Although data-driven companies place utmost priority on securing sensitive data, most are stuck in cycles of ineffective, inefficient manual data security and governance practices.
This is according to Satori's new industry study on DataSecOps in Cloud Report.
The report finds that more than 71% of respondents indicated they store PII, or personally identifiable data. Of this, 47% store sensitive financial data such as credit scores, bank or credit card accounts and payments in their data stores, spanning databases, data warehouses and data lakes.
While 85% consider securing access to sensitive data as critical for their business to reduce the data breach risk or unauthorised exposures, 61% indicated that meeting security and compliance requirements slows down their data projects.
Satori CEO and co-founder Eldad Chai says, “Our latest DataSecOps survey reveals the state that many companies are in - trying to scale through data but being held back by legacy processes and tools.
"The results correspond to why organisations are opting for a common data access layer securing access to sensitive data with fully automated tooling and processes, making the data the path of least resistance in the organisation.
"With a modern, real-time data security approach, companies can accelerate delivery of data projects, scale up across the organisation and save up to 80% less time spent currently on manual, ad-hoc security controls.
As data footprints continue to increase exponentially, every company is now storing massive amounts of data, the study finds. At the same time, the need to secure sensitive personal, health and financial data, is also increasing.
According to the report, these factors are driving new priorities for teams:
Rapid growth in sensitive data: 71% of respondents indicate they store PII data such as names, emails, date of birth and social security or national ID numbers, with 47% storing sensitive financial data such as credit scores, bank or credit card accounts and payments in their databases, data warehouses and data lakes.
Need to secure access to sensitive data: 85% see securing access to sensitive data viewed as critical for business, and as the way to minimise the risk of data breach or exposure to unauthorised parties. One in three point to meeting data security, privacy or compliance requirements from their customers, while 27% are addressing the sensitive data access for compliance with consumer privacy regulations such as GDPR and CCPA.
Data democratisation is a priority: As data democratisation accelerates, 75% are working on increasing access to data for more users such as data scientists, analysts, engineers and business users within the organisation.
Inefficient tools and processes inhibiting factor: 61% point to manual processes and tools for requesting access to data, with 32% relying on the manual process with emails and service tickets and 29% having fragmented processes mired in multiple tools and custom code.
Delays in data projects: 62% indicate that meeting security and compliance requirements slow down their data projects. Current manual processes and tools for data access are a huge drag on successful completion of critical data projects.
Less, not more: Over 50% want less to do with data security and governance. One in eight respondents want nothing to do with security and compliance requirements, while 39% want to see streamlined security and compliance processes so they can spend less time writing custom code or processing access requests manually, and focus more on their core projects for delivering data and insights to improve business operations.
The survey was conducted in March and April of 2022, with community partner Data Science Connect. Data engineers, architects and scientists, as well as security, privacy and compliance professionals participated in the survey.