Opinion
A new cybersecurity opportunity: protecting cloud shadow data
The challenge of securing data in the cloud is only intensifying as time goes by and the existing solutions focused on securing cloud infrastructure are not sufficient, writes Guy Shanny, Co-Founder & CEO of Polar Security
Imagine you’re a bank safe-room security manager. One day you are told that starting tomorrow, the safe room will be closed, all the safes will be scattered around different sites, and you will not be told where they are. You’ll have no idea who accessed them and when, or if they’ll be transferred to another site anytime soon. Nevertheless, you will continue to be responsible for the safes’ security and the integrity of their contents. No security manager will agree to work under these conditions - losing control in a way that will not allow him to fulfill his role and protect customers' belongings.
Surprisingly, this exact process has happened to security managers in organizations around the world in recent years. In the prehistoric era of the 1980s, organizations׳ databases were centralized: the main servers that ran applications were located at the building basement, as one main database was used for all the functions and application services. A limited number of security managers controlled and managed these databases end to end, while users had no option to make any changes in any component of the system that could expose the data to cyber attacks.
With the cloud rapidly overtaking the market, centralized architectures crumbled and suddenly, a new layer of Shadow IT was created- a huge variety of devices were added to the corporate network, as employees downloaded applications without any control, and exposed the system to new vulnerabilities.
This sudden loss of control seems like 'child’s play' when compared to the new challenges posed by the public cloud. Those challenges are more similar to the decentralized safe room scenario described above. When companies embrace the microservices approach, they essentially distribute their data across more than 100 different types of data residency technologies, including different types of databases, shared storage, data warehouses, data pipelines and more. The data also flows to external SaaS services or warehouses, such as Snowflake or Databricks, making it even more challenging to map and track.
Moreover, in modern cloud environments, the developer (and not the security manager) becomes the primary entity responsible for creating and managing databases. Each developer creates data stores in the technology he prefers, with different configurations, logs, backup mechanism, encryptions and access architectures, often exposing sensitive information without even being aware of it.
Related articles:
Given the formation of Shadow Data and the fact that the data creation process has shifted almost overwhelmingly to the developers, security managers are not finding their hands and feet in the new Data Chaos. They lose control of security. They have no idea where sensitive data is, where it flows, who is accessing it, and when. A technological survey we conducted in large organizations across the U.S shows that security administrators are not even aware of the existence of approximately 30% of their databases, which contain sensitive information. It's no coincidence.
The challenge of securing data in the cloud is only intensifying as time goes by, and the existing solutions focused on securing cloud infrastructure are not sufficient - their primary goal is not focused on protecting the data itself. Companies born in the era of the public cloud are craving a different approach and soon they will be joined by all the largest organizations in the world that are rapidly migrating to the public cloud.
This also introduces a great opportunity for the Israeli cyber industry. During the past year, a new cloud security approach has developed, prioritizing cloud data security - called DSPM (Data Security Posture Management). With this approach, security managers regain control. DSPM platforms perform automatic and continuous data mapping while detecting and classifying the sensitive information that exists in cloud companies. By doing so, this perception answers the most critical questions about cloud data: where it resides, who has access to it, and where it moves - whether between accounts, countries, geographies, services, and more. The mapping also reveals weaknesses and compliance violations (such as GDPR) while providing recommendations on how to resolve them.
Guy Shanny is a serial entrepreneur and the Co-Founder & CEO of the cybersecurity company Polar Security.