Report Finds Data Security is a Priority for Over 40% of CEOs

With data at the root of business-driving initiatives, the need to maintain data security and compliance is becoming imperative for leaders across industries. Security measures, however, are facing an increasingly daunting landscape of potential threats. According to a new survey by the International Data Corporation (IDC), 54% of European organisations experienced an increase in the volume of cyberattacks on their network within the last 12 months.

Protecting data amid emerging threats and increasing regulations, without compromising accessibility, is highly complicated. In its new InfoBrief, How Data Security Platforms Improve Security Posture and Enable Secure Data Collaboration in the Cloud, IDC identifies the most pressing challenges to modern data security. By examining these challenges, how to address them, and the tools that are best suited to do so, organisations can approach cyber threats and obstacles with confidence.

The Growing Data Security Gap

Data use and data security are, by nature, at odds with one another. While data fuels insights and analytics-driven decision making, there is an inherent danger of misuse and inadequate protection leading to unauthorised access, breaches, or leaks. Combine this challenge with factors like migrating data to the cloud, widespread data democratisation, data silos, and fragmented policies, and you clearly see a growing gap between innovative data use and effective data security.

Data is like natural gas: It has the power to heat homes and generate electricity, but if it is not stored, transported, and used safely, it can be lethal. Over time, standards, tools, and best practices have been developed to ensure natural gas is used safely in homes, power plants, and businesses. Today’s data teams face a similar challenge. They need tools and tactics to help bridge the security gap and leverage data safely.

Emerging Challenges to Data Security

Fueling this data security gap is a range of emerging obstacles that can make safe and productive data use even more difficult. According to the IDC InfoBrief, the most common challenges include:

Growing Threat Landscape

The cyber threat landscape encompasses the full range of known and potential threats to a particular user group, business, sector, time period, or similar grouping. As data, users, and use cases proliferate, the threat landscape expands in tandem.

According to IDC, 54% of European organisations experienced an increase in the volume of cyberattacks on their network within the last 12 months. These cyberattacks occur in the midst of a broadening attack surface, growing frequency of insider threats, and exploitation of the supply chain as a new attack vector. Each of these factors contributes to a constantly shifting threat landscape that sensitive data must be fortified against.

Data Sprawl & Shadow Data

Data sprawl occurs when the amount of data created, collected, shared, and analysed grows exponentially across a data ecosystem. As organisations move more of their data to the cloud and adopt decentralised architectures, their data footprint expands across platforms, tools, and applications. Data sets that are stored, accessed, analysed, and copied in various ways by a distributed global workforce are, by nature, much harder to protect.

Data sprawl drives the creation of shadow data, information that has been moved, copied, used, and/or housed outside of its original location(s) in the cloud data ecosystem. This generates a significant blind spot, as undiscovered shadow data will not always be governed and protected by network security methods. IDC found that only 20% of security respondents use automated data discovery and classification tools in their data stacks, indicating a greater need for consistent data discovery capabilities to fully understand what kind of sensitive data lives where.

Evolving Compliance Regulations

As the number of compliance laws and regulations continues to grow, organisations need to regularly evolve their data use in order to remain compliant and avoid penalties. Respondents to the IDC survey ranked data privacy and regulatory compliance as their number one operational security priority for 2023, above both cyber resilience and hybrid work security.

Organisations must apply and maintain policies in accordance with regulatory specifics. In addition, regularly auditing data use is essential to prove these actions are appropriate and compliant. When asked about the biggest challenges to maintaining compliance with the General Data Protection Regulation (GDPR), IDC respondents highlighted:

This underscores the challenges of keeping up with just one regulation, not to mention the many other federal, international, internal, and/or industry standards to which many organisations must adhere.

Key Methods to Improve Data Security

To address these myriad challenges that widen the data security gap, data teams need to take action to optimise secure data use. Based on IDC’s survey data, organisations are adopting a number of tools and practices to improve their data security posture, including:

Balancing Data Security & Utility

Addressing the data security gap head-on may be difficult, but it is necessary in balancing data users’ needs with proper privacy and security. Over half (53%) of respondents to the IDC survey shared that making more internal data available and usable was the most important action to make their organisation data-driven. Security was noted as the most frequent challenge (29%) to achieving democratised, collaborative data use.

IDC recommends that data and governance teams “establish guidelines for sharing data based on sensitivity levels and implement appropriate data access and protection measures.” This, along with applying policy with regulatory requirements, allows data teams to enable data sharing and collaboration without sacrificing compliance or security. When policy requirements are applied using privacy-enhancing technologies (PETs) like data masking, and enforced using dynamic access controls, they can be adapted along with evolving regulations to maintain consistent security.

Incorporating Governance as a Business Strategy

Cloud data governance incorporates aspects of data access management, security, and compliance in order to ensure that only the right users are able to access sensitive cloud data.

To be implemented effectively, governance requires a combination of effective tools and cross-functional coordination. IDC recommends that cloud data governance processes follow these steps:

1. Plan: Put organisational roles and functional structures in place to build the foundation for a governance model.
2. Understand: Work with legal and compliance teams to evaluate the governance and compliance requirements that apply to your organisation, and task data teams with facilitating data discovery and classification.
3. Assess: Examine the threat landscape, and determine your organisation’s risk appetite, tolerances, and risk response plan.
4. Operate: Develop, apply, and automate governance policies using dynamic tools based on the research into requirements, risk appetite, and discovered data.
5. Monitor: Continually examine and adapt the framework in response to changing

regulations, threats, security requirements, etc.

By viewing governance as an ongoing organisational and technical application, teams can remain agile in their cloud data protection efforts.

Fostering Organisational Readiness

Like governance, successful data security posture management is achieved through stakeholder collaboration, clear communication, and continuous improvement. This necessitates involvement and focus from stakeholders across the organisation, not just one specific team. To operationalise this approach, IDC suggests that teams align on the following tenets:

1. Policies: Data access and security policies should be easily understandable, and created with all stakeholders’ input. With a common understanding across teams, these policies can be applied and repeated without confusion.
2. People: To foster alignment with various teams, organisations need to provide thorough training that educates employees and create a responsible and secure environment.
3. Technology: Since manual processes often extend time-to-data and lead to silos or bottlenecks, automating key tools and technologies is key to streamlining your team’s security controls.

The Growing Importance of the Data Security Platform

Surmounting modern data security challenges requires a range of distinct and continuous tasks. Unfortunately, keeping all of these tasks aligned and current is not always easy. Sixty percent of IDC survey respondents said that time spent maintaining and managing security tools instead of investigating security issues was the most limiting factor in improving their organisation’s IT security capabilities. Despite its importance, maintaining security posture should not come at the expense of burdensome manual labor.

To combat these security challenges without becoming a burden to data teams, organisations across Europe are choosing to expand and/or upgrade their data security technologies in the coming year:

To unify policies, people, and technology in the pursuit of closing the data security gap, more teams are implementing unified data security platforms in their tech stacks. A data security platform is a tool that brings together various security-oriented capabilities in a single, centralised, easy-to-understand platform. These capabilities include security measures such as:

• Automated Data Discovery and Classification: Automatically identify types and locations of sensitive data that is added into the ecosystem, helping to inform governance, access policies, and risk management.
• Centralised Access Management: Applying dynamic attribute-based access control policies to consistently manage access across hybrid cloud environments.
• Privacy-Enhancing Technologies: Enabling techniques such as data masking, encryption, and k-anonymisation in order to proactively protect data both at rest and as it travels through the cloud.
• Continuous Monitoring & Audit Trails: Maintaining constant surveillance of activity in the ecosystem in order to alert any suspicious or risky data use and prove compliance whenever requested.

When asked about the most important criteria for choosing a data security platform, 76% of respondents told IDC that they preferred to choose the “best of platform,” one which is able to deliver the most capabilities in a single tool. The Immuta Data Security Platform allows teams to discover, secure, and monitor their sensitive data using automated tools that are easy for any stakeholder to understand. By implementing a powerful data security platform, modern organizations can approach the cyber threat landscape and address the data security gap with ease–all without sacrificing utility.

To learn more about the IDC’s survey findings, check out their new InfoBrief. For a closer look at how Immuta can help improve your security posture, request a demo from our team.