Solving the Paradox of Public Cloud Data Security

The modern organization has a public cloud data security paradox to solve, says Amit Shaked, CEO, Laminar. Discover why existing security solutions fail to protect cloud data and how cloud-native data security platforms can help security teams identify the highest data risks to take fast action.

IT and security teams want to impose governance and control over this vital resource. However, the fast pace of cloud adoption means that employees can now access data from anywhere. As a result, IT and security teams are often unaware of all the places where public cloud data is being accessed and stored. 

Developers and data scientists are spinning up new services and data stores to support new innovations. So, it’s no surprise that 89%Opens a new window of organizations already host sensitive data in the public cloud.

There are some benefits of data fluidity. Employees are more productive when they can use data anywhere. Business users can easily access the data they need for analytics and reporting. Business technologists are able to innovate faster when they can provision new infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) capabilities on demand. During the pandemic and beyond, streamlined, egalitarian access to data has enabled global teams to collaborate, problem-solve, and rapidly evolve products and services to meet changing customer needs. 

Public Cloud Data Security Is a Major Weakness for Most Organizations  

However, there are also some significant downsides to the global availability of business and other data. 

As developers spin up new data stores, security teams are struggling to keep up. Many of these data stores are unknown and unmanaged, meaning that this data isn’t copied, backed up, safeguarded, and actively managed by security teams. As a result, this unknown or “shadow data” has quickly become a prime target of adversaries and could easily become the reason for an organization’s downfall. 

Just how great a problem is shadow data? 

A recent survey of data security and governance professionals revealed that 93% of respondentsOpens a new window are concerned about shadow data, with 68% naming it as the primary concern in regard to protecting cloud data. 

See More: 2023 Predictions for Cloud Data Management

Why Existing Security Solutions Aren’t Protecting Public Cloud Data 

Adding to this challenge is the fact that IT and security teams may think they have shadow data under control. After all, they are already using a suite of security and IT management solutions, such as data loss prevention (DLP), cloud access security broker (CASB), data classification and catalog tools, cloud security posture management (CSPM) platforms, and CSP-native data security solutions.

However, these solutions aren’t delivering the wrap-around public cloud data security that organizations need. Most don’t enable data security posture management (DSPM), which empowers IT and security teams to identify the highest data risks so that they can take fast action to reduce them.

• LegacyDLP and CASB platforms apply protection at the network and application level rather than the public cloud service level. As a result, these tools focus on controlling access, monitoring behavior, and preventing loss rather than proactively detecting data risks and exposures and enforcing secure data posture. Further, they don’t categorize or prioritize data, meaning that all data losses are treated equally. Teams that use DLP tools typically add other solutions to secure cloud data.

• Data classification and cataloging tools discover known data that is being migrated to the cloud but require manual operation and you first have to know where your data is – so they miss shadow data. While they do prioritize data by sensitivity level and quality, these tools typically need to be used with other solutions to proactively minimize the exposure surface of public cloud data and identify leaks.

• CSPM platforms scan cloud infrastructure to find misconfigurations and vulnerabilities. They don’t discover where sensitive data is stored and can’t detect its security posture. They also don’t monitor data access attempts or detect when public cloud data is leaked or exfiltrated. DSPM solutions provide richer data context (sensitivity, owner, security posture, etc.) and can integrate with and improve the prioritization of CSPM-generated alerts.

• CSP-native solutions, such as AWS Macie or Microsoft Purview, provide a measure of data discovery and protection but are typically limited in their breadth of asset support, requiring multi-cloud organizations to need more than one data management platform. They can also incur high scanning costs and be difficult to deploy.

See More: What Is Data Loss Prevention (DLP)? Definition, Policy

Why Organizations Need a Cloud-native Data Security Solution 

So, it’s clear that many existing solutions have some significant limits to protecting cloud data and are clouding visibility into risks. In one of Laminar’s recent surveys, 77% of respondents experienced a cloud data breach in 2022. 

If IT and security teams can’t solve all the limitations of legacy solutions, they have likely experienced an exposure – or will do so soon. 

Teams can move ahead of adversaries by deploying a purpose-built public cloud security platform that autonomously, agentless, and continuously discovers, prioritizes, secures, and monitors everything in their multi-cloud infrastructure. 

A good cloud-native platform executes deep scans of infrastructure to find both known and shadow data 100% autonomously. Because it works agentlessly, this platform doesn’t impact data performance. The platform then prioritizes data assets according to their sensitivity, volume, data security posture, and exposure. It enforces best practices and data policies, guides teams’ remediation efforts, and continuously reduces the data attack surface. It also monitors all public cloud data assets, uncovering access anomalies in real time. With this real-time intelligence, IT and security teams can make better decisions for their organizations. 

Public cloud data use is the Achilles heel of most data security organizations because teams don’t have the tools they need to see, manage, and control these assets. By implementing a cloud-native DSPM platform, IT and security teams can regain control over these assets, protecting valuable data resources while still freeing users to innovate.  

Are you considering a cloud-native DSPM platform? Share with us on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock

MORE ON DATA SECURITY

• Data Privacy and the Journey of Smarter Security
• Unlocking Benefits of Immutable Storage for Data Security
• Data Privacy Day 2023: 6 Experts Share Best Practices
• Why Data Security Needs To Be a Part of Your Change