The State of Public Cloud Data Security – Complex and in the Shadows

Public cloud services adoption has surged in the past two years from $270 billion USD in 2020 to an estimated $397 billion in 2022. This fast-paced transformation gave way to the rapid development of digital products and services — but didn’t come without compromise.

IT was rapidly implementing new models in the cloud, including hybrid work, and diluting security controls. With their heads in the clouds focused on bringing in more revenue for their organization, security professionals unknowingly put themselves at risk. IT and security now lack visibility into where cloud data is stored and whether databases contain sensitive information.

But how can you protect what you can’t see?

In 2021, companies faced a 50% rise in attacks, and cyber risks are now the No.1 concern for businesses of all sizes. What is abundantly clear is that organizations need a better security strategy to gain visibility into their sensitive data, enable digital business growth and safeguard their valuable cloud-enabled data stores.

To gain a deeper understanding of problems plaguing organizations with public cloud infrastructure today, Laminar released the first-annual State of Public Cloud Data Security Report. We heard from 500 security professionals on their perspective of the current weak and fragmented state of public cloud data security and their concern over lack of visibility.

Here’s what we learned:

1 in 2 Respondents Experienced a Cloud Breach in 2020 or 2021

Digital transformation has become a breeding ground for adversaries. In our survey, 50% of respondents acknowledged that their cloud environments were breached in 2020 or 2021, with 13% saying they were unsure. Five percent also said they preferred not to answer, likely indicating that they, too, had been breached.

Hackers are Increasingly Looking to Build on Past Results

Of the respondents who had been breached, 58% said their cloud data had been knowingly leaked and/or exfiltrated.

With that data, adversaries are creating detailed profiles on individuals on the dark web, buying and selling user credentials and mining data for further vulnerabilities. In turn, cybercriminals are then able to commit greater harm or launch repeat attacks.

Organizations are Struggling with Cloud Complexity

Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure, IBM Cloud and Oracle have gained the majority of companies’ cloud business and each offer hundreds of services. Organizations typically engage with more than one vendor in order to gain access to a broader mix of capabilities, align spending with a chosen vendor’s expertise and reduce risk.

With 56% of respondents working with two or more cloud service providers (CSPs), many are struggling with a complex infrastructure design.

The Vast Majority of Data Security Professionals Expressed Concern Over Shadow Data

Shadow data is company data that is likely copied, backed up or housed in a data store that is not governed, under the same security structure, nor kept up-to-date. Our survey found 82% of respondents are extremely or very concerned about shadow data.

It is a concern that is well-founded: less than half (49%) of respondents have full visibility when developers spin up new data repositories, only about 35% have partial visibility and 12% have no visibility at all.

Public Cloud Data Needs Cloud-native Tools

The survey revealed that data security professionals are struggling to keep pace with cloud data growth. To address digital transformation, gain visibility into data and adequately protect themselves, organizations must adopt cloud-native security solutions.

Among survey respondents who had adopted such solutions:

• 49% believed that cloud-native security solutions are dynamic, effective and extremely scalable
• 46% state that they are asynchronous and don’t disrupt data traffic flow or performance
• 44% say they are agentless and API-based, resulting in lower total cost of ownership (TCO)

Company Leaders are Seeing the Light

The one upside of organizations experiencing a drastic increase in cloud security breaches is that it has increased executive and board of directors’ buy-in for cybersecurity. Half of the companies surveyed have experienced an increase in buy-in over the last two years, and 81% of respondents have reported a >40% security budget increase since January of 2020.

How Laminar Can Help

Companies have opened Pandora’s box when it comes to the public cloud, security teams can’t simply shut it and reduce their use of public cloud services or consolidate cloud providers. To do so would halt digital transformation progress.

Our survey illustrated the benefits of cloud-native security solutions. Laminar’s platform is uniquely designed to protect sensitive data for everything organizations build and run in the cloud. We work with all public cloud infrastructures, all cloud data types and all data policies. As a result, teams gain a single solution to protect and control their multi-cloud holdings.
Download the full report