A majority of companies consider most of their enterprises’ data to be “dark data,” or basically data overlooked by analytic applications and processes.
A shocking survey finds only four percent of IT and security professionals consider their cloud-based data to be completely secure. In addition, a majority consider most of their enterprises’ data to be “dark data,” or basically data overlooked by analytic applications and processes.
These findings come out a survey of 1,663 IT and security professionals released by the Cloud Security Alliance and BigID, which shows widespread security concerns about data being processed or stored in the cloud. Tellingly, the majority of professionals, 62%, believe their enterprises will experience a cloud data breach in the next year.
Even those seemingly immune from breaches so far are nervous – among organizations that hadn’t experienced a breach in the past 12 months, only 22% indicated that a breach in the next 12 months is very unlikely. Organizations that had experienced a breach believe a data breach is more likely to happen, with only 8% reporting a data breach in the next 12 months to be very unlikely.
Third-party access to sensitive data and the need for cross-platform support for their complex cloud
environments such as multi-cloud and hybrid cloud. There is extremely low confidence in enterprises’ ability to secure data in the cloud, with only 39% reporting high confidence levels. Over half of the organizations (57%) report “medium” to “low” levels of confidence.
Cloud adoption is high. A total 86% of organizations utilize multiple cloud platforms to store their data-across IaaS, PaaS, and SaaS. At the same time, 76% of organizations rate tracking data across SaaS platforms as moderately to highly difficult. Only seven percent report that they have no difficulties at all. These struggles could be due to lack of visibility, the volume of data coming in, or even a lack of proper tooling.
This lack of confidence becomes even more evident when discussing sensitive data. Forty percent of organizations indicate that 50% or less of their sensitive data in the cloud has sufficient security. Only four percent report sufficient security for 100% of their data in the cloud. “This finding suggests that organizations may generally have some confidence in their ability to secure data, but are struggling when it comes to sensitive data.,” the report’s author, Hillary Baron, suggests.
The most common data security features organizations use are continuous monitoring/learning (48%), cloud workload security (42%), cloud data security (42%), and data inspection and detection (41%).
Organizations appear to give nearly identical levels of access to sensitive data in their organization to employees, contractors, partners, and suppliers. This finding indicates that third parties and suppliers may have too much access to organizations’ sensitive data, particularly in light of the recent newsworthy supply chain attacks. At least 43% report a substantial number of employees with their business or technology partners have access to their days, along with 44% of contractors. By comparison, 46% report their employees have such as degree of access. Third parties, contractors, and partners were found to be the most commonly targeted group in attacks (58%).
Dark data is another side of the challenge. Over half of organizations (79%) have moderate to high levels of concern around the proliferation of dark data in their organization, but are unsure about how to approach the issue. Over a quarter of organizations aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data.
“It’s difficult to estimate the amount of dark data organizations have,” Baron says. When asked to estimate, over a quarter of security and tech professionals (27%) believe that 51% or more of their organization’s data is dark data. “While these numbers are alarmingly high, it’s likely that the actual numbers are even higher,” she continues. “It seems that security professionals are aware that there is an issue, but still struggle to understand how great the issue is. This is particularly problematic because organizations aren’t able to protect data if they don’t have proper visibility into what they have or its location. Without getting a handle on the issue of dark data, organizations can’t properly understand their data risk posture or assess their attack surface. This can only lead to vulnerabilities and security gaps.” A total of 82% of organizations rate capturing dark data as a “moderate” to “high” priority in 2022.
The top three barriers for organizations capturing dark data are related to staffing issues: lack of skills/knowledge (50%), lack of interdepartmental cooperation (47%), and lack of staff resources (44%). Organizations will need to dedicate themselves to educating their staff and prioritizing technologies that can support staffing gaps.