Name a company that isn’t pursuing some kind of cloud strategy, and we’ll be impressed you managed to find even one. We won’t say every major company is shifting to the cloud because science says you can’t prove a negative. Still, we’re comfortable saying the cloud is now a mainstay of modern business operations. It offers the usual host of benefits associated with cutting-edge tech—scale, cost savings, better productivity—but also the usual downsides, of which cloud data management is a big one.
As companies move to the cloud, protecting sensitive data, mitigating risk, and ensuring regulatory compliance are key. And yet, according to a new benchmark report from EDM Council, 84% of respondents have not implemented “ethical access, use, and outcome” policies and procedures when executing their agenda in the cloud.
The recently released Cloud Data Management Benchmark Report sheds light on the state of data management and risk controls within cloud adoption based on the council’s own framework. Despite how common cloud migration is, the report only highlights how far many companies have to go. Let’s look at the existing gaps and what companies might do to enhance their management of cloud data and bolster their overall security posture.
Common risks in the data cloud
Data risks manifest in the cloud in various ways. Companies must address these risks to realize the value of their data assets. So what risks are we talking about?
- Unauthorized Access: Without proper security measures, unauthorized individuals or entities can gain access to sensitive information, leading to potential data breaches or misuse.
- Data Breaches and Leaks: Malicious actors can exploit vulnerabilities in cloud systems, potentially exposing sensitive data to unauthorized parties. Additionally, unintentional data leaks can occur due to misconfigurations or human error, resulting in unintended data exposure.
- Data Loss or Corruption: Cloud service disruptions, hardware failures, or software glitches can lead to data loss or corruption if adequate backup and disaster recovery measures are not in place. Losing critical data can have severe consequences for organizations, including financial losses and damage to the company’s reputation
- Lack of Regulatory Compliance: Organizations must adhere to specific data protection regulations and industry standards. Failure to comply with these regulations in the cloud environment can result in legal consequences, fines, and potentially disastrous outcomes in the public court of opinion.
These risks aren’t a surprise, but why do organizations have such trouble avoiding these risks?
Cloud environment complexity
Cloud environments comprise a multitude of interconnected systems, applications, and services. Managing data within such intricate ecosystems poses challenges to teams, whether large teams or small—think visibility, control, and governance over these data assets. Additionally, the dynamic nature of the cloud means a constantly evolving infrastructure and service offerings, adding a layer of complexity to data risk management.
Rapidly evolving security threats
Threat landscapes in the cloud continuously evolve with new attack vectors, techniques, and vulnerabilities. Staying abreast of these evolving threats and implementing appropriate security measures can cause a significant drain on resources and leave administrators unable to do more than continuously troubleshoot.
Changing data protection regulations
Like the threat landscape, data protection regulations also continue to evolve. A few years ago, regulations like GDPR and CCPA caused significant upheaval, but these won’t be the last to do so. In the context of the cloud, companies must navigate complex legal frameworks and demonstrate accountability for data privacy, even if they don’t have full visibility or governance over their cloud infrastructure yet.
Companies are making strides, but there’s a lot more to do
The inaugural study has determined that while many organizations are moving to the cloud, these efforts still aren’t strategic or coordinated enough when it comes to security. Many are still relying heavily on manual processes, and levels of automation are low across all of the framework’s categories. This won’t do companies any favors.
The study uses the council’s framework for reference. It includes 14 components in six categories — governance and accountability, cataloging and classification, accessibility and usage, protection and privacy, data lifecycle, and data and technical architecture — to guide companies strategically through cloud implementations.
Some of the most telling survey results include:
- Governance and accountability: 33% of respondents are in the developmental stage of automating their data sourcing and consumption. 16% have not initiated any sort of protocols at all. This signals a significant risk of non-compliance with regulations.
- Cataloging and classification: only 12% of companies have achieved automation of data classification. Poorly managed data is a risk, and more manual tasks create weaknesses as companies migrate data.
- Accessibility and use: Only 16% of organizations have achieved or enhanced ethical data management. Organizations must have structures in place to manage ethical access and use.
- Protection and privacy: Companies seem to have made the biggest strides in this area, with 22% achieving a data privacy framework and 24% achieving a measure of security controls.
- Data lifecycle: Most organizations are in the defined or developmental stage of managing the entire data lifecycle, which is somewhat reassuring but indicative that more work needs to happen.
- Data and technical architecture: Only 7% of companies have achieved or enhanced data lineage and provenance protocols. Companies need to do a lot more work to automate these tasks in a cloud context.
Strategies for mitigating data risk in the cloud
The survey outlines some things companies should do, centering around three main categories
Prioritize automation for cloud data management
Automated data management processes and workflows help reduce human error and improve operational efficiency. Minimizing manual interventions puts humans back on higher-value tasks.
To do this, companies can leverage automation tools and technologies to streamline data governance policies, data classification, backups, and cloud monitoring. Automation also creates consistent access controls that protect data without unnecessarily restricting stakeholders from the data they need. Additionally, automated alerts and notifications help teams proactively respond to potential incidents and breaches by discovering anomalous activities sooner.
Focus on closing the gap in control implementation
The survey noted several areas where data risk controls were inadequately implemented. Companies can close this gap by developing and deploying appropriate controls in cost tracking and monitoring as well as data lineage. Both provide greater visibility into the movement and transformations of data as well as helping ensure greater compliance.
As always, enhancing security measures in your cloud environment to safeguard data is a must. Companies can implement strong authentication mechanisms such as multi-factor authentication to begin. Encryption technics can protect data at rest and in transit, and regular updates to cloud security infrastructure safeguard against emerging threats.
Companies are improving, but there’s more to be done
The survey notes that companies have made strides in several areas of the cloud data management framework, but more must happen to realize the potential of the cloud. Implementing automated data management processes and focusing on closing the gaps in controls allows companies to mitigate data risk and confidently leverage the advantages of cloud investments.
Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.