As the business world continues to thrive on big data – and with more of that data stored in the cloud – visibility into a company’s data is undeniably important. No reasonable business leader would ever dream about leaving their logistics software unmanaged or sales departments to their own devices.Â
Data visibility into a self-contained, on-prem system is one thing, but that structure is hard to come by these days. Most modern businesses rely on the cloud to improve flexibility, increase scalability, and execute tasks quickly and effortlessly.
Anytime-anywhere RiskÂ
As the cloud allows businesses to work efficiently from anywhere, anytime, greater access drives higher levels of risk. Due to the increased pace of change and the sprawl of new cloud tech, an organization’s data will be spread around various places, leaving some data to be more or less invisible in a “dark corner.â€
 Many large brands have already come to face this reality. SEGA Europe sustained a massive data breachOpens a new window earlier this year after someone inadvertently stored secure, sensitive files in a publicly accessible AWS S3 bucket. Similarly, a “glitch†caused some Twitter users’Opens a new window personal information and passwords to be stored in a readable text format on the company’s internal system rather than disguised by their hashing process. The breaches of these two shadow environments show how a minor mistake can lead to public scrutiny and damage a brand.
See More: Five Data Management Trends to Keep an Eye on In 2022
Ignorance is (Not) Bliss
Some may argue that data visibility before the cloud was mediocre at best, often downplayed by poor employee security awareness and inconclusive data protection policies. The introduction of cloud technology highlighted that issue and led to the widespread problem of ever-increasing data breaches experienced today.
 One of the biggest factors contributing to data breach culture is the sheer absence of comprehensive data visibility. It’s almost become an inevitable outcome—the price of admission, so to speak—that an organization can’t know what’s going on with every piece of data. A lot of professionals have accepted that conclusion as fact.
 Often referred to as “shadow data,†hidden sensitive files and programs occur when data is copied, backed up or housed in a data store that is neither governed under the same security structure nor kept up to date. What some have simply accepted as the cost of doing business is becoming one of the most demanding threats to data security.
 Shadow data has primarily resulted from four main changes to data culture: The proliferation of technology and its associated high complexity, the limited bandwidth of data protection teams who are falling behind, the democratization of data and the removal of on-prem perimeters.Â
What Lurks in the Shadows?
While hidden data can result from several different situations, it typically occurs when sensitive data— customer information, employee information, financial data, applications, intellectual property, etc.—is copied in an unsanctioned way. When data is copied and stored to make the files or programs invisible to a data protection team, those assets are unsecured and unmanageable using most modern security tools. Below are a few examples of how shadow data comes about:
- S3 Backups: Almost every modern business has at least one backup data store that they use as a contingency plan in the case of a breach or damage to its production environment. The backup data store is meant to keep exact copies of production data in an emergency. However, these are often left unmonitored and can mistakenly expose large amounts of data to the public, as in the SEGA Europe example.
- Leftover Data from Cloud Migration: As many organizations move to the cloud, they will deploy “lift and shift†data migration projects, but too often, the original data will never get deleted. This lingering data will remain unmanaged, unmaintained and often forgotten, leading to vulnerabilities down the line.
- Test Environment: Most organizations have a partial copy of their production or RDS database in a development or test environment where developers build applications and test programs. Often, developers need to move quickly and may take a snapshot of some data but fail to remove or secure the copied data correctly, or they simply forget about it.
- Toxic Data Logs: When developers and log frameworks mistakenly copy actual sensitive data into log files, the result is a “toxic†data log. For example, naming the logs with a user’s email address exposes PII against policy.Â
- Analytics Pipeline: Many companies will store data in some type of analytics pipeline using the likes of Snowflake or others because it improves data recall speed and allows them to manipulate and analyze the data more efficiently. However, analytics pipelines are typically unmonitored by most security solutions today.
See More: All in Favor Say AI: Driving Innovation through AI and Data
Turning the Lights On
Shining a light into these “dark corners†of a business’ data stores can help thwart data breaches and other inadvertent vulnerabilities. Yes, modern organizations must enable their employees to move at the speed of the cloud, but that doesn’t mean security has to play second fiddle. Shadow data will occur, but the beauty of modern technology is that new solutions and approaches to decades-old challenges emerge every day.
 These solutions continuously work to discover and classify data and automatically detect all data stores and assets by scanning the entire cloud environment, revealing content in the shadows. Once all data is scanned, these solutions can categorize and classify files and programs and apply sanctioned data security policies to allow security teams complete visibility and automated monitoring to manage all of a company’s assets effectively.Â
 The number of breaches occurring in the shadows today should be enough for a business leader to reevaluate their approach to cloud security. Do they know where their sensitive data lives, and do they have the tools and resources to manage it? Having full data observability lets businesses understand where their shadow data stores are, their security posture and who owns them. Doing so leads to data flowing smoothly and safely and the ability to thrive in a fast-moving, cloud-first world.Â
Do you have 20/20 vision for all your data resources? Tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!