Light Dark
February 27, 2024 By Tom Fisher 4 min read
Data Protection
Cloud Security

Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.

The reason for this high cost is not only the penalties paid for the data breaches but also the amount of time (mean time to identify, or MTTI) it takes to discover and remediate the breach. The typical time in days that it takes to identify a breach is significant across all configurations, with the worst being multi-cloud and hybrid-cloud environments.

The figure above is measured in days. (Source: IBM)

These statistics are not only alarming but could conceivably be catastrophic, depending on the number and type of breaches that occur. They clearly spell out the compelling need for data protection in cloud applications and infrastructure.

Just how popular is the cloud?

According to a study published by G2.com in April 2023:

Cloud-first is the mantra

  • All companies use at least one public or private cloud
  • By 2025, 85% of organizations will be “cloud first”
  • Over 60% of all corporate data is in cloud storage
  • 100 trillion gigabytes of data will be stored in the cloud by 2025.

Multi-cloud is popular

  • 98% of enterprises use or plan to use at least two cloud infrastructure providers
  • 31% of enterprises have four or more cloud infrastructure providers
  • Nearly 9 out of 10 companies report having a multi-cloud strategy.

Hybrid cloud is on the rise

  • Nearly 8 of 10 companies use multiple public clouds and 60% use more than one private cloud
  • 56% of companies with more than $500 million in revenue have adopted a hybrid cloud.

If we apply a conservative estimate that 33% of 100 trillion gigabytes of data stored in the cloud is unprotected, that means that 33 trillion gigabytes are constantly at risk of being breached.

The emerging solution

Cloud-native data protection is a technology that protects data stored in and moving through cloud infrastructure by:

  1. Identifying where it’s located
  2. Identifying shadow copies of sensitive data
  3. Identifying data movement within and across multi-cloud and hybrid-cloud infrastructure.

To qualify as cloud-native and to handle the rapid movement and complexity of cloud services, the data protection technology should be implemented with cloud infrastructure and use cloud methodologies, such as containers, Kubernetes and microservices.

The name for this capability is data security posture management (DSPM), and it satisfies the requirements listed above for public, private, multi-cloud and hybrid-cloud environments.

What is cloud-native?

Cloud-native applications consist of multiple small, interdependent services called microservices. They are composed of:

  • Application programming interfaces (APIs), which bring loosely coupled microservices together
  • Service mesh, which manages the communication between multiple microservices
  • Containers, which are the application software components that pack the microservice code and other required files in cloud-native systems
  • Container Orchestrator/Manager, such as Kubernetes, which facilitates declarative container configuration, such as pods, and automation. 

Cloud and data protection impact

Data breaches certainly have the potential to slow cloud migration and innovation. How many breaches, after all, will users be willing to endure before demanding more comprehensive protection? Data privacy laws, such as the General Data Protection Regulation (GDPR), are also driving protection by levying fines on entities that don’t adequately protect data privacy.

Every application and website user appreciates cloud applications’ innovation and performance, including the personalization that cloud-native and artificial intelligence (AI) technologies facilitate. But that enthusiasm will likely ebb if data breaches escalate. Without more immediate attention to data protection, users may demand immediate, increased levels of accountability that could slow innovation.

DSPM to the rescue

To assuage these concerns, DSPM has emerged to address cloud data protection. DSPM identifies all repositories of “at risk” data within public, private, multi-cloud and hybrid-cloud infrastructure, which includes relational databases, Big Data stores, in-memory databases, Software-as-as-Service (SaaS) applications and shadow data.

That means DSPM finds data in any cloud storage repository, including data copied for any purpose outside a database or files such as log files. It also tracks data as it moves through cloud components to ensure that if data is moved, the organization knows about it and can implement remedial actions if needed.

But the most amazing part is that DSPM is incredibly easy to use. It automatically discovers data, catalogs where data resides so that shadow data can be identified and sends alerts about data vulnerabilities so that remedial actions can be taken as needed.

The compelling need for cloud-native data protection

Cloud-native data protection is needed to protect the wealth of generated data and traversing cloud infrastructure. The implementation needs to be cloud-native so that data in all multi-cloud repositories can be seen. In addition, cloud-native implementation enables organizations to see where data moves through applications built with cloud components, such as containers, APIs and service meshes, to get to the next storage location.

DSPM also belies the notion that cloud data security is hard to use and consumes too many resources to be effective. Using automated discovery, cloud-native DSPM automatically identifies sensitive data, shadow data, data locality and point-to-point data movement through cloud infrastructure and application components.

DSPM is easy to use, finds data locations and maps them and monitors data as it moves through the (multi-)cloud infrastructure. IBM Security Guardium Insights SaaS DSPM embodies all of the capabilities listed above.

Learn more on IBM Guardium Insights SaaS DSPM or sign up to try it for free now.

 |  |  |  |  |  |  |  |  | 
Tom Fisher
Product Marketing Manager, IBM Security Guardium

More from Data Protection
January 3, 2025

Router reality check: 86% of default passwords have never been changed

4 min read - Misconfigurations remain a popular compromise point — and routers are leading the way.According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfect position to compromise enterprise networks. Why put the time and effort into creating phishing emails and stealing staff data when supposedly secure devices can be accessed using "admin" and "password" as credentials?It's time for a router reality check.Rising router risksRouters…

January 2, 2025

Preparing for the future of data privacy

4 min read - The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk & Compliance Survey Report found that 82% of respondents cited data and cybersecurity concerns as their organization’s greatest risk. However, the majority of organizations noticed a recent shift: that their organization has been moving from compliance as a “check the box” task to a strategic function.With this evolution in…

December 20, 2024

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature