Public sector agencies are at significant risk for cybercrime, no matter their size or level of government. While U.S. federal government agencies are high-profile targets for bad actors, in 2020 44 percent of global ransomware attacks targeted municipalities, and experts have declared state and local governments to be under siege. 

In this environment, no agency is safe. In November 2022 alone, hackers targeted a wide range of government entities including: Bahraini government websites; the Danish State Railways network; Pakistani politicians, generals, diplomats, and military; the Vanuatu government’s digital services; the Guadeloupe government; and the U.S. Merit Systems Protection Board.


There are five key reasons why hackers often target government agencies:

  • Scale: There are 90,075 different local governments in the U.S. alone.
  • Data: Government agencies, at all levels, hold sensitive personal and financial information and data on the government itself.
  • Inadequate cybersecurity: Local government systems are not well-defended.
  • Financial constraints: Local governments often have small budgets and a limited ability to invest in state-of-the-art cybersecurity tools and staff.
  • Internet of Things (IoT): IoT use among government entities has improved access to services for constituents, facilitated digital partnerships, and enabled the creation of smart cities. Yet it also increased the attack surface across the IoT devices and introduced new risks and vulnerabilities.


Considerations for Securing Digital Government

As government agencies create new ways for constituents to engage, enhance operations, embrace the world of remote work, and adopt technologies to enable innovation and growth, they are often unintentionally increasing the ways that bad actors can access their systems and data. This puts government entities as well as citizens at risk.

Public sector entities must be security conscious, with governance, compliance, and data security top priorities. DevSecOps, a cultural approach to application security, can help by introducing security early in the development cycle and embedding security into the software development process. This enables rapid and secure modernization of applications, ultimately improving Salesforce governance.  


However there are challenges to consider in the implementation of secure DevSecOps. These challenges include:

  • Aligning with agency mission and executive strategy.
  • Recognizing stakeholder objectives and perspectives.
  • Establishing controls.
  • Operating in a governance model.
  • Planning for risk mitigation.


As the only Salesforce-native solution of its kind, the Flosum platform can help secure infrastructure, networks and data. Because of the native integration, Flosum doesn’t allow data to leave Salesforce or the government cloud, and thus inherits the tight security and controls of the Salesforce environment.

Using Salesforce with Flosum gives government entities flexible and secure tools to better manage their critical business processes and serve their constituents. 

As government entities work to implement and create responsive and secure applications, it is critical to build security into the CI/CD pipeline. This reduces complexity and removes some of the traditional development challenges, enables entities to manage their cybersecurity posture, and lets developers focus on what they do best — build useful software applications.

Learn more about how Flosum is the Salesforce-native application of choice for public sector agencies by watching the webinar Federal Success Through Salesforce DevSecOps.

signup for our blog


“Flosum is the best native release management tool that you will fall in love with. I have gained confidence in my role and has given me the ability to view release management from a whole different perspective.”

Faizan Ali

Faizan Ali
Salesforce Consultant at Turnitin