More Work Needed to Secure Data in the Cloud, Survey Finds

The Cloud Security Alliance (CSA) in coordination with data protection firm BigID released the results of a survey in which more than 1,500 IT and security professionals weighed in on the state of cloud data security in 2022. Among the survey’s fascinating results:

• Four percent of security and IT leaders think all of their cloud data is sufficiently secure 
• Eighty two percent of organizations rate capturing dark data as a moderate to high priority in 2022
• Seventy six percent of organizations rate tracking data across SaaS platforms as moderately to highly difficult
• Eighty six percent of organizations utilize multiple cloud platforms to store their data across IaaS, PaaS and SaaS
• Eight percent of respondents believe that it’s very unlikely they will experience a data breach in the next 12 months

The full CSA report can be obtained here. Here are some highlights:

KEY FINDINGS

Here is a list of the report findings:

1. Organizations are struggling with securing and tracking sensitive data in the cloud.
   
2. Third parties and suppliers have similar access to sensitive data compared to employees.
   
3. Dark data issues stem from staffing problems and interdepartmental conflict.
   
4. The majority of security professionals believe their enterprise will experience a data breach in the next year.
   

The report, which I highly recommend downloading and reading, also contains numerous excellent charts and figures. Here are four that I am including (by permission), and there are also many more great metrics.

For example, “In general, organizations are lacking confidence in their ability to secure data in the cloud, with 39% reporting high confidence levels. Over half of the organizations (57%) report medium to low levels of confidence. This lack of confidence becomes even more evident when discussing sensitive data.”

In your opinion, what percentage of your organization’s sensitive data in the cloud is sufficiently secured?
“Organizations utilize between four and five different components for their data protection strategy. Some of the most common components include data backup and recovery (33%), auditing and assessing data protection processes (32%), adhering to standards and regulatory compliance (31%), and establishing policies and procedures (31%).

What are the components of your data protection strategy?
“Organizations are struggling with tracking data in the cloud. Over a quarter of organizations aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data. This suggests that organizations’ current methods of classifying data aren’t sufficient for their needs.

“Here is a chart showing survey results for different types of data being tracked:”

A DEEPER DIVE

This video from CSA dives deeper into trends in securing sensitive data with privacy enhancing technologies.

FINAL THOUGHTS

Almost every C-suite leader that I speak with is actively moving data to the cloud or considering protections for the same in 2023. This survey from a trusted nonprofit organization like CSA offers some fascinating insights into the thought process for technology and security leaders and frontline security experts.

No doubt, this is just one moment in time, but the ongoing level of concern from industry leaders remains disquieting — but not surprising.