Here’s an important truth: There is no data privacy without data protection. Consumers and companies place their trust in the organizations they do business with and trust that their sensitive data will be kept private. These same organizations want to protect consumer and partner data, to preserve their brand as a trustworthy partner, grow revenues, and avoid regulatory fines. Similarly, businesses need to safeguard their own data, such as intellectual property and strategic plans from exposure, which can harm their ability to create competitive advantage in the marketplace.
Data Privacy Risk Growing in a World of Constant Security Breaches
So, how has the world progressed on data privacy issues since the Committee of Ministers of the Council of Europe established Data Privacy Day in 2006?
Not well, sadly. In 2022, there were 1,802 data compromises, just 60 incidents short of 2021’s record. That is cold comfort to the 422 million individuals who had their data exposed as a result of these breaches. Large regulatory fines for major data violations are also drawing notice, such as the 2022 €405 million GDPR penalty against Meta-owned Instagram and the €746 million fine against Amazon in 2021.
In the business world, supply chain attacks, such as those launched against Microsoft, Okta, SolarWinds, and more, have ensnared tens of thousands of customers.
Why Data Breaches Are Growing in Scale and Severity
The twin challenges of data privacy and data protection are growing as organizations adopt hybrid cloud infrastructures. Teams are migrating to multi-cloud environments across vendors, without ensuring effective data security, privacy, and governance.
While hyperscalers provide built-in security, they cover the infrastructure and services they provide – not the data stored within. Predictable problems are resulting from the following trends.
- More data is stored in the cloud: Enterprises have been deploying more data to the cloud to use it for decision-making and AI-powered analytics. An astonishing 60% of all corporate data is now stored in the cloud. And there’s no end in sight. Spending on public cloud services is expected to reach $591.8 billion in 2023, up from $490.3 billion in 2022.
- Developers provision their own data: IT used to be in charge of managing and granting data access. No longer. Business teams are provisioning their own data stores, which can create shadow data, or organizational data that is copied, backed up, or housed in a data store that is not governed, under the same security structure, or kept up to date by security or IT. Nearly all (93%) of senior data professionals surveyed in a public cloud security survey said they were concerned about the problem of shadow data.
- Infrastructures are becoming more complex: Users leverage dozens of technologies to store, use, and share data across multiple clouds. These services may be managed by cloud service providers (such as AWS S3 buckets, Google Cloud Storage, Azure Blob Storage), IT teams (such as AWS RDS), or even developers or DevOps (such as databases that run on EC2 or Kubernetes nodes).
- IT and security lack visibility into cloud data: Since developers can spin up new datastores in minutes – or copy existing ones – it’s easy to see why IT and security teams are losing visibility into (and control over) their data holdings. Without visibility, it’s impossible to consistently enforce security policies, prioritize and mitigate risks, identify anomalies, and address attacks in progress to reduce their damage.
- Data breaches are increasing: Major data breaches are reported almost every month and increasingly affect hundreds of thousands or millions of users. Three out of four respondents to the public cloud data security survey mentioned above acknowledged that their cloud environments had been breached in 2022.
Protecting Cloud Data with Cloud-Native Security Platforms
The good news is that enterprise teams understand the scope and severity of the problem and have momentum to change. Business leaders believe that cloud environments are unique enough from on-premises infrastructure to warrant unique solutions.
The best path forward is to deploy a cloud-native security platform that is focused only on protecting data; is high-performance and scalable; works asynchronously to avoid disrupting data flows; and is agentless and API-based, making it easy to deploy.
Public cloud security solutions accommodate growth, while putting automated guardrails in place. They automatically discover, govern, and secure data stored in public cloud services. By discovering and inventorying all shadow data, enforcing policies and controls, and retiring unneeded sources, data and security teams can reduce attack surfaces. In addition, prioritized remediation and alerts enable teams to proactively focus on remediating high-risk data stores, further reducing the risk of exposures.
As an agentless, asynchronous solution, a public cloud data security solution doesn’t harm data performance. As a result, teams can spin up new stores, run big data analytics, and deliver value to the business, without experiencing latency that can impede innovation.
That’s a win for data, IT, and security teams, as well as the businesses they work for and the customers whose data they protect.