The fast pace of cloud transformation and democratization of data have created an innovation attack surface, leading to three in four organizations experiencing a cloud data breach in 2022 and the overwhelming majority (68 percent) of data security professionals naming shadow data as the No.1 concern of protecting cloud data.
The State of Public Cloud Data Security Report 2023, released by Laminar, reveals that concern regarding shadow data has increased to 93 percent compared to 82 percent the year before. This finding indicates a need for security teams to evolve processes and technologies to discover, classify, protect and remediate sensitive cloud data stores, wherever they are located.
Organizations accelerated the pace of transformation during the pandemic. Now they’re staying the course to maintain market competitiveness. In addition, organizations democratized data – making it easier for approved users to access cloud data and create analytics for decision-making or operational processes. This trend has introduced new gaps into organizational systems and processes and created the “innovation attack surface” — a threat vector that most organizations have accepted as a cost of doing business.
The innovation attack surface is the continuous, unintentional risk cloud data users, such as data scientists and developers, take when using data to drive innovation. Unlike other attack surfaces determined by external forces such as ransomware, malware or malicious internal actors, the innovation attack surface has resulted from the massive, decentralized unintentional risk created by an organization’s data innovators.
Other trends that have allowed the innovation attack to surface include organizations’ increasing adoption of varied cloud data storage technologies; the proliferation of data (including shadow data) across hybrid, multi-cloud infrastructures; the death of the traditional network perimeter; faster software releases; and the changing role of security. Security teams are charged with protecting data without hindering innovation but may lack the bandwidth to keep up with cloud service technologies that would improve their ability to execute.
While security teams are confident they have complete visibility into new public cloud data repositories, 93 percent are concerned about shadow data, up 11 percent from the year before, and 68 percent of respondents say it is the greatest challenge in protecting cloud data.
Shadow, or unknown, unmanaged data is growing as users can proliferate data in just a few clicks. Shadow data can occur when copied data lives on in test environments, data gets misplaced in storage buckets, legacy data isn’t deleted after a cloud migration, data logs become toxic and orphaned backups are left stale.
Laminar Labs has validated this concern with its research that 21 percent of publicly facing cloud storage buckets have personally identifiable information (PII) exposed and how using versioning in cloud environments can cause shadow data.
The good news is that organizations’ commitment to evolving their security programs is growing. Nearly all (92 percent) respondents say the uptick in cloud breaches has increased executive and board-level buy-in for best-of-breed security platforms, up from 50 percent a year earlier. In addition, 66 percent of organizations have increased security budgets by 41 percent or more in the past year.
As a result, 97 percent of security professional respondents report their organization has a dedicated data security team, up from 58 percent in 2022.
Laminar surveyed more than 500 data security professionals in February 2023. To read the full report, visit: https://laminarsecurity.com/forms/state-of-cloud-data-security-report-2023/
