team Vacancies
Today’s security teams within the federal government are expected to investigate and remediate thousands of alerts daily while keeping up with evolving mandates. The report found:
- 83% of federal agencies report having security team positions currently open
- 64% of federal agencies report it takes longer to fill a security position now than it did two years ago.
- One-third (35%) of federal agencies believe they will never have a fully staffed security team with the proper skills.
Turning to Optimal Technology
Federal agencies are turning to low-code security automation to lighten the load of implementing the SOAR component of the executive order. 99% of agencies cited benefits to low-code automation platforms, including the ability to address all security automation requirements while relying less on coding skills. These advantages are key for smaller security teams that may not have the required skill set to implement a traditional SOAR solution.
On the other hand, more than nine-out-of-10 federal agencies are finding that no-code solutions do not support cloud or hybrid environments and lack important reporting and case management features. More importantly, federal agencies cited that no-code automation tools are only short-term solutions to long-term issues.
“Working in IT and security roles at the Department of Homeland Security (DHS) and the U.S. Defense Information Systems Agency (DISA), I have witnessed firsthand the hurdles security practitioners face in the public sector,” said Cody Cornell, co-founder and chief strategy officer of Swimlane. “Without the right security tools, there is simply no way for federal agencies to handle the volume of security alerts their teams are confronted with today. It’s encouraging to see that federal agencies understand what they’re up against and that talent alone won’t address evolving cybersecurity challenges.”
- To download the report, please visit https://swimlane.com/resources/reports/security-automation-federal-agencies/
- To learn more about Swimlane’s recently released Automation Readiness & Maturity of Orchestrated Resources (ARMOR) Assessment, please visit swimlane.com/armor
Security professionals and executives at U.S. federal agencies were invited to participate in a survey on their company’s security practices. The survey was administered electronically, and participants were offered a token compensation for their participation. A total of 106 qualified participants completed the survey. All participants had enterprise security responsibilities from security roles on the frontline to executives.
1 The Forrester Tech Tide™: Zero Trust Threat Detection And Response, Q3 2023, July 21, 2023
Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps reduce process and data fatigue, overcome chronic staffing shortages, and quantify business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders. For more information, visit swimlane.com.
About Dimensional Research
Dimensional Research provides practical market research for technology companies. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. Our researchers are experts in the applications, devices, and infrastructure used by modern businesses and their customers. For more information, visit www.dimensionalresearch.com.