Data is said to be the oil of the digital age – lucrative fuel for business operations to grow. But just like oil, the proliferation of data brings its own set of challenges. In 2020 alone, the amount of data created grew to 59ZB. Plentiful in volume, this begs the question: how do we keep it under control and secure?
It has been reported there are over 60,000 “hacking attempts” every day in the UK alone – a number only set to increase as remote working has weakened organisations’ traditional security perimeter of the office, creating multiple access points for hackers to gain entry. But there is also another issue plaguing the IT team: just how much data is at stake?
This is because the use of SaaS apps, such as Facebook, Zoom and DropBox, are spiralling out of control as employees work from home, away from the gaze of IT. According to Rewind, there are 3 to 4 times more SaaS apps in use at a company than the IT department is aware of on average, and it is estimated that by 2022, 90% of enterprises will rely on SaaS apps to execute business objectives. This lack of visibility, combined with who has access to both the apps and the sensitive data within, highlight the gaping holes in a company’s security posture.
Cloud data and security — what every healthcare technology leader needs to know
The problem with unstructured data
Whilst SaaS applications house large volumes of structured and unstructured data, it is the unstructured data that causes companies the biggest problems – think selfies, videos, audio files, even email files. Lacking proper identity security policies, which can govern employee access to these SaaS apps and the data stored in them, is a major cyber security risk for organisations, with unstructured data the leading contributor to the rise in security compromise.
To gain a better understanding on the risk companies face with regards to SaaS applications and the data they store, we recently conducted a survey with Dimensional Research to better recognise the state of unstructured data and surrounding security practices.
This research shows the complexities arising in keeping our data secure, and under control. Already we see 92% of companies moving their unstructured data to the cloud. However, 76% of companies have encountered challenges with protecting their unstructured data, including unauthorised access, data loss, compliance fines and more.
More than four out of 10 companies admitted they don’t know where all of their unstructured data is located. Nearly every company surveyed reported managing access to unstructured data as difficult, specifying numerous challenges such as too much data, a lack of single access solution for multiple repositories and lack of visibility into access – including where data lives and who owns it.
It is unsurprising, given this data, that a Canalys report found companies spending record sums on cyber security in order to protect the rapid digital transformation we have experienced over the last year. 50% of European businesses stated that investing in new security technology was their highest prevention spending priority. Yet, despite these efforts and intentions, the number of successful attacks continues to be higher than ever, with Canalys reporting that “more records were compromised in just 12 months than in the previous 15 years combined.”
The curious case of Brexit and the disappearing GDPR
On the third anniversary of the day the EU GDPR became applicable, Elizabeth Schweyen, senior manager of global privacy and compliance at Druva, discusses the current state of GDPR in the UK following Brexit. Read here
Connecting the dots with access
Looking even more closely at the research, we can connect the dots between these findings and the rise in cloud adoption, the unstructured data that resides in the apps and systems in the cloud, and IT’s attempts at securing this monster network of information. The answer lies in access. Our survey found more than a quarter of companies fail to perform regular reviews of user access privileges, with one-third of companies lacking real-time alerting when unauthorised access occurs with unstructured data.
By extending identity security at the implementation stage to manage data access, there is hope. This solution provides an automated approach for updating user access levels, logging where data is, clarifying the type of data stored, and alerting companies to unauthorised access. When IT has all the information and visibility on an organisation’s users and their access – both data and applications – they have the power to quickly make the right decisions, even in the event of a data breach.
The future lies in identity
Many IT leaders that I have spoken to know the challenges of securing unstructured data, with some failing to address it as part of their overall approach to identity security. If we smartly align our security practices to the trends predicted, we will be able to stay in control of the situation so that our data, and the systems guarding them, are secure and robust.