As the digital landscape is rapidly shifting, it’s clear that many organizations are struggling to achieve proper data security governance. Across many conversations we’ve had, we noticed that this struggle typically stems from confusion about what data assets to prioritize securing.
To help organizations overcome this confusion, we decided to conduct a survey to understand how organizations are prioritizing their data security efforts. We invited over 100 security leaders to share their thoughts, and we received responses representing a wide range of industries, company sizes, and cloud adoption status.
Our analysis of the survey responses yielded interesting insights about how priorities vary across industry verticals, company sizes, and cloud adoption stages.
To give a full picture, let’s start with an aggregate view across all responses – we found that companies of all sizes and levels of cloud adoption prioritized securing various data asset types in this order:
- Production Servers
- SaaS apps
- Enterprise Systems Datastores
- User Devices
We observed that securing databases is the #1 priority across the board. This makes sense, given most of any organization’s data flows into and out of its databases; this includes sensitive information like customer PII, financial records, and intellectual property. As such, unauthorized data access due to poor database security governance poses a highly significant risk vector for any business.
Prioritization by Industry Vertical
One aspect we were interested in was whether companies prioritize securing data assets differently across various industry verticals.
As shown in the above chart, databases are consistently given high priority in all industry verticals besides Manufacturing/Industrial and Professional Services. These two verticals are unique as they both give top priority to production servers, followed by user devices.
Prioritization by Cloud Adoption Status
The priority of what to secure varies quite a bit by stage of cloud adoption, but among companies at the same level of cloud adoption, the priorities remain relatively consistent, with databases ranking highly across the board.
As shown above, companies in the middle stages of cloud adoption care most about securing SaaS apps. Interestingly, securing SaaS apps sits at 1st priority for companies with medium cloud adoption and tumbles down to 4th priority among companies that have entirely or almost fully completed their cloud migration journey. This is understandable as many organizations in the early stages of cloud migration don’t have sufficient experience or resources to properly configure their apps – on the other hand, companies that operate primarily in the cloud have already addressed the security risk presented by SaaS apps through proper security configurations.
Prioritization based on Company Size
The priority of what to secure is reasonably consistent across organizations of various sizes but changes quite a bit when they become very large.
Specifically, at the very large enterprise stage (50,000+ employees), enterprise data systems jump to 1st priority as opposed to smaller-sized organizations, where databases are considered the top priority.