At Cyral, we pride ourselves on working closely with security leaders to see the world as they see it. We conducted multiple interviews and surveys to understand their needs as it pertains to data security governance – what it encompasses, what it excludes, how much of it is driven by risk, how much by business needs, where they feel good, and where they need to invest… the list goes on.
We have an extended board of advisers, investors, and customers who were very generous with their time, and helped us develop a thorough model of data security and how it pertains to different types of structured and unstructured data.
Our team thought it would be a good idea to share some of these insights back with the community. This blog post summarizes results from an open-ended survey we shared with close to 100 security leaders. We hope that this benefits security practitioners across the board.
Findings
First, we asked security leaders how much significance they place on securing production databases. Unsurprisingly, a large majority of the folks we spoke to consider securing their databases a priority, with less than 20% of respondents saying that they perceive little to no risk with their databases. This aligns with the results from our previous survey, where we found that databases are considered a higher priority to secure relative to other assets.
We were also curious about how organizations view data democratization and the effect that plays in prioritizing database security. As expected, we found some correlation between these two goals: out of the organizations that perceive a great deal of risk with their databases, 69% find it extremely valuable for engineering teams to be able to access production databases.
To better understand how organizations think about data security governance, we asked our respondents to share their unstructured thoughts on what data security governance entails. We generated a word cloud from the responses to highlight which data security capabilities seem most pertinent in our discussions with security leaders.
The above word cloud shows that a few particular concepts are top of mind for security leaders thinking about data security governance. Namely, we see that data discovery & classification, least privilege access management, and field-level access control are among our respondents’ primary concerns. We agree that these are indeed key elements of an effective data security governance program – to learn why and how, check out our white paper, “A Framework for Data Security Governance”. At Cyral, our commitment to understanding the perspectives of security leaders drives our continuous efforts to improve data security governance across all organizations.
