Symmetry Systems, the data+AI security company, has officially published its latest State of Data+AI Security Report, where it leveraged deep insights into organizational data practices from deployments of Symmetry DataGuard to deliver a critical juncture of data and identity in modern data security. Talk about the stated report on a slightly deeper level, it started by revealing how, without active intervention, organizational data and identities tend to become stagnant at alarming rates, and therefore, expose organizations through an expanded attack surface. Next up, the report discovered that sensitive identity information, such as secrets and credentials which further expose access to data, continues to be stored insecurely across the board. The findings further talked to the explosion of AI adoption that is now pretty much necessitating proactive risk management and consideration of associated security implications. Moving on, the report also informed us on how implementing basic cybersecurity measures like multi-factor authentication (MFA) and segmentation of environments remains a significant challenge for organizations. Joining the same was a piece of knowledge which claims that a third of data objects stored in environments are image files or contain images. This fact alone complicates the classification of this data with both optical character recognition (OCR) for extracting text from images, and machine learning-based classifiers for categorizing the images required.
“As I was preparing the report, it struck me once again that data classification isn’t the end goal. With a third of data objects consisting of images and a huge variety of data identifiers that could make it sensitive, determining which dataset is sensitive is very context and business dependent”, said Claude Mandy, Chief Evangelist at Symmetry Systems. “Scanning every byte again and again is pointless, unless you know with who or what has access to the data,”
Then, there was a discovery where we got to know that 10.9% of Cloud accounts/projects connected to an organization were unknown and outside of its control boundary. This was mainly because of AWS’s account number-based architecture model, which differs considerably in GCP and Azure. To give a more concrete view of the reality, Symmetry’s report even presented some concrete figures. Here, it started from those 9.3% of organizations who still had 1 or more human accounts without multi-factor authentication (MFA) enabled and console access to their environment. Furthermore, the report took the veil off an estimated 24.5% identities that had dormant access to sensitive data. Making this even worse was a claim on how the stated contingent has also been growing at a rate of 122% year on year. Hold on, we still have a few bits left to unpack, considering we still haven’t discussed anything about those 59.6% of data stores that currently lay dormant and are growing at a whopping rate of 500% year on year. Finally, the report rounded things up by revealing that 100% of organizations had at least one form of secret stored insecurely outside of a secrets manager, accounting for 1% of the sensitive data identified.
“AI holds immense potential to transform businesses and society, but as our State of Data+AI Security Report clearly shows, the security practices and governance guardrails around identities with access to data are still lagging, and won’t keep pace with CoPilot adoption,” said Dr. Mohit Tiwari, CEO of Symmetry Systems. “From inadequate lifecycle management of identities with access to data and poor MFA hygiene, organizations are playing with fire. Robust data+AI security has to be the top priority to enable the adoption of AI at scale.”