DSPM Cited as a “Most Effective” Tool for Protecting Cloud-Resident Sensitive Data
As data assets migrate to cloud stores, data security and compliance leaders are trying to navigate the use of disparate controls, which have led to inconsistent visibility and control of sensitive data in the cloud. The result can put these data at risk of compromise and loss.
To better understand the challenges of securing sensitive data in the cloud, TechTarget’s Enterprise Strategy Group just published a new study called Cloud Data Security. The study surveyed 387 IT, cybersecurity, and DevOps professionals who evaluate, purchase, test, deploy, and operate hybrid cloud data security technology products and services at organizations in North America. It sought answers to four related issues:
- Examine the impact of the public cloud on data security priorities.
- Gain insight into top data security challenges and rate data loss from the cloud.
- Determine the degree of separate versus unified approaches for cloud and on-premises data sets.
- Establish data security spending intentions and priorities.
As a co-sponsor, Normalyze is pleased to provide a summary of the study’s six key findings. Download the Cloud Data Security survey results.
1 – Data is shifting to public clouds ahead of organizational readiness to secure it.
Cloud is a bedrock technology for modern organizations. The material question for data security and compliance leaders is, “Do we have sensitive data in the cloud and are they secure from loss or attacks?” The survey documented an ever-rising swell of business data into the public cloud, which may include Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or (for most organizations) all the above. These clouds host sensitive data which, if lost or stolen, could trigger severe business repercussions. Most respondents (86%) said they have sensitive data stored in a data lake, data warehouse, or data lakehouse – usually on more than one cloud platform. Surprisingly, many respondents also believe sensitive cloud data is insufficiently secured, so true risk exposure is enormous.
2 – Data loss from the cloud is common due to a multitude of causes
A drumbeat of vulnerable data security controls in the cloud is finally getting attention by stakeholders. The survey reported three areas of vulnerability that can trigger cloud data losses, starting with misconfigurations in SaaS, IaaS, and PaaS services. Secondly, policy violations may expose data due to data misclassification, unsanctioned apps/services, or poor implementation of policies. Finally, access controls may also falter. These risks are causing organizations to repeatedly lose cloud-resident sensitive data. The study found 84% of respondents who know or suspect cloud data loss occurred said they’ve suffered
multiple data loss events in the past 12 months.
3 – Organizations face numerous data security challenges driven by scale, complexity, and visibility
Discovery and classification of sensitive data in the cloud is a primary stakeholder responsibility. Most respondents felt completely or mostly confident at discovery and classification, but ironically expressed skepticism at the ability of controls for accomplishing these tasks. Distrust of sampling technology was manifested by the response of 70% who want their data security controls to scan 100% of every file, object, database, or other cloud data store. Just to be sure!
4 – Organizations are applying cloud data security technologies, with a desire for integrated data security platforms
There is no shortage of tools for securing cloud data. The survey documented use of data loss prevention (DLP) in a cloud native application protection (CNAP) solution, data detection and response (DDR), cloud security posture management (CSPM), and data security posture management (DSPM), and adaptive and multi-factor authentication. To minimize complexity and hopefully gain better results, two-thirds said they prefer to consume data security tools as a comprehensive integrated data security platform.
5 – Data security is a team sport, with security and IT ops taking the lead
Whilst “team sport” implies coordination, some organizations may feel achieving cloud data security is akin to herding cats! Consider the associated teams documented in the study: cloud security architects, data center infrastructure/operations, security, DevOps, networking, regulatory compliance, application development, line-of-business/application owners, and of course, the lawyers. To achieve more efficiency, respondents said consolidation efforts are in play, especially by cloud security architects (CSAs). The CSA has become a strategic role – 79% of organizations say their CSA does or will report to a C-level executive.
6 – Organizations are investing in data security, with a third substantially increasing data security’s share of cybersecurity budget
Despite today’s challenging economic climate, the survey reported virtually no decrease is planned in the data security budget. One-third (34%) of respondents said they expect a substantial increase in budget for data security technologies and services over the next 12-24 months.
I hope these snippets of insight will trigger your interest in reading the entire ESG report. Download your copy of the Cloud Data Security report now. Meanwhile, we’ll continue blogging about this study in weeks to come.