What are the Greatest Threats to Data Security?
"In the aftermath of COVID-19, migrating data stores to the cloud is happening faster than expected and organizations need to address the security implications," said Ron Bennatan, co-founder and CTO of jSonar, a database security startup. "Everything in an on-premise data center has an equivalent—but different counterpart—in a cloud environment, often leaving teams with a skills deficit. In general, cloud environments are more standardized, and thus more secure. But they are also different and new. Together with new databases which spring up like mushrooms, securing data has become more challenging than ever and the lack of skills available to secure them increases the risk. Finally, on the compliance side, there is a heightened focus on privacy issues that touch more systems and people."
Other industry leaders agree that remote work increases the threat to data security. In addition, with more valuable data stored in hybrid and multi-cloud scenarios, data security and governance protocols must be adjusted. For many organizations, understanding what data they have, and where that data is, remains a challenge, particularly given the budget constraints security practitioners must focus on in protecting assets to different levels depending on their risk profiles, agreed Myke Lyons, CISO at Collibra, provider of a unified platform for digital transformation. "As more and more organizations look to the cloud for data services, governance must be top of mind," he added.
More now than ever before, organizations are aware of their inability to keep their cloud estates secure by themselves. According to the Oracle and KPMG Cloud Threat Report 2020, 92% of respondents don’t have a full understanding on their organization’s role in securing cloud data versus the cloud provider, said Jensen. "Much of this has to do with the fact that many businesses are now focused on the needs and demands to develop and adjust security policies to accommodate the increased WFH population and enable the secure remote population for these employees."
There is more sensitive data now stored in private, public, and hybrid infrastructures than ever before, pointed out Om Moolchandani, co-founder and CTO at Accurics, a cybersecurity company. "However, the expanding ubiquity is not matched with corresponding security. Cloud infrastructure is programmatically built and provisioned, and even a small programming error can create serious data exposures."
And yet, with new work from home plans and increasing cloud deployments, there is one constant and ubiquitous threat—employees themselves. "The greatest risk remains the human component of security," observed George Kobakhidze, lead solutions engineer at ZL Technologies, a provider for information governance. "While it is possible to lock down permissions and track data movement against all programmatic access, ensuring that humans don’t behave maliciously or negligently is an even bigger concern now than ever before with remote work," said Kobakhidze.