Migrating your applications, data and other assets to the cloud is supposed to offload some of the burden of hosting everything on premises. But a reliance on multiple cloud providers brings with it the added complexity of knowing where and how everything is stored. And that complexity can easily lead to security risks. A report released Tuesday by cloud security provider Laminar examines how a lack of visibility, poor controls and shadow data can leave your cloud environment open to security threats.
SEE: Hiring Kit: Cloud Engineer (TechRepublic Premium)
For its “State of Public Cloud Data Security Report 2022,” Laminar commissioned a survey of 500 data security professionals in February 2022. Among the respondents, 56% said that their organization uses two or more cloud service providers. A full 49% said they do have full visibility into new data repositories in their public cloud environments. But that left 35% who said they have only partial visibility, 12% who have no visibility and 5% who aren’t sure.
With more cloud providers to juggle and a lack of visibility into all their cloud data, many of those surveyed have been hit with data breaches. Half of all the respondents said their cloud environments were breached in 2020 or 2021, while 13% were unsure.
Shadow IT occurs when employees install or use technology without the involvement or awareness of IT and security staffers. That problem also affects the cloud. IT staff and business users alike can make use of the public cloud for data storage, leading to an issue known as shadow data. In this scenario, shadow data can include databases in test environments, unmanaged backups, old or outdated databases and unlisted databases, all of which can be vulnerable to security risks.
Some 82% of the respondents said they were extremely or fully concerned about shadow data. In one example cited by Laminar, an employee may create a copy of a database to run in a cloud development environment and then forget to delete it. In another example, an application may be decommissioned, but its backup database is left intact.
The growing number of cloud data breaches has triggered some positive changes. Some 50% of those surveyed said that their executives and board members are now more aware of the importance of cybersecurity. However, that left 50% who still have work to do to win over more executive buy-in.
More than 80% of the respondents said that their security budgets have increased in light of all the high-profile data breaches. Further, almost 60% said that their organizations now have a dedicated team for data protection.
SEE: iCloud vs. OneDrive: Which is best for Mac, iPad and iPhone users? (free PDF) (TechRepublic)
Due to the increasing complexity of public cloud security, 61% of the security professionals said they’ve adopted cloud-based security tools. By using such tools, they hope to achieve the following goals:
- Allow for diverse cloud storage environments. Many of the respondents said they want to be able to more easily view their hosted, managed and embedded data repositories through a cloud-native platform. The challenge is to be able to manage an increasing amount of cloud data but still enforce security policies.
- Manage internet-facing applications. The reliance on Software as a Service (SaaS) is growing faster than the ability to manage these types of applications. With a cloud-native tool, security pros want to be able to automatically discover and secure the data stored by these applications.
- Reduce shadow data. The right tool should help security teams discover and inventory all their shadow data, enforce security guidelines and get rid of unneeded databases.
- Ensure that new data stores are secure. Developers should be able to create new data repositories without running into security roadblocks. Security staffers want a cloud platform that can monitor these repositories for security without impacting performance.
“With a majority of the world’s data residing in the cloud, it is imperative that security becomes data-centric and solutions become cloud-native,” said Laminar CEO Amit Shaked. “Solutions need to be completely integrated with the cloud in order to identify potential risks and have a deeper understanding of where the data resides. Using the dual approach of visibility and protection, data protection teams can know for certain which data stores are valuable targets and ensure proper controls, which allows for quicker discovery of any data leakage.”