Do you know where your sensitive data is?

Around a quarter of businesses don't know where their sensitive data is according to a new report from Normalyze and the Enterprise Strategy Group (ESG).

As enterprises move more operations to the cloud, the volume and exposure of sensitive data stored in public cloud services is also rapidly increasing. Despite efforts by security teams to manage data risks, many organizations lack clarity on where data is located, how sensitive it is, and who has access to it.

"This report highlights the harsh reality that there's a knowledge gap among teams in what data is vulnerable to bad actors and how to protect it," says Todd Thiemann, senior analyst at Enterprise Strategy Group. "The challenge lies in devising effective strategies to understand and address these security concerns."

The report also finds that 26 percent of respondents suspect they've lost sensitive data, but aren't sure. Nearly a third of organizations report that third-party risk management (29 percent), data leakage protection/rights management (27 percent), and regulatory compliance (26 percent) are the top three areas where generative AI governance and policy are the weakest in their respective operations.

More than 60 percent of sensitive data resides on public cloud services today, this is expected to increase to 68 percent within 24 months. In addition 27 percent organizations report that they expect between 81 percent to 99 percent of their sensitive data will be in the public cloud within the next 24 months.

IT teams also lack visibility into 'shadow data,' which complicates breach assessments and compliance with SEC regulations. Not knowing where sensitive data is means that teams could spend a significant amount of time assessing the scope of a breach to determine whether in fact it is 'material.'

"The findings reveal what we at Normalyze have long believed: you can't secure what you don't know you have, let alone operate efficiently without an understanding of the nature of your data or who needs access to it." says Amer Deeba, CEO and co-founder of Normalyze. "DSPM (Data Security Posture Management) offers a data first approach to security, helping organizations identify and prioritize their most valuable assets."

You can get the full report from the Normalyze site.

Image credit: fizkes/depositphotos.com