Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets

Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets

Dig Security - Products, Competitors, Financials, Employees, Headquarters  Locations

Data analysis from the Dig DSPM platform discovers sensitive data exposure, overpermissioning, and risky application access and data flows in cloud storage

Dig Security, the cloud data security leader, today released findings from its first-ever State of Cloud Data Security 2023 Report. The analysis of more than 13 billion files stored in public cloud environments reveals how – and why – sensitive data is at risk in the modern enterprise.

“Many organizations handle sensitive customer and corporate data too casually. Our goal in developing the State of Cloud Data Security 2023 Report is to drive awareness over how users engage with sensitive data in today’s working environments, and expose corresponding risks,” said Dan Benjamin, CEO and Co-founder, Dig Security. “To protect data wherever it lives, modern enterprises must build a comprehensive data security stack, including a Data Security Posture Management (DSPM) solution with real-time Data Detection and Response (DDR) capabilities.”

Dig’s researchers found that more than 30% of cloud data assets contain sensitive information. Personal identifiable information (PII) is the most common sensitive data type that organizations save. In a sample data set of 1 billion records, more than 10 million social security numbers were found (the sixth most common type of sensitive information), followed by almost 3 million credit card numbers, the seventh most common type.

The Dig Security State of Cloud Data Security 2023 Report focuses on three key areas that impact cloud data risk posture:

  • Common types of sensitive data and where it is located
  • Who can access sensitive information that leads to its exposure
  • Where sensitive data flows

Where is Your Sensitive Data?

Cloud adoption is driving widespread data sprawl, which introduces risk that leads to security and compliance breaches as data is constantly shared, copied, transformed, and forgotten. But if you know where your sensitive data is located, it is easier to manage risk and secure your data. Dig’s research found the most common sensitive data type organizations save is PII containing employee and customer data.

Additional findings include:

  • 91% of database services with sensitive data were not encrypted at rest, 20% had logging disabled, and 1.6% were open to the public
  • More than 60% of storage services were not encrypted at rest, and almost 70% were not logged

Marketing Technology News: Ant Media Delivers Ant Media Server Through Google Cloud Marketplace

Who Has Access to Sensitive Data?

Enabling too much access or overpermissioning leads to sensitive data exposure. Risks are also associated with sharing sensitive information between cloud accounts, storage assets, and managed databases. The separation of duties between admin and consumer permissions is often neglected and not enforced in the cloud, further amplifying these risks. Principals frequently have admin and consumer privileges unnecessarily, which violates the separation of duties principle. Best practices include granting explicit permissions to each asset instead of roles, and limiting sensitive data shared between accounts, which weakens control and increases the risk of data exposure.

Additional findings include:

  • 95% of principals with permissions are granted them through excessive privilege
  • More than 35% of principals have some privilege to sensitive data assets. Almost 10% have admin access, and almost 20% have consumer access to a sensitive asset
  • Almost 10% of principals have consumer permission, and around 5% have admin access to PCI data
  • Almost 1% of sensitive assets are shared with third-party vendors, and more than 2% of sensitive data assets are at risk due to direct access from a remote account

Where Does Sensitive Data Flow?

Sensitive data, on average, is accessed by 14 different principals, and 6% of companies have sensitive data that has been transferred to publicly open assets. Compounding the issue is the frequent flow of data across geolocations. Sensitive information accessed from different geolocations is common. Over 56% of sensitive data assets are accessed from multiple geographic locations, and 26% are accessed by five or more geolocations. As data flows, the risk grows – 77% of sensitive data assets have more than one cross-service flow.

Additional findings include:

  • 40% of data flows to data lakes (Hadoop and Snowflake). Hadoop ingests 37%, which duplicates sensitive data into an unmanaged environment putting it at significant risk
  • Replication between storage assets is responsible for 30% of the activity involving sensitive data
  • More than 50% of sensitive data assets are accessed by 5-to-10 applications, and almost 20% of sensitive data assets are accessed by 10-to-20 applications

Minimizing excessive permissions and continuously monitoring access to sensitive data will help reduce data exposure. To do this, organizations should turn on logging for data assets and examine data flows that increase exposure risk before reducing the flows to the minimum required to ensure the destination is secured. You must ensure data flows do not violate internal governance and external compliance mandates. Some regulations like GDPR also restrict sensitive information from leaving its geolocation. Duplication of data across different regions doubles the risks of exposure and could lead to a compliance breach if carried out across different geolocations. The State of Cloud Data Security 2023 Report highlights the absence of critical security controls for sensitive data and the need for additional security layers to ensure data is protected in cloud assets.

The Dig Data Security Platform is the industry’s first and only solution to combine DSPM, data loss prevention (DLP), and data detection and response (DDR) capabilities into a single platform. Dig enables enterprise cloud and security teams to produce immediate insights using its agentless cloud native solution that delivers a short setup time, zero maintenance, and comprehensive, automated response at scale.

Marketing Technology News: MarTech Interview With Maria Novikova, CMO at Xenoss

Picture of PRNewswire

PRNewswire

PR Newswire, a Cision company, is the premier global provider of multimedia platforms and distribution that marketers, corporate communicators, sustainability officers, public affairs and investor relations officers leverage to engage key audiences. Having pioneered the commercial news distribution industry over 60 years ago, PR Newswire today provides end-to- end solutions to produce, optimize and target content -- and then distribute and measure results. Combining the world's largest multi-channel, multi-cultural content distribution and optimization network with comprehensive workflow tools and platforms, PR Newswire powers the stories of organizations around the world. PR Newswire serves tens of thousands of clients from offices in the Americas, Europe, Middle East, Africa and Asia-Pacific regions.

You Might Also Like