Laminar found that half of the security professionals surveyed said that their cloud environments had been affected by data breaches in 2020 or 2021.
Migration of your applications, data, and other assets to the Cloud is supposed to relieve some of the responsibility of hosting everything on-premises. However, relying on multiple cloud providers can lead to additional complexity in knowing where and how everything is stored. Security risks can easily be created by this complexity. Laminar, a cloud security provider released Tuesday a report examining how shadow data, lack of visibility and poor controls can make your cloud environment vulnerable to security threats.
SEE: Hiring Kit: Cloud Engineer (TechRepublic Premium)
For its State of Public Cloud Data Security Report 2022Laminar conducted a survey of 500 data security professionals between February 2022 and February 2022. 56% of the respondents indicated that their organization uses at least one cloud service provider. Full 49% of respondents said that they have full visibility into the new data repositories within their public cloud environments. The remaining 35% said they have only partial access, 12% said they have no visibility, and 5% said they aren’t certain.
Many respondents have been affected by data breaches, due to the increasing number of cloud providers they have to manage and the lack of visibility into all of their cloud data. Half of respondents claimed that their cloud environments were breached in 2020/2021. Only 13% said they were unsure.
Shadow IT is when employees install or use technology without IT and security staffers’ knowledge. The cloud is also affected by this problem. Shadow data is an issue that both IT staff and business users can use the public cloud to store their data. Shadow data includes databases in test environments, unmanaged back-ups, and unlisted database, all of which could pose security risks.
82% of respondents stated that they were concerned about shadow data. Laminar gives one example: An employee may make a copy of a database that will be used in a cloud-based development environment, then forget to delete the backup. Another example is when an application is decommissioned but its backup database remains intact.
Some positive changes have been made by the increasing number of cloud data breaches. About 50% of respondents stated that their executives and board members now understand the importance of cybersecurity. The remaining 50% still need to win more executive buy-in.
Over 80% of respondents stated that their security budgets had increased in the wake of high-profile data breaches. A majority of respondents also stated that they now have a dedicated team to protect data within their organizations.
SEE: iCloud vs. OneDrive – Which one is best for Mac, iPad, and iPhone users? (free PDF) (TechRepublic)
61% of security professionals reported that they have adopted cloud-based security solutions due to the increasing complexity of public clouds security. They hope to achieve these goals by using such tools:
- Different cloud storage environments are possible. Many of the respondents wanted to be able view their hosted, managed, and embedded data repositories more easily through a cloud native platform. The challenge is to manage cloud data and still maintain security policies.
- Manage internet-facing apps. Software as a Service (SaaS), is becoming more popular than the ability to manage these applications. Security pros want to be in a position to automatically find and secure the data stored within these applications with a cloud-native tool.
- Reduce shadow data. Security teams need to be able to identify and inventory all shadow data, enforce security guidelines, and get rid of unnecessary databases.
- Secure new data stores. Developers should have the ability to create new data repositories, without encountering security roadblocks. Security personnel need a cloud platform that can monitor these repositories without affecting performance.
“With a majority of the worlds data residing in the cloud, it is imperative that security becomes data-centric and solutions become cloud-native, said Laminar CEO Amit Shaked. Integration with the cloud is essential to identify potential threats and better understand where data resides. Data protection teams can identify which data stores are valuable targets by using the dual approach of visibility to protection. This allows them to ensure that proper controls are in place, which makes it easier to detect any data leakage.