State of Cloud Data Security Report Reveals Increase in Cloud Data Breaches: Shadow Data Concerns
Published 07/05/2023
Originally published by Laminar.
Written by Andy Smith, Chief Marketing Officer, Laminar.
Cloud transformation and data democratization provide a number of benefits to organizations, but these same technologies and trends are also introducing the greatest risks.
We are in the midst of cloud data’s Gilded Age. Organizations are eager to make data accessible in order to do more with analytics and better harness its overall value — but it’s not coming without consequence. This new era is characterized by an increasing adoption of cloud data storage technologies, the sheer proliferation of data, the death of the traditional perimeter, a faster rate of change for developers, and the changing role of security.
The convergence of all of these elements has created what Laminar has coined as the “innovation attack surface” — a new threat vector that most organizations unconsciously accept as the cost of doing business. The innovation attack surface is fueled by the continuous unintentional risk cloud data users, such as developers and data scientists, take when using data to drive innovation. Compared to traditional attack surfaces that are determined by external forces such as phishing attacks, malware, or malicious insider threats, the innovation attack surface is a result of the massive, decentralized, accidental risk created by the smartest people in the business.
To gain a deeper understanding of the innovation attack surface’s impact on organizations with public cloud infrastructure, Laminar released its second-annual State of Cloud Data Security Report. We heard from 500 data security and governance professionals on their perspective of the current state of public cloud data security and their concerns over unknown or “shadow” data.
Here’s what we learned:
Three Out of Four Respondents Experienced a Cloud Breach in 2022
In our survey, three out of four respondents acknowledged that their cloud environments were breached in the previous year, up from one in two in last year’s State of Public Cloud Data Security Report. Of those who experienced a breach, 79% were aware that data had leaked or been exfiltrated versus 58% from the year before.
These findings illustrate that organizations’ current strategy of just racing to the cloud without implementing next-generation data security controls isn’t working.
Shadow Data Concerns Are on the Rise
Despite the majority of respondents (86%), claiming to have increased visibility into public cloud data stores, up from 77% last year, 93% of security professionals are concerned about shadow data. It was also found to be the number one challenge for protecting data in the cloud named by sixty-eight percent of respondents.
The contradiction can be explained by the security execution gap — the divergence between agile cloud data activities that contribute to innovation and the static and manual data security activities intended to protect the business. In simpler terms, it just means that developers and data scientists are creating too quickly, and IT and security teams aren’t aware. Shadow data can proliferate in just a few clicks, whether from test environments, mis-placed data in storage buckets, legacy data that hasn’t been deleted after a cloud migration, etc. If not addressed or made known, it can remain floating in the ether for adversaries to take advantage of for weeks, months, or even years.
Organizations are Increasingly Allocating Resources Toward Fighting Breaches, Shadow Data
The bright side of the uptick in cloud breaches is that company executives are paying more attention. Ninety-two percent of respondents say that the increase in cloud breaches has increased executive and board-level buy-in for cloud-native security platforms, up from 50% a year earlier. More than half (66%) of organizations have increased security budgets by 41% or more in the past year.
Our findings indicate that part of the budget is going toward hiring data-centric security professionals. Ninety-seven percent of security professionals reported their organization has a dedicated data security team, up from 58% in 2022.
Security Professionals Are Seeking Cloud-Native Data Security Solutions, Data Security Posture Management (DSPM) Might Just Be the Answer
In our survey, 92% of respondents had heard about DSPM and identified 12 different capabilities they’d require from a DSPM tool.
- 71% wanted autonomous scanning
- 63% want to deploy a dynamic, performant platform
- 54% need asynchronous operations
- 53% would like the platform to provide an agentless architecture
Related Articles:
Defining Identities, Accounts, and the Challenge of Privilege Sprawl
Published: 12/02/2024
Cyber Essentials vs. Cyber Essentials Plus: Key Differences
Published: 11/26/2024
How the Alert Readiness Framework Supports Augmented Cybersecurity
Published: 11/25/2024