The explosion of data and applications has made multicloud – where the organization's data is stored on multiple cloud platforms and applications -- a reality for many organizations. Along with expanding the attack surface, the multicloud makes the task of securing and managing data even more challenging.
Almost 20% of CISOs responding to a data security survey from Eureka Security and YL Ventures say they don't know what database/platform they use to store the organization's sensitive data.
The survey defined sensitive data as personally identifiable information (PII), personal health information (PHI), secrets such as passwords and application tokens, and payment card information (PCI). In this survey, PII was the most common sensitive data stored (84%), followed by secrets (55%), PHI (29%) and PCI (29%).
Most CISOs say they employ tools and methodologies for limiting access to data. The majority of respondents say they rely on dedicated groups (92%) and network policies (51%).
Sensitive Data Stored in the Cloud
There are organizations still leery about migrating application workloads to the cloud because of concerns about storing sensitive data in servers they don't have full control over. However, the survey suggests that most organizations are not letting data security concerns hold them back from the cloud. About 45% of respondents say they store sensitive data in public clouds, and the same number of respondents say they rely on a hybrid approach, with sensitive data stored across cloud and on-premise systems. Just 2% of respondents say sensitive data are stored on-premises.
In fact, 22% of respondents stated that more than half of their cloud data is sensitive.
Respondents were also asked to list the top three databases/platforms used to store sensitive data. PostgreSQL was by far the most popular database (41%) and MySQL, MsSQL, Oracle, and Snowflake had the same usage rates (22%). The report notes that many CISOs are relying on "lift-and-shift" – where they are moving from on-premises to cloud without adopting cloud-specific data security controls, such as classification and masking policies.
There is also a bit of a disconnect between the number of respondents who say they store sensitive data in cloud systems and the number of respondents who use cloud platforms. Of the top 5 platforms, Snowflake is the only one specifically built for the cloud with end-to-end cloud data security features.
The Addressing Cloud Data Security in the Multi-Cloud Era report is available from Eureka Security and YL Ventures.