The Cloud Security Alliance
(CSA), the world's leading organization dedicated to defining
standards, certifications and best practices to help ensure a secure
cloud computing environment, released the findings from Understanding Cloud Data Security and Priorities in 2022. The survey, conducted in partnership with BigID,
the leading data intelligence platform for privacy, security, and
governance, sought to better understand the industry's knowledge,
attitudes, and opinions regarding data security in the cloud.
"Companies today are using multiple cloud platforms to store their data,
but they aren't taking full advantage of the data discovery and
classification tools, leaving them in the dark as to what is actually
being stored in the cloud and how to best protect it. Without proper
visibility, organizations can't adequately assess their risk posture,
let alone protect their attack surface," said Hillary Baron, Senior
Technical Director for Research, Cloud Security Alliance, and a lead
author of the report.
Among the study's key findings:
-
Organizations are struggling with securing and tracking sensitive data
in the cloud. Only 39 percent cite high levels of confidence in their
ability to secure data in the cloud, with 40 percent indicating that 50
percent or less of their sensitive data in the cloud has sufficient
security. Only four percent report sufficient security for 100 percent
of their data in the cloud.
-
Third parties and suppliers have similar access to sensitive data
compared to employees, a concerning fact given the results of another
recent CSA survey, which found that third parties, contractors, and suppliers are the most commonly targeted groups (58%) in cyber attacks.
-
Dark data issues stem from staffing issues and interdepartmental
conflict. The top three barriers for organizations capturing dark data
are related to staffing issues: lack of skills/knowledge (50%), lack of
interdepartmental cooperation (47%), and lack of staff resources (44%).
-
The majority of security professionals believe their enterprise will
experience a data breach in the next year. An organization's confidence
in its ability to protect its data decreases dramatically once it has
experienced a breach. In fact, 92 percent of those having previously
experienced a data breach believe that they will experience another in
the coming 12 months.
"Cloud data security is top of mind for organizations of all sizes,
showing that many organizations are unprepared to deal with the unique
challenges of securing data in the cloud. With the rapid growth of
cloud, it is essential that organizations take steps to improve their
cloud data security posture," said Dimitri Sirota, CEO and co-founder at
BigID. "This research underscores the value of solutions like BigID to
accelerate cloud data security with a risk-based, data-first approach
that can scale as data continues to expand across the multi-cloud."
The survey, which was sponsored by BigID, was conducted online by CSA in
July 2022 and received 1,663 responses from IT and security
professionals from organizations of various sizes and locations. CSA
research prides itself on vendor neutrality, agility, and integrity of
results. Sponsors are CSA Corporate Members who support the findings of
the research project but have no added influence on the content
development or editing rights to CSA research.
Download the full report.