Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Forrester Analysts. Show all posts

Growing Public Cloud Spending is Leading to a Shadow Data Risk


Public cloud spending and adoption has emerged as a growing sector. As per the assumptions made by analysts, organizations will spend $591.8 billion on cloud infrastructure and services this year, more than 20.7% from last year. 

According to the Forrester, the public cloud market is set to reach $1 trillion by year 2026, with the lion’s share of investment directed to the big four, i.e. Alibaba, Amazon Web Services, Google Cloud, and Microsoft. 

So, What Is Going On? 

In the wake of pandemic, businesses hastened their cloud migration and reaped the rewards as cloud services sped up innovation, offering elasticity to adjust to change demand, and scaled with expansion. Even as the C-suite reduces spending in other areas, it is certain that there is no going back. The demand from businesses for platform-as-a-service (PaaS), which is expected to reach $136 billion in 2023, and infrastructure-as-a-service (IaaS), which is expected to reach $150 billion, is particularly high. 

Still, this rapid growth, which in fact caught business strategists and technologies by surprise, has its own cons. If organizations do not take the essential actions to increase the security of public cloud data, the risks are likely to grow considerably. 

Shadow Data Is Growing Due to Lax Security Controls 

The challenges posed by "shadow data," or unknown, uncontrolled public cloud data, is a result of a number of issues. Business users are creating their own applications, and programmers are constantly creating new instances of their own code to create and test new applications. A number of these services retain and utilize critical data with no knowledge of the IT and security staff. Versioning, which allows several versions of data to be stored in the same bucket in the cloud, adds risks if policies are not set up correctly. 

Unmanaged data repositories are frequently ignored when the rate of innovation quickens. In addition, if third parties or unrelated individuals are given excessive access privileges, sensitive data that is adequately secured could be transferred to an unsafe location, copied there, or become vulnerable. 

Three Steps to Improve Public Cloud Data Security 

A large number of security experts (82%) are aware of, and in fact, concerned about the growing issues pertaining to the public cloud data security problem. These professionals can swiftly aid in minimizing the hazards by doing the following: 

  • Discover and Classify all Cloud Data 

Teams can automatically find all of their cloud data, not just known or tagged assets, thanks to a next-generation public cloud data security platform. All cloud data storages, including managed and unmanaged assets, virtual machines, shadow data stores, data caches and pipelines, and big data, are detected. This data is used by the platform to create an extensive, unified data catalog for multi-cloud environments used by enterprises. All sensitive data, including PII, PHI, and transaction data from the payment card industry (PCI), is carefully identified and categorized in the catalogs. 

  • Secure and Control Cloud Data 

Security teams may apply and enforce the proper security policies and verify data settings against their organization's specified guardrails with complete insights into their sensitive cloud data. Public cloud data security may aid in exposing complicated policy breaches, which could further help in prioritizing risk-based mannerisms, on the basis of data sensitivity level, security posture, volume, and exposure. 

  • Remediate Risks and Monitor Activities Without Hindering the Data Flow 

The aforementioned is a process named data security posture management, that offers recommendations that are customized for every cloud environment, thus making them more effective and relevant. 

Teams can then begin organizing sensitive data without interfering with corporate operations. Teams will be prompted by a public cloud data security platform to implement best practices, such as enabling encryption and restricting third-party access, and practicing greater data hygiene by eliminating unnecessary sensitive data from the environment. 

Moreover, security teams can utilize the platform to enable constant monitoring of data. This way, security experts can efficiently identify policy violations and ensure that the public cloud data is following the firm’s mentioned guidelines and security postures, no matter where it is stored, used, or transferred in the cloud.  

4 Shocking Predictions for Cybersecurity in 2023 from Forrester Analysts

 


Security and data privacy are increasingly evolving in today's world, and the landscape is changing rapidly. The predictions for 2023 by many cybersecurity analysts indicate that companies would not simply be able to reduce their vulnerability to cyberattacks by optimizing their existing processes. Instead, they will also have to eradicate them, they have to re-evaluate how they deal with cybersecurity in general, not just how they approach it in an isolated way. 

A recent article in VentureBeat shares some of Forrester analysts' top cybersecurity predictions for 2023 based on their research. A shift in the cultural orientation of organizations in how they manage risk and privacy concerns can be seen in these statistics in the report. 

In Forrester's forecast, the most shocking predictions include the increasing number of cybersecurity employees turning into whistle-blowers due to burnout, C-level executives facing pressure for their use of employee monitoring, and a rising number of cyber insurance providers expanding their MDR business.  

A majority of Chief Risk Officers (CROs) report directly to their CEOs in most cases 

The Forrester senior analyst Alla Valente explained that in addition to businesses adopting innovative and digital strategies. They are now also facing unprecedented changes that result from systematic risk forces, a constantly evolving regulatory environment, ever-chaotic supply chains, and shifting customer expectations while they embrace innovative digital strategies. 

The role of the chief risk officer (CRO) has become increasingly significant, especially for non-financial companies, as companies are expanding the scope of their risk management strategies to include a wide range of sources of risk and repositioning their center of gravity to include non-financial risks. 

Today's CROs cannot hedge against downside risks (compliance, insurance) in the same way as CROs of the past. The CRO may be tasked with finding opportunities for growth as risk management receives more attention and becomes an internal concern gaining internal prominence.

It is pertinent to note that risk management does not have to be seen as an unnecessary expense but rather as an opportunity to increase business. CROs are now reporting directly to the CEO, resulting in a change in the reporting structure.

C-level executives will be terminated for using employee monitoring in their companies

The Forrester principal analyst Heidi Shey mentioned that some employers are turning to the electronic monitoring of employees to keep an eye on their performance with the rise of remote and anywhere work options. As part of any monitoring technology implementation, companies must consider privacy rights and the employee experience. This is true regardless of whether the system is being implemented to track employee productivity, enable a return-to-work strategy, or address internal concerns about insider trading.

There are many opportunities for disaster from a regulatory and workforce perspective when it comes to implementing this type of business initiative. Therefore, companies need to be very careful with their planning and implementation. 

In addition to causing violations of GDPR, employee monitoring efforts can also violate new laws enacted recently in New York and Ontario, Canada. These laws are specifically related to employee monitoring with specific monitoring types. The bill being proposed in California aims to improve accountability in the workplace surveillance system, and therefore we can expect additional attention from legislators in 2023. 

According to the analysts, there is also a possibility that employers will become more intrusive, which could lead to a rise in employee protests as well as strikes and organizing by labor unions in response to such monitoring efforts.

Three cyber insurers are expected to acquire MDR providers

The Forrester VP principal analyst Jeff Pollard explained that there is an expectation that cyber insurers will aggressively move into the MDR segment this year. This is because they calculate that it is better to offer detection and response services by themselves to the clients they insure rather than leaving it to the clients to do it all on their own. In 2022, Acrisure began a trend that would continue for several years. 

 Some benefits, that can be gained by insurers through MDR acquisitions include the following.
  1. High-value data about attacker activity, which can be used to refine underwriting guidelines
  2. Unprecedented visibility into the policyholder environment
  3. Confirmation of the claimant's statements. 
When cybersecurity leaders purchase MDR from an insurer, they must evaluate how the insurer will use telemetry when underwriting — which is not likely to be favorable for them. They should also consider whether the insurer is willing to offer cybersecurity services such as MDR. In addition, they should consider whether they are confident they can rely on their insurer to help them stop active attacks while they are doing so. 

Organizations will sue offensive security tool providers for causing their security breaches

The Forrester senior analyst Allie Mellen discussed that most of the post-exploitation kits used by security professionals and attackers are Cobalt Strike, Metasploit, and Mimikatz, among others. To ensure that customers do not misuse the technology for harmful purposes, some providers share disclosures or involve due-diligence processes during the sale process.  

There will be a growing number of tools available in the marketplace. Enterprises and governments will be compelled to ensure that the tools do not fall into the wrong hands. This will also affect how these tools are created and distributed.  

According to the study, litigation may follow in 2023 against a software company. This may set a precedent for other software products to fall into the crossfire in the future. This is as tensions continue to mount over the potential breaches of third parties.