Netwrix Report: Growing Security Concerns Bringing Data Out of the Cloud – But Not for Good Reason
According to the latest Netwrix report, concerns around data security have been encouraging 46% of organizations to move their personally identifiable information (PII) back on premises, from the cloud.
The 2019 Netwrix Cloud Data Security Report released feedback from 749 organizations on their use of private and public cloud services to store their data.
Interestingly, 50% of the respondents store customer and employee PII in the cloud, but they are less inclined to store financial data and intellectual property in the cloud, at only 26% and 16%, respectively. Of those who store customer PII in the cloud and do not classify their data, 75% experienced a security incident. That rate is 3.5 times higher than organizations that do classify their data in the cloud.
According to the report, the largest motivators for moving to the cloud was cost savings (at 31% of organizations). Performing data discovery and data classification allowed organizations to adhere more closely with their cloud budgets. While 81% of organizations that classify data met their cloud budgets, 73% of those who claim to overpay for cloud services do not classify the data they store in the cloud.
Steve Dickson, CEO of Netwrix stated, “The report revealed that organizations are misled by the idea that moving customer data back on premises will ensure data security. In reality, without a data security program in place, these organizations are playing a simple ‘shell game.’ Organizations need to inventory their data to ensure they know where all the customer data resides, migrate it to a secure location and implement an auditing solution to ensure only the right people have access to the right data.”
Our Take
Strong data classification allows organizations to appropriately protect data, relative to its sensitivity. No organization wants to be spending resources over-protecting data that does not require it, and they certainly do not want to get caught under-protecting data that does require it. Classification plays a vital role in the governance necessary for strong data security – whether it’s in the cloud or on premises.
By classifying data before moving to the cloud, organizations have the option of keeping sensitive data on premises (possibly reducing its risk of exposure) and identifying redundant, obsolete, or trivial data that is not worth moving to the cloud – thus reducing costs.
Organizations don’t need to move away from the cloud for stronger security. Rather, to achieve better cloud security and cost savings, it is crucial to understand what types of data they have in the cloud and how to properly protect it.