Page 89 - Cyber Defense eMagazine January 2023
P. 89
security, particularly in public cloud environments. As a result, they began to rely more and more
on data security professionals and looked at them as business accelerators. I expect this
sentiment to continue in 2023 as cloud data security technologies evolve to help make data
security professionals’ lives easier and advance the business.
2. The increase in unknown or “shadow” data will lead to more data leaks, risks for
organizations. However, it will ultimately serve as a wake up call for CISOs to prioritize
investments in data visibility and protection solutions. There is a dark side to digital
transformation fueled by the public cloud. Every day developers and data scientists create, move,
modify and delete data in service of positive business outcomes. And they leave a trail of
unintentional risk in their wake. The activities that create the biggest advantages for cloud-based
businesses are the same activities that introduce the most risk. As sensitive data propagates
across the public cloud, risk grows. This is the Innovation Attack Surface – a new kind of threat
that most organizations unconsciously accept as the cost of doing business. Massive,
decentralized, accidental risk creation by the smartest people in your business. This unknown or
“shadow” data has become a problem for 82% of security practitioners. Examples of it include
database copies in test environments, analytics pipelines, unlisted embedded databases,
unmanaged backups, and more. Because of its unknown content, it is at extra risk for exposure.
Security teams can expect to see more instances of shadow data breaches in 2023. However,
even though breaches caused by shadow data are set to increase, security teams are becoming
more and more aware of the situation and committing to solving the problem. The emerging public
cloud data security market proves that this is slowly becoming a problem at the forefront of CISOs
minds, and knowing you have a problem is the first step to solving it. In 2023, CISOs will prioritize
finding agile solutions that provide both visibility and protection into all of their cloud data to
discover and remediate data exposure risk.
3. A new data security center of excellence will report to the CISO. All security must protect
data, however not all security is focused on data. With data increasingly growing more important
as a currency between businesses, as well as as a means of innovation, organizations are storing
and sharing more of it than ever (and increasingly, in the cloud). The skills gap created by this will
begin to be addressed in 2023 with the rise of a new data security center of excellence, reporting
to the CISO. This center of excellence will bridge the gap between the CISO and the Chief Data
Officer (CDO) to ensure an entity’s valuable data is secure. The data security center of excellence
will have responsibility for the following four areas:
1. Constantly maintaining visibility of all sensitive data
2. Continuously protecting sensitive data
3. Controlling who has access to sensitive data
4. Ensuring that sensitive data adheres to the enterprise data security policy
This center of excellence, along with more data-centric, defense-in-depth security strategies will
augment the important data governance and data privacy work that the Chief Data Officer typically
oversees.
Raffael Marty, EVP and GM of Cybersecurity, ConnectWise
"It can be hard to get a handle on the constantly evolving cybersecurity threat landscape, but over the
last year, certain trends have made themselves clear—and we can expect to see these trends continue
Cyber Defense eMagazine – January 2023 Edition 89
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
