Confidence Falls Short in Securing Sensitive Data

By Greg Tavarez, TMCnet Editor  |  November 02, 2022

Organizations today are naturally more reliant on cloud-based solutions. Digital transformation, remote and hybrid work, cost and operational efficiency all have driven companies to the cloud. So, when it comes to data security, companies use multiple cloud platforms to store, secure and track data in the cloud.

However, confidence is not where it needs to be when organizations talk about their ability to secure that data in the cloud. In fact, nearly six out of 10 organizations show signs of medium to low levels of confidence with only a little more than a third of organizations showing high levels of confidence, according to the BigID and Cloud Security Alliance’s findings in the “Understanding Cloud Data Security and Priorities in 2022” report.

The lack of confidence is more noticeable when organizations discuss sensitive data. Forty percent say that half, and often less, of their sensitive data in the cloud has sufficient security. Taking it a step further, an astounding  96 percent of organizations have insufficient security for some sensitive data.

With sensitive data being the main treasure that organizations want to keep secure, it is a bit of a shock to see a lack of urgency and confidence to maintain a high level of data security covering all company data.

“With the rapid growth of cloud, it is essential that organizations take steps to improve their cloud data security posture," said Dimitri Sirota, CEO and co-founder at BigID.

Not surprisingly, considering they can’t secure it, organizations also struggle with tracking data in the cloud. Over a quarter of organizations do not track regulated data, nearly a third do not track confidential or internal data, and almost half do not track unclassified data. When it comes to tracking data in SaaS (News - Alert) platforms, 93 percent of organizations reported difficulties with tracking. These struggles could be due to lack of visibility, the volume of data coming in or even a lack of proper tooling. Either way, it is a cause for concern

“Companies today aren’t taking full advantage of the data discovery and classification tools, leaving them in the dark as to what is actually being stored in the cloud and how to best protect it,” said Hillary Baron, senior technical director for research, CSA.

Maybe the cloud environments are too complex for organizations, complicating their universal data security. Or maybe organizations give third parties and suppliers too much access to organizations’ sensitive data – third parties are prime targets in cyberattacks. The reasoning varies from organization to organization.

But the reality is almost half of organizations experienced a data breach within the past 12 months, according to the study. As most know, data breaches hit hard financially and damage a brand’s reputation.

To remove the concern of a data breach in the next 12 months, organizations need to lock down third-party access to sensitive data as well as prioritize cross-platform support for their complex cloud environments.




Edited by Erik Linask