In the grand concert hall of today’s digital landscape, data stands as the virtuoso performer, the cornerstone of organisational value. Much like a Stradivarius violin in the hands of a master, data is an asset of unparalleled worth. In Asia Pacific (Apax), data centre capacity is projected to more than double by 2028, pooling a staggering investment of US$564 billion. In tandem, the cloud market is poised for a crescendo with an anticipated growth rate of 17.3%, reaching a market size of US$329.1 billion by 2027.
Yet, this influx of investments into data generation and storage has led to what is known as the data explosion, and businesses are now looking at the best ways to protect their orchestral masterpieces. This is even more pronounced in Apac where many are moving beyond traditional approaches to adopt multi-cloud strategies, with nearly two-thirds of the region’s top 2000 organisations expected to do so by 2025. However, as organisations conduct their multi-cloud symphony with its harmonious blend of enhanced data ownership and optimised costs, they can inadvertently expand their attack surface and diminish data visibility.
Consequently, the cloud is now facing an onslaught of more frequent – and more successful – cyberattacks as cyber-attackers target the platform’s security blind spots. According to our latest Zero Labs report, many Singapore organisations targeted by cyberattacks last year experienced attacks across multiple aspects of their hybrid environment, with a jarring 67% of attacks impacting cloud data. For those engaging in multi-cloud, this issue is further aggravated by the lack of synonymy between different cloud platforms, which creates complex security challenges and reduces visibility over data movement and usage between services.
With no signs of the cloud market slowing down, data breaches have become an inevitable issue organisations must confront. This begs the question: how can organisations orchestrate data protection alongside their multi-cloud strategies, ensuring the complex arrangement of cloud players, and instruments of operational efficiency, and find their collective rhythm, amidst a growing cacophony of potential security discords?
Uncover the hidden vulnerabilities in the cloud
Many organisations place a great deal of faith in their cloud infrastructure provider. This trust, however, can lead to blind spots in an organisation’s security posture.
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
For example, object storage, a technology designed to handle vast amounts of unstructured data, manages about 70% of all data in a typical cloud instance. Similar to an untuned instrument, this storage tier has far lower security measures than other areas of cloud infrastructure and has the potential to strike a discordant chord. As a result, it is estimated that the majority of data stored in the cloud is under-protected. Compounding this, 88% of the data in object storage is estimated to be either unstructured or semi-structured, which might not be machine-readable or adequately covered by prominent security technologies and services.
One might assume this storage tier includes no business-critical data, however, our research found that over 25% of object storage data is sensitive data, including data subject to regulatory or legal compliance such as the Personal Data Protection Act (PDPA) in Singapore. This underscores the importance of robust data security measures to safeguard the cloud and keep confidential information secure.
Consider these risks in today’s context where 93% of Apac organisations are expected to increase cloud data storage in 2024. This threat will only intensify as businesses become more reliant on the cloud, with 44% already prioritising a ‘cloud-first’ strategy – a figure expected to rise exponentially.
See also: Responsible AI starts with transparency
Act, not react
Being proactive in data security necessitates adopting Zero Trust principles and an ‘assume breach’ mindset to data management. These strategies see only minimal access privilege being granted at all times – even after verifying a user’s identity – as all users, devices, and networks are considered potentially compromised. This can effectively mitigate risk and help ensure operations can be rapidly recovered through measures such as logical air gaps, encryption, and immutability, upholding data integrity and availability.
Another critical step is to continuously identify and monitor for sensitive data exposure in the cloud to maximise data security posture management (DSPM). By doing so, it provides a comprehensive overview of an organisation’s sensitive data and where it resides, enhancing overall data visibility and enabling the appropriate controls to be applied before a breach occurs.
By staying attuned to cyber attackers latest tactics and techniques, organisations can be better prepared for inevitable data breaches. This fosters confidence in cloud technology adoption and the ability to recover, enabling organisations to scale and hit the high notes in innovation and business transformation.
Be the maestro of your cloud data security orchestra
More than ever, the explosion of data and rise of multi-cloud complexities signals a compelling need for organisations to take up the baton and orchestrate their cloud data security.
Just as each instrument in an orchestra is crucial for a unified and impactful performance, each cloud provider within an organisation’s strategy plays a vital role. Here, the data security platform functions as the conductor’s baton, guiding all components to work together harmoniously to create a powerful and secure cloud environment.
To that end, organisations must adopt a strategic and proactive approach to safeguard the symphony of cloud data, effectively navigating the complexities of the modern cloud infrastructure.
Sheena Chin is the regional director for Asean at Rubrik
