The Rise of Security Challenges for the Data Cloud
We were witnessing a once-in-a-generation shift in data engineering and processing technology. Companies are rapidly embracing the Data Cloud, a collection of cloud-based services like Snowflake, MongoDB, Looker, Databricks, Kafka, Tableau, etc.to store, process and analyze operational, business intelligence and other structured and semi-structured data.
The Data Cloud enables organizations to embrace data democratization and be data-driven. It eliminates silos, unlocks new use cases, and helps improve customer experience and company culture. Coupled with Infrastructure-as-Code, it allows businesses to achieve massive gains in speed and efficiency, operate at virtually unlimited scale, and optimize price-for-performance.
There is, however, no free lunch, and the trade-off is data getting dispersed across numerous databases, microservices, data warehouses, analytics tools, and pipelines. This results in increased security concerns that will soon become “top-of-mind” for engineering and security teams alike.
- The Rise of Insider Threat. A key underlying driver for adoption of the Data Cloud is data democratization, which is the notion of making data seamlessly accessible to all the right users, and at the right time. But this comes with the enhanced risk of the dreaded Insider Threat. To quote the CISO of a global hospitality company, "One of the scariest scenarios for me is someone walking up to one of my DBAs or data engineers with $50K in a suitcase, and asking them to run a few queries". As the number of people who can run those queries increases, we will see increased emphasis on secure data democratization.
- New threats for new generations of users. Consumerization of IT has been a theme for some time as a new generation of workers showed up in offices, expecting the same experience from business applications as Facebook and Amazon. The global pandemic forced organizations to sprint to the finish line and lift all blockers on SaaS and cloud for their internal purposes. Overnight, organizations now have to deal with a myriad of SaaS BI tools and SaaS based processing services plugged into data repositories with their crown jewels. In this new world, we are likely to see increased attacker activity and new TTPs that seek to exploit these new groups of users with access to these tools and services.
- An even bigger role of identity. Despite the unfortunate backdrop of the global pandemic, 2020 has been an exceptionally strong year for Identity and Access Management (IAM) providers. With more organizations going partially or fully remote, Identity is poised to stay a foundational component of any enterprise’s security program. Interestingly, the same identity controls that are so widely used in the application and infrastructure clouds do not work uniformly in the data cloud. This is why we will see a growing need for the IAM controls to work across the modern data services ecosystem – a void that will in small part be addressed by existing IAM vendors, but predominantly be filled by new data security solutions.
- Software eats access management. As a hacker, you don’t need to waste your time picking locks, when it is easier to just search for open doors. Misconfigurations and human mistakes are often the biggest source of vulnerabilities. As companies become agile with their employees working from anywhere, the manual process of managers and admins coordinating over emails and tickets will become an increasing area of risk. We expect policy as code frameworks like OPA, Sentinel, Legalese, etc to start to become more mainstream and move from Kubernetes enthusiasts to IT operators who use automation and scripts to administer access for the employees to key, critical resources.
We have seen a similar shift twice before: first, when BYOD created a proliferation of different kinds of devices in the enterprise, leading to creating a new class of security solutions that are today known as EDR with established vendors like Crowdstrike, Tanium and VMware Carbon Black. And again, when a similar growth of SaaS applications created the now-infamous “Shadow IT” problem which resulted in the emergence of CASB products.
I believe the future of data is in its democratization, where any piece of information is readily available to those who are allowed to access it. In that world, access to data comes with complete visibility and control, through services that help IT, security and data teams collaborate on securing their Data Cloud.