New Research Highlights at Least 1/4 of Businesses Don't Know Where Their Sensitive Data Is

New ESG Research Shines a Light on Enterprise Complexity as a Result of Abandoned Data


SAN FRANCISCO, Oct. 02, 2024 (GLOBE NEWSWIRE) -- Normalyze, the leader in Data Security Posture Management (DSPM), in partnership with the Enterprise Strategy Group (ESG), today released new research highlighting critical gaps in data security as organizations increasingly adopt cloud solutions. The research underscores the need for DSPM solutions, powered by AI and automation, to tackle challenges related to locating sensitive data, assessing its accessibility, and identifying who has access to it. The findings also shed light on security risks associated with generative AI adoption, the rise in sensitive data residing in the public cloud, and why businesses are facing an expanded attack surface.

As enterprises move more operations to the cloud, the volume and exposure of sensitive data stored in public cloud services is also rapidly increasing. Despite efforts by security teams to manage data risks, many organizations lack clarity on where data is located, how sensitive it is, and who has access to it. Additionally, “shadow data” is often stored without appropriate governance or control from security teams, which is an oversight that exacerbates data exposure and security risks.

“This report highlights the harsh reality that there’s a knowledge gap among teams in what data is vulnerable to bad actors and how to protect it,” says Todd Thiemann, Senior Analyst at Enterprise Strategy Group. “The challenge lies in devising effective strategies to understand and address these security concerns.”

The report's key findings include:

  • 26% of respondents suspect they’ve lost sensitive data, but aren’t sure
  • Nearly one-third of organizations reported that third-party risk management (29%), data leakage protection/rights management (27%), and regulatory compliance (26%) are the top three areas where generative AI governance and policy were the weakest in their respective operations
  • More than 60% of sensitive data resides on public cloud services today, expected to increase to 68% within 24 months
  • 27% organizations reported they expect between 81% to 99% of their sensitive data will be in the public cloud within the next 24 months
  • 46% of respondents suspect or are certain they have experienced any data loss, but cannot confirm

The study also shows that IT teams lack visibility into “shadow data,” which complicates breach assessments and compliance with SEC regulations. Not knowing where the sensitive data is means that teams could spend a significant amount of time assessing the scope of a breach to determine whether in fact it is “material.”

“The findings reveal what we at Normalyze have long believed: you can't secure what you don't know you have, let alone operate efficiently without an understanding of the nature of your data or who needs access to it,” says Amer Deeba, CEO and co-founder of Normalyze. “DSPM offers a data first approach to security, helping organizations identify and prioritize their most valuable assets.”

Founded with this idea and need in mind, Normalyze provides the necessary context across environments and ensures appropriate policies are followed around the data. It enables teams to streamline operations by understanding the lineage of an organization's data and who/what is accessing that data, identifying anomalies so that organizations can better protect sensitive data stores.

To access these critical insights and harness modern data security strategies, download the full ESG report here.

Methodology
TechTarget's Enterprise Strategy Group surveyed 387 IT, cybersecurity, compliance, and DevOps professionals at organizations in North America (US and Canada) involved with encryption and data security technology and processes. To qualify for this survey, respondents were required to be personally involved with encryption and data security technology and processes.

About ESG
Enterprise Strategy Group is an integrated technology analysis, research, and strategy firm providing market intelligence, actionable insight, and go-to-market content services to the global technology community. It is increasingly recognized as one of the world's leading analyst firms in helping technology vendors make strategic decisions across their go-to-market programs through factual, peer-based research. ESG is a division of TechTarget, Inc. (Nasdaq: TTGT), the global leader in purchase intent-driven marketing and sales services focused on delivering business impact for enterprise technology companies.

About Normalyze
Normalyze is the pioneer in Data Security Posture Management (DSPM), enabling organizations to effectively secure data at scale across SaaS, PaaS, public or multi-cloud, on-prem and hybrid environments. Normalyze fills the security gaps created by complex data landscapes, data lakes, shadow data and Generative AI by accurately and quickly discovering, classifying and visualizing the total data attack surface. With Normalyze, data and security teams can quantify risks and prioritize remediation plans to prevent data breaches, enforce least privilege access to sensitive data, optimize data storage and leverage AI for business.

Founded by industry veterans Ravi Ithal and Amer Deeba, and backed by Lightspeed Venture Partners and Battery Ventures, Normalyze holds 14 patents in data security and is used by global organizations including Albertsons, Snowflake, Informatica and many others.

For more information, please visit normalyze.ai.

Media Contact:
Mariah Gauthier
Normalyze@highwirepr.com