CSA Official Press Release
New Study from Cloud Security Alliance and BigID Finds That Organizations Are Struggling to Track, Secure Sensitive Data in the Cloud
Over 1,500 IT and security professionals reveal the state of cloud data security in 2022
SEATTLE – Oct. 20, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the findings from Understanding Cloud Data Security and Priorities in 2022. The survey, conducted in partnership with BigID, the leading data intelligence platform for privacy, security, and governance, sought to better understand the industry’s knowledge, attitudes, and opinions regarding data security in the cloud.
“Companies today are using multiple cloud platforms to store their data, but they aren’t taking full advantage of the data discovery and classification tools, leaving them in the dark as to what is actually being stored in the cloud and how to best protect it. Without proper visibility, organizations can’t adequately assess their risk posture, let alone protect their attack surface,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report.
Among the study’s key findings:
- Organizations are struggling with securing and tracking sensitive data in the cloud. Only 39 percent cite high levels of confidence in their ability to secure data in the cloud, with 40 percent indicating that 50 percent or less of their sensitive data in the cloud has sufficient security. Only four percent report sufficient security for 100 percent of their data in the cloud.
- Third parties and suppliers have similar access to sensitive data compared to employees, a concerning fact given the results of another recent CSA survey, which found that third parties, contractors, and suppliers are the most commonly targeted groups (58%) in cyber attacks.
- Dark data issues stem from staffing issues and interdepartmental conflict. The top three barriers for organizations capturing dark data are related to staffing issues: lack of skills/knowledge (50%), lack of interdepartmental cooperation (47%), and lack of staff resources (44%).
- The majority of security professionals believe their enterprise will experience a data breach in the next year. An organization's confidence in its ability to protect its data decreases dramatically once it has experienced a breach. In fact, 92 percent of those having previously experienced a data breach believe that they will experience another in the coming 12 months.
"Cloud data security is top of mind for organizations of all sizes, showing that many organizations are unprepared to deal with the unique challenges of securing data in the cloud. With the rapid growth of cloud, it is essential that organizations take steps to improve their cloud data security posture," said Dimitri Sirota, CEO and co-founder at BigID. “This research underscores the value of solutions like BigID to accelerate cloud data security with a risk-based, data-first approach that can scale as data continues to expand across the multi-cloud."
The survey, which was sponsored by BigID, was conducted online by CSA in July 2022 and received 1,663 responses from IT and security professionals from organizations of various sizes and locations. CSA research prides itself on vendor neutrality, agility, and integrity of results. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights to CSA research.
BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, and governance. Companies deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. By applying next-gen ML across the data landscape, BigID’s data security, privacy, and governance solutions enrich and extend the modern tech stack, making it easier than ever to discover dark data, reduce risk, accelerate cloud migrations, achieve compliance, and align with security frameworks by taking a data-first approach. Go big with the BigID Data Intelligence Platform or start small with SmallID: the first cloud-native, on-demand data-centric security solution designed to automatically discover, manage, and protect cloud data - across IaaS, PaaS, and SaaS.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.