Digital transformation initiatives and remote work have further accelerated the migration of data assets to cloud stores. However, organizations are finding that sensitive data is now distributed across multiple public clouds. The use of disparate controls has led to a lack of consistent visibility and control, putting cloud-resident data at risk of compromise and loss.
What is necessary to secure cloud-resident data? Organizations need solutions that support data loss detection and prevention capabilities across a range of cloud applications and services. These solutions need cloud-native controls that provide a unified approach across disparate cloud data stores via API integration.
To gain insights into modern processes for securing cloud-resident data, TechTarget’s Enterprise Strategy Group surveyed 387 IT, cybersecurity, and DevOps professionals responsible for evaluating, purchasing, testing, deploying, and operating hybrid cloud data security technology products and services at organizations in North America.
This study sought to answer the following questions:
- Are organizations using separate data security controls for on-premises and cloud environments? Do they plan to unify this protection in the future?
- How much of organizations’ sensitive data is cloud-resident today, and how much will be in 12-24 months?
- How are organizations identifying and classifying sensitive data? How confident are organizations that they have the necessary tools in place to discover and classify all their public cloud-resident data?
- Have organizations lost cloud-resident sensitive data and, if so, how and why?
- What policies do organizations currently employ to protect data assets associated with the use of cloud services?
- How do organizations compare the security associated with protecting their cloud-resident sensitive data with the security associated with protecting their organization’s on-premises sensitive data?
- Who are the key stakeholders who influence and make cloud data security purchasing decisions?
- Do organizations have an individual or group designated as “cloud security architects”? What areas of responsibility are, or will likely be, assigned to cloud security architects?
- What types of data security controls are currently in use, which are viewed as most important, and which ones are buyers prioritizing?
- What types of native data security controls provided by CSPs do customers currently and plan to use?
- From what type of vendor do buyers plan to purchase cloud data security controls?
- How do organizations view the pros and cons of best-of-breed point tools versus consolidated suites/platforms?
- What is the role of resellers, integrators, and managed service providers in data security?
- Relative to other areas of cybersecurity, how do organizations expect their data security spending to change, if at all, over the next 12-24 months? What tasks do organizations consider to be the highest priorities to implement to protect cloud-resident sensitive data?
Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.