By Ravi Ithal, Founder and CTO of Normalyze
Apr. 5, 2023 8:25PM GMT+9 Updated Apr. 6, 2023 5:57PM GMT+9
Back when thieves physically stole cash and treasure from bank vaults, an infamous criminal was asked, “Why do you rob banks?” “Because that’s where the money is,” he replied.
The modern version of treasure is data—especially the sensitive data of customers, business operations, and intellectual property. These types of data are prime targets for cyber criminals because their theft can be easily converted to cash or Bitcoin. For this reason, data security professionals must ask themselves every day: “Is our data secure?” If your data is stored in or moved through the cloud, your company’s treasure is very likely to have security exposure.
◇ Sensitive data is moving into public clouds
A recent study by TechTarget’s Enterprise Strategy Group (ESG), which was co-sponsored by Normalyze, helps us understand the gravity of data exposure. The “Cloud Data Security Report” surveyed IT, cybersecurity, and DevOps professionals who are involved with hybrid cloud data security. The first major finding was that data is shifting to public clouds ahead of organizational readiness to secure it.
Triggering this migration is the digital transformation and remote work, which has accelerated the movement of more and more data into public cloud platforms, such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Some organizations have taken the plunge and gone “all cloud,” but a more typical scenario is a hybrid mixture of on-premises and cloud infrastructure. We are all familiar with this story. The real news is about the push of sensitive data into public cloud platforms.
The amount of sensitive data in public clouds is set to soar, and as this volume increases, so do the chances of loss or exposure. The study found that 16% of respondents have more than 40% of their organization’s data that is categorized as “sensitive” on public cloud services. Almost half of respondents (45%) anticipate hitting this point within 24 months.
◇ Cloud data stores hold sensitive data critical to the business
Business analytics and machine learning are fueling a massive spike in the amount of data created, used, and stored by modern organizations. For this reason, the “Cloud Data Security Report” looked closely at cloud data stores, such as data lakes, data warehouses, and data lakehouses. Cloud data stores are often the only practical and cost-efficient way to process and use the enormous volume and velocity of data, which may come into contact with users and resources in multiple clouds.
To no surprise, sensitive data is stored in these cloud repositories. What is surprising is the amount of data there: 86% of ESG survey respondents said that they store sensitive data in the cloud. One third (32%) said that this sensitive cloud-resident data is “critical to their business.”
◇ Securing data in public clouds needs more work
Concerns about the security of sensitive cloud-resident data are high, according to ESG’s study. Six out of ten respondents (59%) said that security controls are inadequate for more than 30% of their data stores that make use of IaaS and PaaS public cloud services. What’s worse is that sensitive data is being stored in more than one IaaS/PaaS platform, according to three out of four respondents (77%).
ESG’s study respondents mentioned three primary contributors to weak security controls. One third said that service misconfigurations were the culprit, 25-33% of respondents reported policy violations, and 31-33% said that they were affected by access control and credential issues.
The issue of “inadequate controls” presents a complex challenge. The main reason being that most organizations use multiple platforms, with each provider typically using its own proprietary security controls. Even the task of monitoring sensitive data can be difficult to centralize and automate due to non-integrated security controls for various public cloud services.
◇ Exploring a new approach to cloud data security
As the new form of wealth, vast amounts of data are worth more than gold to a modern enterprise. Priority number one should be protecting this data—especially sensitive data—stored in the cloud. It is well worth your data security stakeholders’ time to assess your organization’s data security posture. Start by exploring a systematic approach, such as Data Security Posture Management. An emerging class of consolidated platforms will help your team effectively control your data security posture and keep your sensitive cloud-resident data as safe as Fort Knox.
email@example.com Follow the author
About the author
Ravi Ithal is a co-founder of Normalyze and has an extensive background in enterprise and cloud security. Before Normalyze, Ravi was a co-founder and the chief architect of Netskope, a leading provider of cloud-native solutions that enable businesses to protect data and defend against threats in the cloud. Prior to Netskope, Ravi was one of the founding engineers of Palo Alto Networks (NASDAQ: PANW). Prior to his time at Palo Alto Networks, Ravi held engineering roles at Juniper (NASDAQ: JNPR) and Cisco (NASDAQ: CSCO).