Highlights:
- According to Dig Security’s researchers, one of the major threats to data security in 2023 is data sprawl brought on by cloud adoption, which makes risk management difficult and can result in security and compliance violations.
- Putting in figures, 91% of database services containing sensitive data were not encrypted at rest, 20% had logging deactivated, and 1.6% were accessible to the public.
Dig Security Solutions Inc., a data security firm, brought to the fore a new report that addressed the growing concern over potential hazards related to handling and keeping sensitive data in cloud environments.
Based on an analysis of 13 billion files stored in public cloud environments, the “State of Cloud Data Security 2023” report takes a close look at some crucial factors that affect a company’s cloud data risk posture: the kinds of sensitive data it contains, where it is located, who has access to it, and the routes it takes.
According to Dig Security’s researchers, one of the major threats to data security in 2023 is data sprawl brought on by cloud adoption, which makes risk management difficult and can result in security and compliance violations. According to the survey, sensitive data is included in more than 30% of cloud data assets, with personally identifiable information being the most frequent sort of exposed data.
A total of 91% of database services containing sensitive data were not encrypted at rest, 20% had logging deactivated, and 1.6% were accessible to the public. Nearly 70% of storage services were not tracked, and more than 60% were not encrypted at rest.
The report also emphasized issues with access control and who has access to sensitive data. Maintaining strict control is identified as a significant difficulty with managed databases, inter-account sharing, and cloud storage assets that create complex access dynamics. It is rumored that the separation of roles principle, which divides admin and user permissions, is frequently ignored in the cloud. According to the study, 35% of those with access to sensitive data assets have some privileges, and roughly 95% of those with permits are given them inexplicably.
The research also discusses the flow of sensitive data, noting that 14 distinct institutions typically access individual pieces of sensitive data. Additionally, it was discovered that sensitive data had been moved to publicly accessible assets in six percent of the organizations.
The report also highlights the significant data flow across geographical boundaries, which in 2023 will present various challenges in regulatory compliance. Dig Security’s analysts say 56% of sensitive data assets are accessed from numerous places. This is a warning sign for potential compliance violations under laws like the European Union’s General Data Protection Regulation, which imposes geolocation-based limitations.
Dig’s research offers sound guidance for reducing and avoiding cloud data hazards in its conclusion. It is suggested that organizations activate logging for their data assets and examine data flows that increase exposure concerns. The report also urges measures to guarantee data flows adhere to external compliance requirements and internal governance.
Dan Benjamin, Chief Executive and Co-founder of Dig Security, mentioned ahead of the report’s release, “To protect data wherever it lives, modern enterprises must build a comprehensive data security stack, including a Data Security Posture Management solution with real-time Data Detection and Response capabilities.”
A venture capital-backed business, Dig Security most recently raised USD 34 million in investment in September. Investors backing the business include Team8 LP, Felicis LLC, Okta Ventures LLC, and SignalFire LP.