How the federal government can tackle its on-prem sensitive data dilemma

In April, cybersecurity experts and Microsoft issued urgent warnings following a surge in attacks targeting critical vulnerabilities in on-premises Microsoft Exchange and SharePoint servers, both widely used by the federal government. According to recent reports, threat actors have been actively exploiting these vulnerabilities, using sophisticated techniques such as NT LAN Manager (NTLM) relay attacks, web shell deployments and server-side request forgery (SSRF).

Experts are also warning that unchecked data retention is creating significant risks for government agencies, even as federal digital transformation initiatives continue to accelerate. Consequently, storing sensitive data on on-premises systems leaves it especially vulnerable to cyberattacks, as these systems often lack the advanced security and continuous monitoring found in cloud-based solutions. 

Moreover, with data serving as the primary fuel for artificial intelligence, the inadvertent exposure of sensitive information through AI-powered tools is becoming increasingly common.

The federal government’s sensitive data dilemma

For decades, federal agencies have been accumulating on-prem sensitive data, also known as “data hoarding.” Much of this data is now forgotten, scattered across aging systems, and rarely accessed. This once-prudent stewardship now presents a pressing issue: sprawling on-prem sensitive data environments that obscure what is truly valuable, leading to operational inefficiency, wasted resources, and, most dangerously, creating blind spots that adversaries can exploit, posing a significant security risk. 

Embracing automated discovery tactics to uncover hidden on-prem threats

Federal agencies must avoid incomplete scans and partial inventories, as they leave agencies vulnerable to the very threats they seek to prevent. Today’s data discovery and classification tactics, when implemented correctly, automate the identification and protection of on-prem sensitive information, providing the evidence and visibility needed to enforce governance and close compliance gaps. The right tactics offer automated discovery with minimal operational impact, ensuring that no on-prem sensitive data remains hidden, providing a sense of reassurance and confidence.

Developing the federal government’s blueprint for securing on-prem sensitive data

Domestic and foreign threat actors have been targeting identities and data, exploiting any weakness in visibility or governance. But there is a way forward for the federal government.

By embracing a culture of cyber resilience and the principles of zero trust architecture, agencies can move from reactive firefighting to proactive cyber defense of on-prem sensitive data, including:

• Conducting regular, comprehensive sensitive data discovery and classification. Regularly discovering and classifying sensitive data ensures federal agencies know exactly what information they possess and where it resides. Conducting sensitive data discovery analysis on backup data is an effective first step for agencies, as it allows them to identify and protect critical information without disrupting your production environment. This foundational approach also helps ensure compliance with evolving regulatory requirements by enabling more targeted data protection.
• Eliminating unnecessary data reduces risk and cost. By removing redundant or obsolete data, federal agencies can minimize the potential impact of breaches and lower storage expenses. Streamlining data holdings also simplifies management and reduces the attack surface for cybercriminals.
• Enforcing zero trust principles and robust data governance. Adopting zero trust principles means verifying every access request and strictly controlling permissions, regardless of user location or device. Robust data governance ensures policies are consistently applied, leaving no room for exceptions that could create vulnerabilities.
• Integrating data security measures that deliver complete, non-disruptive visibility into the agency’s data landscape. Effective data security tactics provide federal agencies with real-time insights into data usage and movement without hindering operations. This visibility is crucial for detecting anomalies, preventing data leaks and maintaining operational efficiency. Understanding who currently has—or previously had—access to sensitive data is also essential. This insight helps agencies develop effective policies and governance, ensuring that only authorized individuals can access specific systems and data.
• Creating plans for responding to incidents. Incident response strategies grounded in accurate data inventories allow for swift, targeted action when threats arise. Relying on up-to-date information significantly reduces uncertainty and improves the effectiveness of data backup and recovery efforts.
• Preparing for insider and supply chain threats. Federal agencies should operate under the assumption that breaches are inevitable, especially from insiders or supply chain partners. Regularly rehearsing recovery plans ensures federal security teams are ready to respond quickly and minimize damage when incidents occur.