Cloud transformation and data democratization provide a number of benefits to organizations, but these same technologies and trends are also introducing the greatest risks.

We are in the midst of cloud data’s Gilded Age. Organizations are eager to make data accessible in order to do more with analytics and better harness its overall value — but it’s not coming without consequence. This new era is characterized by an increasing adoption of cloud data storage technologies, the sheer proliferation of data, the death of the traditional perimeter, a faster rate of change for developers, and the changing role of security.

The convergence of all of these elements has created what Laminar has coined as the “innovation attack surface” — a new threat vector that most organizations unconsciously accept as the cost of doing business. The innovation attack surface is fueled by the continuous unintentional risk cloud data users, such as developers and data scientists, take when using data to drive innovation. Compared to traditional attack surfaces that are determined by external forces such as phishing attacks, malware, or malicious insider threats, the innovation attack surface is a result of the massive, decentralized, accidental risk created by the smartest people in the business.

To gain a deeper understanding of the innovation attack surface’s impact on organizations with public cloud infrastructure, Laminar released its second-annual State of Cloud Data Security Report. We heard from 500 data security and governance professionals on their perspective of the current state of public cloud data security and their concerns over unknown or “shadow” data.

Here’s what we learned:

Three Out of Four Respondents Experienced a Cloud Breach in 2022

In our survey, three out of four respondents acknowledged that their cloud environments were breached in the previous year, up from one in two in last year’s State of Public Cloud Data Security Report.  Of those who experienced a breach, 79% were aware that data had leaked or been exfiltrated versus 58% from the year before.

These findings illustrate that organizations’ current strategy of just racing to the cloud without implementing next-generation data security controls isn’t working.

Shadow Data Concerns Are on the Rise

Despite the majority of respondents (86%), claiming to have increased visibility into public cloud data stores, up from 77% last year, 93% of security professionals are concerned about shadow data. It was also found to be the number one challenge for protecting data in the cloud named by sixty-eight percent of respondents.

The contradiction can be explained by the security execution gap — the divergence between agile cloud data activities that contribute to innovation and the static and manual data security activities intended to protect the business. In simpler terms, it just means that developers and data scientists are creating too quickly, and IT and security teams aren’t aware. Shadow data can proliferate in just a few clicks, whether from test environments, mis-placed data in storage buckets, legacy data that hasn’t been deleted after a cloud migration, etc. If not addressed or made known, it can remain floating in the ether for adversaries to take advantage of for weeks, months, or even years.

Organizations are Increasingly Allocating Resources Toward Fighting Breaches, Shadow Data

The bright side of the uptick in cloud breaches is that company executives are paying more attention. Ninety-two percent of respondents say that the increase in cloud breaches has increased executive and board-level buy-in for cloud-native security platforms, up from 50% a year earlier. More than half (66%) of organizations have increased security budgets by 41% or more in the past year.

Our findings indicate that part of the budget is going toward hiring data-centric security professionals. Ninety-seven percent of security professionals reported their organization has a dedicated data security team, up from 58% in 2022.

Security Professionals Are Seeking Cloud-Native Data Security Solutions, Data Security Posture Management (DSPM) Might Just Be the Answer

In our survey, 92% of respondents had heard about DSPM and identified 12 different capabilities they’d require from a DSPM tool.

  • 71% wanted autonomous scanning
  • 63% want to deploy a dynamic, performant platform
  • 54% need asynchronous operations
  • 53% would like the platform to provide an agentless architecture

How Laminar Can Help

Just like in the industrial Gilded Age, cloud data’s Gilded Age brings both pros and cons, as our survey findings ultimately illustrated.

Organizations need a best-of-breed cloud-native security platform that can provide autonomous discovery, classification, and protection across all major cloud service providers (CSPs) and Snowflake via one unified console: this is where the Laminar DSPM Platform comes in. With the Laminar Platform, data security professionals can gain the visibility and control they need to achieve security, privacy, and governance in the cloud. The Laminar Platform addresses data hygiene, data security risk management, data access governance, and compliance, and deploys in minutes for rapid time to value. As a result, organizations are equipped to reduce the innovation attack surface and continue to encourage the activities that bring the most value to the business.

Download the full report here: https://laminarsecurity.com/forms/state-of-cloud-data-security-report-2023/

Andy Smith

Chief Marketing Officer

Andy is a veteran of 30+ years in the high-tech industry in Silicon Valley. He has spent the last 20 years in security, currently as CMO at cloud data security provider Laminar and previously as CMO at SaaS security innovator Qualys. Prior he was SVP of Marketing for identity provider Centrify and Sr Dir of PM for Oracle. Andy is a veteran of several security startups including VP of PM at Bitzer Mobile that was acquired by Oracle and GRC provider Virsa Systems that was acquired by SAP. Andy is a frequent speaker on technology and security at industry events around the globe.

View all articles by Andy Smith