October 23, 2022 • 

The full CSA report can be obtained here. Here are some highlights:

KEY FINDINGS

1. Organizations are struggling with securing and tracking sensitive data in the cloud.
2. Third parties and suppliers have similar access to sensitive data compared to employees.
3. Dark data issues stem from staffing problems and interdepartmental conflict.
4. The majority of security professionals believe their enterprise will experience a data breach in the next year.

The report, which I highly recommend downloading and reading, also contains numerous excellent charts and figures. Here are four that I am including (by permission), and there are also many more great metrics.

For example, “In general, organizations are lacking confidence in their ability to secure data in the cloud, with 39% reporting high confidence levels. Over half of the organizations (57%) report medium to low levels of confidence. This lack of confidence becomes even more evident when discussing sensitive data.”

In your opinion, what percentage of your organization’s sensitive data in the cloud is sufficiently secured?

“Organizations utilize between four and five different components for their data protection strategy. Some of the most common components include data backup and recovery (33%), auditing and assessing data protection processes (32%), adhering to standards and regulatory compliance (31%), and establishing policies and procedures (31%).

What are the components of your data protection strategy?

“Organizations are struggling with tracking data in the cloud. Over a quarter of organizations aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data. This suggests that organizations’ current methods of classifying data aren’t sufficient for their needs.

“Here is a chart showing survey results for different types of data being tracked:”

A DEEPER DIVE

This video from CSA dives deeper into trends in securing sensitive data with privacy enhancing technologies.

FINAL THOUGHTS

Almost every C-suite leader that I speak with is actively moving data to the cloud or considering protections for the same in 2023. This survey from a trusted nonprofit organization like CSA offers some fascinating insights into the thought process for technology and security leaders and frontline security experts.

No doubt, this is just one moment in time, but the ongoing level of concern from industry leaders remains disquieting — but not surprising.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.