Data Security Remains a Challenge for CISOs
Most organizations are now engaged in some form of digital transformation project or initiative, but security is a top concern for firms as they invest in new technology to grow business. According to the 2020 Thales Data Threat Report – Global Edition, with research and analysis by IDC, organizations reached a global cloud tipping point causing them to struggle with security challenges of Digital Transformation (DX).
Today, half (50%) of all corporate data is stored in the cloud and nearly half (48%) of that data is considered sensitive. With multi-cloud usage becoming the new norm for companies, all respondents said at least some of the sensitive data stored in the cloud is not encrypted and 49% globally indicated that they have experienced a breach. In addition to DX and multi-cloud complexities, the global study shows that quantum computing has skyrocketed as a major concern with 72% of organizations claiming it will affect their security and cryptographic operations in the next five years.
The rush for Digital Transformation and the security fallout
With input from 1,723 IT and data security executives around the world, this year’s threat report dove deeper into the specific security challenges resulting from the ‘DX Era.’ The report revealed that the more digitally transformed, the more likely an organization is to be breached.
While organizations pursuing DX are capturing competitive advantages, the worldwide rush to implement disruptive technologies is creating new vulnerabilities resulting in data breaches and compliance audit failures. According to the report, 45% of organizations in the top two DX categories, Software-as-a-Service (SaaS) and social media, experienced a breach in the past year.
Multi-cloud is the new normal, but a top barrier to data security
Companies are using multiple Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) environments, as well as hundreds of SaaS applications. More than eight in 10 companies (81%) are using more than one IaaS vendor, 81% have more than one PaaS vendor and 11% have more than 100 SaaS applications to manage. As more data migrates to the cloud, security becomes more complex. Nearly 40% of respondents rate complexity as their top perceived barrier to implementing data security, down slightly from 44% last year.
Quantum threat on the horizon
As a breakthrough technology with applications in various industries, the report also draws attention to the much-anticipated impact of quantum computing. The report reveals that within the next five years, 72% of organizations believe quantum computing power will affect their data security operations. This is of particular significance, especially in the UAE as government bodies and public and private companies have started investing in research and development groups to maximize the benefits for the region. Even then, 27% still see the disruptive technology as a threat in the next year. This highlights the need for organizations to improve their post-quantum encryption strength.
Not all industries are embracing DX at the same rate
The report also explores how government, financial services, healthcare and retail sectors embrace Digital Transformation and associated security measures in varying degrees. Globally, government and federal entities are leading the way in DX, and Digital Transformation (DX) initiatives are forecast to increase at a CAGR of 17.6% in the MEA region over the 2019 to 2023 period.
However, globally, 52% of government respondents have experienced a data breach or failed compliance audit this year. In efforts to secure citizen and resident data, governments in the Middle East have digitized identification documents which carry biometric details, biological features and user data.
Respondents from financial services experienced the highest data breach at 54%. Respondents from retail and healthcare industries followed suit at 49% and 37% respectively.
Key takeaways for CIO/CISOs in improving data security
Data security is challenging, but across Big Data, IoT and containers, encryption is a key driver for adoption and usage. Based on this year’s findings, security professionals should:
- Invest in modern, hybrid and multi-cloud-based data security tools that make the shared responsibility model work
- Consider a zero-trust model to secure data
- Increase focus on data discovery solutions and centralisation of key management to strengthen data security
- Focus on the threat vectors within their control
- Utilize encryption to remain vigilant against today’s data risk reality
“As organizations face expanding and more complex cybersecurity challenges because of multi-cloud adoption and Digital Transformation, they need smarter and better ways to approach data protection,” said Frank Dickson, Program Vice President, Cybersecurity Products, IDC.
“Zero trust is a fantastic initiative to authenticate and validate the users and devices accessing applications and networks but does little to protect sensitive data should those measures fail. Employing robust data discovery, hardening, data loss prevention and encryption solutions provide an appropriate foundation for data security, completing the objective of pervasive cyber protection.”
Tina Stewart, Vice President of Global Market Strategy for Cloud Protection and Licensing Activity at Thales, added: “The Thales 2020 Data Threat Report-Global Edition clearly demonstrates that unprecedented amounts of sensitive data are being stored in multi-cloud environments by organizations all over the world.
“Having the right cloud security in place has never been more critical. As 5G networks are rolled out, IoT continues to expand and quantum computing creeps closer to becoming a reality, organizations must adopt a more modern data protection mindset. The first step towards protecting sensitive data is knowing where to find it. Once classified, this data should be encrypted and protected with a strong multi-cloud key management strategy.”