New research finds: At least a quarter of companies don't know where their sensitive data is

New ESG research sheds light on business complexity as a result of abandoned data

SAN FRANCISCO, Oct. 2, 2024 (GLOBE NEWSWIRE) — NormalizeThe leading provider of data security posture management (DSPM), in collaboration with the Enterprise Strategy Group (ESG), today released a new study that highlights critical gaps in data security as companies increasingly adopt cloud solutions. The research highlights the need for DSPM solutions powered by AI and automation to address challenges related to locating sensitive data, assessing its accessibility, and identifying who has access to it. The findings also shed light on security risks associated with adopting generative AI, the rise of sensitive data in the public cloud, and why organizations face a larger attack surface.

As companies move more operations to the cloud, the volume and exposure of sensitive data stored in public cloud services is rapidly increasing. Despite security teams' efforts to manage data risks, many organizations lack clarity about where data resides, how sensitive it is, and who has access to it. Additionally, “shadow data” is often stored without proper governance or control by security teams, an oversight that exacerbates data compromise and security risks.

“This report highlights the harsh reality that there is a knowledge gap among teams about what data is vulnerable to malicious actors and how to protect it,” said Todd Thiemann, senior analyst at Enterprise Strategy Group. “The challenge is to develop effective strategies to understand and address these safety concerns.”

Key findings from the report include:

• 26% of respondents suspect that they have lost sensitive data, but are not sure

• Almost a third of organizations said third-party risk management (29%), data leak protection/rights management (27%) and regulatory compliance (26%) are the three areas where generative AI governance and policies are needed in their respective organizations companies were weakest

• More than 60% of sensitive data is now in public cloud services and is expected to increase to 68% within 24 months

• 27% organizations reported that they expect between 81% and 99% of their sensitive data to be in the public cloud within the next 24 months

• 46% of respondents suspect or are certain that data loss has occurred, but cannot confirm this

The study also shows that IT teams lack visibility into “shadow data,” making it difficult to assess breaches and comply with SEC regulations. If teams don't know where the sensitive data is, they could spend a lot of time assessing the extent of a breach to determine whether it is actually “material.”

The story continues

“The results show what we at Normalyze have long believed: you can’t secure what you don’t know you have, let alone operate efficiently, without understanding the nature of your data or who needs access to it.” says Amer Deeba, CEO and co-founder of Normalyze. “DSPM provides a data-centric approach to security, helping organizations identify and prioritize their most valuable assets.”

Founded with this idea and need in mind, Normalyze provides the necessary context across all environments and ensures appropriate policies are followed around the data. It enables teams to streamline operations by understanding the provenance of an organization's data, who/what is accessing that data, and identifying anomalies so organizations can better protect sensitive data stores.

To access these important insights and leverage modern data security strategies, Download the full ESG report here.

methodology
TechTarget's Enterprise Strategy Group surveyed 387 IT, cybersecurity, compliance and DevOps professionals at organizations in North America (US and Canada) who are involved in encryption and data security technologies and processes. To qualify for this survey, respondents had to be personally involved with encryption and data security technologies and processes.

About ESG
Enterprise Strategy Group is an integrated technology analytics, research and strategy firm that provides market intelligence, actionable insights and marketable content services to the global technology community. It is increasingly recognized as one of the world's leading analyst firms, helping technology providers make strategic decisions about their go-to-market programs through factual, peer-reviewed research. ESG is a division of TechTarget, Inc. (Nasdaq: TTGT), the global leader in purchase intent-driven marketing and sales services focused on driving business impact for enterprise technology companies.

About Normalyze
Normalyze is the pioneer in Data Security Posture Management (DSPM), enabling organizations to effectively secure data at scale across SaaS, PaaS, public or multi-cloud, on-prem and hybrid environments. Normalyze closes the security gaps created by complex data landscapes, data lakes, shadow data and generative AI by accurately and quickly detecting, classifying and visualizing the entire data attack surface. With Normalyze, data and security teams can quantify risks and prioritize remediation plans to prevent data breaches, enforce least privilege access to sensitive data, optimize data storage, and leverage AI for business.

Normalyze was founded by industry veterans Ravi Ithal and Amer Deeba and backed by Lightspeed Venture Partners and Battery Ventures. It holds 14 patents in the field of data security and is used by global organizations such as Albertsons, Snowflake, Informatica and many others.

For more information, see normalyze.ai.

Media contact:
Mariah Gauthier
[email protected]