Cloud data security gaps: what 2022 survey results mean for teams

TL;DR: 80% of organisations store sensitive data in the cloud, 53% experienced a cloud infrastructure cyberattack in the prior 12 months, and 49% saw unplanned remediation costs after an attack, according to Netwrix’s 2022 survey of 720 IT professionals. The governance gap is not cloud adoption itself, but the fact that data, access, and detection controls are still maturing unevenly.

NHIMG editorial — based on content published by Netwrix: 2022 Cloud Data Security Report

By the numbers:

• 80% of organizations store sensitive data in the cloud
• 53% of respondents experienced a cyberattack on their cloud infrastructure within the last 12 months
• 49% of IT pros said that an attack led to unplanned expenses to fix security gaps

Questions worth separating out

Q: How should teams reduce cloud data exposure without slowing cloud adoption?

A: Start by linking sensitive datasets to the identities and roles that can reach them.

Q: Why do cloud incidents so often become expensive remediation events?

A: Cloud incidents spread cost because the same identity or misconfiguration can affect multiple services, regions, or accounts at once.

Q: What do security teams get wrong about cloud data protection?

A: They often focus on where data is stored and miss which identities can actually move it.

Practitioner guidance

• Inventory cloud identities tied to sensitive data Build a single view of human accounts, service accounts, API keys, and tokens that can reach cloud data stores or management planes.
• Reduce standing privilege in cloud roles Review cloud roles for overbroad access to storage, backups, and admin functions, then remove permissions that are not needed for current business use.
• Correlate identity and storage telemetry Join authentication logs, role assumption events, object access logs, and alerting into one investigation path so suspicious access can be traced before data leaves the environment.

What's in the full report

Netwrix's full report covers the operational detail this post intentionally leaves for the source:

• Regional and vertical breakdowns for cloud security challenges across the UK, France, manufacturing, education, healthcare, and finance.
• Survey detail on how cloud security measures affect detection time and which controls practitioners reported as most effective.
• Appendix material on budgeting and the distribution of cloud security obstacles across respondents.
• Full consequence analysis for breaches that led to unplanned expenses and control remediation.

👉 Read Netwrix's 2022 cloud data security report →

Cloud data security gaps: what 2022 survey results mean for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →