Report: The State of Cloud Data Security 2023
“The State of Cloud Data Security 2023” analyzed more than 13 billion files stored in public cloud environments and found sensitive data in more than 30% of cloud assets. Download your copy now to gain insights into the best ways to engage with sensitive data in today's cloud environments.
Here are the highlights from this three-part report:
Part 1: Where Is Your Sensitive Data?
The cloud empowers organizations through data democratization, but it also increases data sprawl. Data is constantly being shared, copied, transformed and forgotten, often leading to security and compliance breaches. 44% of sensitive data is PII containing employee and customer data. Key takeaways from this section include:
- Most companies don’t know where their data resides and what types of sensitive information it contains, leaving them exposed.
- Attackers will use the weakest link in the chain to get into development environments.
- Despite expert risk assessments, it's likely some sensitive data is still vulnerable to threats, including publicly accessible, unlogged or nonencrypted data.
- By knowing where sensitive data is stored, risk management can be simplified and data security can be improved.
Part 2: Who Has Access to Your Sensitive Data?
Overly permissive access granted across various roles can lead to data exposure and significant risk in sharing sensitive information between cloud accounts. Researchers found that 95% of principals were granted excessive privileges. Key takeaways from this section include:
- The separation of duties concept is neglected and not enforced in the cloud. It’s recommended to remove consumer access from administrative roles.
- While the majority of access is granted through excessive permissions, it’s recommended to grant explicit permissions to each asset.
- Sensitive data shared between accounts weakens control and increases the risk of data exposure. Reduce the exposure of sensitive data to multiple accounts.
- Permissions and role-based access control are insufficient protections in the cloud. Another security layer is needed to manage the sensitive information and all paths leading to it. See the Summary for more.
Part 3: Where Does Your Sensitive Data Flow?
When a security incident happens, it’s important to ask the right questions. What was taken? When was it taken? Who took it? Where was it taken from? How was it taken? The answers to those questions form the basis of the most important question of all — who is accessing the sensitive data? Key takeaways from this section include:
- Sensitive data is accessed by many principals regularly. Minimize excessive permissions and continuously monitor principals' access to sensitive data, which will help reduce sensitive data exposure.
- Turn on logging for sensitive data assets to enable monitoring.
- Data flows represent duplication that increases exposure risk. Reduce flows to the minimum required and make sure the destination is secured.
- Ensure that your data flows don’t violate your internal governance and external compliance mandates.
Download the report now to see the research and gain insights on the best ways to engage with sensitive data in today's cloud environments.