A new cybersecurity opportunity: protecting cloud shadow data
Imagine you are a security guard at the bank’s security camera. One day they tell you that from tomorrow, the security room will be closed, all the safes will be scattered in different places and they will not tell you where they are. You have no idea who accessed it and when, or if they will be relocated soon. However, you will still be responsible for the safety of the safes and the integrity of their contents. No security officer will agree to work in these conditions, losing control in a way that will not allow him to perform his function and protect the belongings of customers.
Surprisingly, this exact process has passed on to security managers from organizations around the world in recent years. In the prehistoric era of the 1980s, the databases of organizations were centralized: the main servers running the applications were located in the basement of the building, as a main database was used for all functions. and application services. A limited number of security managers monitored and managed these end-to-end databases, while users had no choice but to make any changes to any system component that could expose the data to cyberattacks.
With the cloud rapidly outpacing the market, centralized architectures collapsed, and a new layer of Shadow IT was suddenly created: a wide variety of devices were added to the corporate network, as employees downloaded applications without any control and exposed the system to new vulnerabilities. .
This sudden loss of control seems like a “child’s play” compared to the new challenges posed by the public cloud. These challenges are more similar to the decentralized safe room scenario described above. When companies take the microservices approach, they basically distribute their data across more than 100 different types of data residence technologies, including different types of databases, shared storage, data warehouses, data conduits, and more. Data also flows to external SaaS services or repositories, such as Snowflake or Databricks, making it even more difficult to map and track.
In addition, in modern cloud environments, the developer (not the security manager) becomes the primary entity responsible for creating and managing databases. Each developer creates data warehouses in their preferred technology, with different configurations, logs, backup mechanism, encryption, and access architectures, often exposing sensitive information without even being aware of it.
Given the formation of Shadow Data and the fact that the data creation process has almost overwhelmingly shifted to developers, security managers are not finding their hands and feet in the new Data Chaos. They lose control of security. They have no idea where sensitive data comes from, where it flows, who accesses it, and when. A technology survey we conducted in large U.S. organizations shows that security administrators are not even aware of the existence of about 30% of their databases, which contain sensitive information. It is no coincidence.
The challenge of securing data in the cloud only intensifies over time, and existing solutions focused on securing cloud infrastructure are not enough: its primary goal is not to protect the data itself. Companies born in the public cloud era want a different approach and will soon be joined by all the largest organizations in the world that are rapidly migrating to the public cloud.
This also presents a great opportunity for the Israeli cyber industry. Over the last year, a new approach to cloud security has been developed, which prioritizes data security in the cloud, called DSPM (Data Security Posture Management). With this approach, security managers regain control. DSPM platforms perform automated and continuous data mapping while detecting and classifying sensitive information that exists in cloud companies. In doing so, this perception answers the most critical questions about cloud data: where they live, who has access to them, and where they move, whether between accounts, countries, geographies, services, and more. The mapping also reveals weaknesses and breaches of compliance (such as GDPR) as well as recommendations on how to resolve them.
Guy Shanny is a serial entrepreneur and co-founder and CEO of cybersecurity company Polar Security.