New ESG Research Shines a Light on Enterprise Complexity as a Result of Abandoned Data
Normalyze, the leader in Data Security Posture Management (DSPM), in partnership with the Enterprise Strategy Group (ESG), today released new research highlighting critical gaps in data security as organizations increasingly adopt cloud solutions. The research underscores the need for DSPM solutions, powered by AI and automation, to tackle challenges related to locating sensitive data, assessing its accessibility, and identifying who has access to it. The findings also shed light on security risks associated with generative AI adoption, the rise in sensitive data residing in the public cloud, and why businesses are facing an expanded attack surface.
Also Read: CIO Influence Interview with Anuj Jaiswal, Vice President of Products at Fortanix
As enterprises move more operations to the cloud, the volume and exposure of sensitive data stored in public cloud services is also rapidly increasing. Despite efforts by security teams to manage data risks, many organizations lack clarity on where data is located, how sensitive it is, and who has access to it. Additionally, “shadow data” is often stored without appropriate governance or control from security teams, which is an oversight that exacerbates data exposure and security risks.
“This report highlights the harsh reality that there’s a knowledge gap among teams in what data is vulnerable to bad actors and how to protect it,” says Todd Thiemann, Senior Analyst at Enterprise Strategy Group. “The challenge lies in devising effective strategies to understand and address these security concerns.”
The report’s key findings include:
- 26% of respondents suspect they’ve lost sensitive data, but aren’t sure
- Nearly one-third of organizations reported that third-party risk management (29%), data leakage protection/rights management (27%), and regulatory compliance (26%) are the top three areas where generative AI governance and policy were the weakest in their respective operations
- More than 60% of sensitive data resides on public cloud services today, expected to increase to 68% within 24 months
- 27% organizations reported they expect between 81% to 99% of their sensitive data will be in the public cloud within the next 24 months
- 46% of respondents suspect or are certain they have experienced any data loss, but cannot confirm
The study also shows that IT teams lack visibility into “shadow data,” which complicates breach assessments and compliance with SEC regulations. Not knowing where the sensitive data is means that teams could spend a significant amount of time assessing the scope of a breach to determine whether in fact it is “material.”
Also Read: Bots and Deepfakes: How Do We Navigate the New Era of Digital Identity?
“The findings reveal what we at Normalyze have long believed: you can’t secure what you don’t know you have, let alone operate efficiently without an understanding of the nature of your data or who needs access to it,” says Amer Deeba, CEO and co-founder of Normalyze. “DSPM offers a data first approach to security, helping organizations identify and prioritize their most valuable assets.”
Founded with this idea and need in mind, Normalyze provides the necessary context across environments and ensures appropriate policies are followed around the data. It enables teams to streamline operations by understanding the lineage of an organization’s data and who/what is accessing that data, identifying anomalies so that organizations can better protect sensitive data stores.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
