April 10, 2023
By Rodman Ramezanian - Global Cloud Threat Lead, Skyhigh Security
— Here’s What You Can Do About It
With massive global changes rocking the status quo of how organizations operate and secure data, it’s no wonder that 2022 saw some pretty huge changes across many key security metrics we track in our annual report: The Data Dilemma: Cloud Adoption and Risk Report.
Let’s begin by taking a big picture look at the trends driving these changes and the major paradigm shift that is currently underway.
Cloud adoption accelerates
Although the shift into cloud-based data and workflows has been ongoing for at least a decade, the pandemic undoubtably served as a catalyst that forced organizations to adopt hybrid and remote work environments faster than many were prepared for. This has had noticeable consequences on security. In the wake of these global changes, many organizations are on a steep learning curve to address the security issues that have arisen.
A new paradigm emerges
Security is fundamentally about protecting data. Now that data is everywhere, residing outside of the traditional corporate network, it’s become seemingly impossible to secure it using traditional means. This is evidenced by the fact that 90% of organizations in our report experienced one or more security breaches, 89% experienced security threats, and 80% experienced theft of data. On top of that, a whopping 75% of the organizations we surveyed experienced all three security issues combined in 2022.
What’s clear now is that the standard approach focusing on protecting data only at its source is being radically flipped. A new paradigm is emerging that focuses on protecting the data itself, rather than the perimeter where it is stored. The concept of a zero-trust architecture is an important part of this paradigm shift and addresses many of the problems that have arisen from this massive digital transformation.
Organizations face a myriad of security issues
The findings in our report indicate that the complexities and challenges of securing data in the cloud are many. The security issues reported on by organizations in our study include:
- Assumptions and miscommunications among team members about who is responsible for what data are common.
- An average of 51% of SaaS services in use are commissioned without oversight from IT, with a lack of visibility into the data affecting 46% of those SaaS services.
- There is a lack of adequate or consistent security controls for data, accompanied by management issues.
- A huge flood of sensitive data is being stored on the cloud, with 61% of sensitive data on average being stored in the public cloud, an increase from 48% in our last report.
- Shadow IT risks are a concern for 75% of organizations, yet 60% of them allow employees to download sensitive data to personal devices, presumably for productivity reasons.
- Piecing together unintegrated point solutions results in management complexity and security gaps.
- Security teams are stretched thin in a difficult hiring environment.
With so many different issues at play, it’s really no wonder that so many organizations are reporting breaches, threats, and theft of data. Cybercriminals are eager to take advantage of the proliferation of sensitive data being stored in the cloud.
More sensitive data is at stake
Overall, there’s been a 50% increase in the average number of public cloud services in use by organizations participating in the survey. The number went from 20 in 2019 to 30 in 2022. Nearly half of the respondents said they are storing competitive data, personal customer information, and/or internal documentation in these services. More than a third are storing personal staff information, proprietary intellectual property, and/or government identification information. And about a quarter of respondents are storing payment card information, network passwords, and/or healthcare records in these public cloud services.
Theft of this data could damage a company’s reputation, its ability to operate, and its financial position—especially if regulators fine the company for failing to secure the data. Compliance requirements are on the rise along with cyberthreats, so it’s more important than ever before for organizations to prioritize security.
To further reinforce this, by 2024, Gartner predicts that 75% of the global population will have its personal data covered under privacy regulations.
Organizations are increasing investments in cybersecurity
To combat these problems, organizations are turning to a variety of solutions, ranging from training employees in cybersecurity (52%) and creating disaster recovery/DLP plans (47%) to increasing investment in cyber insurance (47%). Forty-one percent said they plan to move towards a zero trust security model, and 39% plan to move toward a microservice approach.
In particular, 42% of organizations in our study are using cloud access security broker (CASB) solutions, 28% are using secure web gateways (SWG) solutions, and 23% are employing data loss prevention (DLP) and encryption measures once Shadow IT is discovered.
Over half of the organizations (56%) plan to increase investment in cybersecurity. While this is all well and good, it’s nevertheless indicative that current investments in cybersecurity are incapable of handling the complexities of keeping data secure in the cloud. The evidence from the survey supports that.
New challenges warrant new approaches and solutions.
As an alternative to the complexities and potential security gaps arising from point products, we recommend a secure service edge (SSE) solution that combines CASB, SWG, and DLP solutions with zero trust network access (ZTNA) and cloud-native application protection (CNAPP) into one integrated platform. By simplifying and integrating security into a single-vendor solution, security can be centrally managed from a single dashboard. An SSE solution addresses the majority of the security issues uncovered in our report, while maximizing the efficiency and productivity of security teams.
As evidenced in the survey, an average of two roles per organization are responsible for securing data in the cloud. These include CTOs (48%), CIOs (37%), IT Security Managers (35%), IT Network Managers (29%), IT Managers (28%), CISOs (22%), and IT Architects (6%). Having multiple people responsible for the same thing can make task ownership confusing and lead to dangerous assumptions. An SSE platform would greatly simplify the designation of roles and responsibilities among team members so that nothing is left to fall through the cracks and that the relevant security gaps are filled.
The job of securing data is more challenging than ever. But, with an SSE platform as the basis for a zero trust architecture, that job can be easier, and the benefits of the cloud—scalability, cost savings, and agility—can be enjoyed without sacrificing security.
Get all the details by downloading the The Data Dilemma: Cloud Adoption and Risk Report.
Skyhigh Security, Blog on The Data Dilemma Risk Report, Prepared by Mary Karlton, Envision Technology Marketing, March 22, 2023, V1
Back to Blogs