Cloud Data Security 2023 Report Reveals Alarming Exposé of Sensitive Data in Over 30% of Cloud Assets

“State of Cloud Data Security 2023 Report” Reveals Risks and Strategies for Protecting Sensitive Data

Introduction

TEL AVIV, Israel, August 16, 2023 — A new report by Dig Security, a leader in cloud data security, has unveiled alarming findings regarding the risks associated with sensitive data in the modern enterprise. The “State of Cloud Data Security 2023 Report” analyzed over 13 billion files stored in public cloud environments to shed light on how sensitive data is being handled and exposed. The report highlights the need for organizations to adopt comprehensive data security solutions and best practices to protect valuable customer and corporate information. In this report, we examine the key findings and implications of the report and provide expert analysis and recommendations.

Understanding the Risks

The study revealed that more than 30% of cloud data assets contain sensitive information, with personal identifiable information (PII) being the most common type of sensitive data stored by organizations. Shockingly, the analysis of a sample data set of 1 billion records uncovered over 10 million social security numbers, making it the sixth most common type of sensitive information. Furthermore, almost 3 million credit card numbers were also found, ranking as the seventh most common type of sensitive data.

Location of Sensitive Data

The report underscores the importance of understanding where sensitive data resides in order to effectively manage and secure it. Cloud adoption has led to data sprawl, increasing the risk of security and compliance breaches as data is constantly shared, copied, transformed, and forgotten. Dig’s research found that employee and customer data comprising PII is the most common type of sensitive data stored by organizations. Alarming statistics reveal that 91% of database services with sensitive data were not encrypted at rest, 20% had logging disabled, and 1.6% were open to the public. Additionally, more than 60% of storage services were not encrypted at rest, and almost 70% were not logged.

Access to Sensitive Data

Granting excessive access or over-permissioning poses a significant risk to sensitive data exposure. The report highlights the importance of enforcing separation of duties between administrative and consumer permissions in the cloud, as the neglect of this principle amplifies risks. Surprisingly, the analysis found that 95% of principals with permissions were granted them through excessive privilege. Over 35% of principals had some privilege to sensitive data assets, with almost 10% having admin access and nearly 20% having consumer access to sensitive assets. The exposure of PCI data was also of concern, as almost 10% of principals had consumer permission, and approximately 5% had admin access to such data. Furthermore, almost 1% of sensitive assets were shared with third-party vendors, and over 2% of sensitive data assets were at risk due to direct access from a remote account.

Flow of Sensitive Data

Data flow plays a significant role in increasing the risk associated with sensitive data. On average, sensitive data is accessed by 14 different principals, and 6% of companies have sensitive data that has been transferred to publicly open assets. Geolocation also introduces complications, as over 56% of sensitive data assets are accessed from multiple geographic locations, and 26% are accessed by five or more geolocations. The report identifies that 40% of data flows to data lakes such as Hadoop and Snowflake, with Hadoop ingesting 37% of the data. This duplication of sensitive data into an unmanaged environment poses significant risks. Furthermore, replication between storage assets accounts for 30% of the activity involving sensitive data. More than 50% of sensitive data assets are accessed by 5-to-10 applications, and almost 20% are accessed by 10-to-20 applications.

Security Measures and Recommendations

The “State of Cloud Data Security 2023 Report” emphasizes the absence of critical security controls for sensitive data and highlights the urgent need for additional security layers to safeguard cloud assets. To mitigate the risks associated with sensitive data, organizations must adopt a comprehensive data security stack that includes a Data Security Posture Management (DSPM) solution with real-time Data Detection and Response (DDR) capabilities. The report offers key recommendations based on its findings:

1. Implement Encryption and Logging

Organizations should prioritize the encryption of sensitive data at rest in both database and storage services. Strong encryption mechanisms provide an additional layer of protection, reducing the risk of unauthorized access. Additionally, enabling logging for data assets allows for effective monitoring and detection of data breaches, enabling timely response and mitigation.

2. Enforce Principle of Least Privilege

Principles of least privilege should be strictly enforced to prevent over-permissioning and reduce the risk of sensitive data exposure. Rather than granting excessive privileges to principals, organizations should grant explicit permissions to each asset, ensuring the separation of duties between administrative and consumer permissions is maintained.

3. Monitor and Control Data Flows

Organizations must continuously monitor access to sensitive data and minimize excessive permissions. By turning on logging for data assets and analyzing data flows, organizations can identify and reduce exposure risks. It is crucial to ensure that data flows comply with internal governance and external compliance mandates, such as GDPR, which restricts sensitive information from leaving its geolocation.

4. Implement Data Loss Prevention (DLP)

To augment security measures, organizations should consider implementing Data Loss Prevention (DLP) solutions. These solutions help organizations discover, classify, protect, and govern their cloud data, providing an additional layer of defense against data breaches and policy violations.

5. Educate Employees and Raise Awareness

Employee education and awareness are critical in preventing data breaches. Organizations should provide comprehensive training programs to educate employees on data security best practices, including the identification and handling of sensitive data. Regular security awareness campaigns can help reinforce good security practices and create a security-conscious culture.

6. Engage with Cloud Data Security Experts

To stay ahead of evolving threats and vulnerabilities, organizations should engage with cloud data security experts who can provide insights, guidance, and assistance in implementing robust security measures. Collaborating with professionals who specialize in cloud security can help organizations build a strong security infrastructure and protect sensitive data effectively.

Conclusion

The “State of Cloud Data Security 2023 Report” serves as an important wake-up call for organizations to reevaluate and strengthen their data security practices. With the increasing adoption of cloud technologies, the risks to sensitive data have become more prevalent. Organizations must recognize the value of their data and prioritize its protection. Implementing comprehensive security measures, such as encryption, logging, and the enforcement of least privilege, will help organizations effectively mitigate risks and safeguard sensitive data. By adopting a proactive approach to data security, organizations can ensure they are well-prepared to face the challenges of the rapidly evolving threat landscape. For the complete “State of Cloud Data Security 2023 Report,” visit [link to report].