Symmetry’s State of Data+AI Security Report Reveals Data and Identity challenges facing organizations as AI Adoption Accelerates with Microsoft Copilot adoption.
San Mateo, Calif. – May 29, 2024 – Symmetry Systems, the data+AI security company, today publicly released its eye-opening State of Data+AI Security Report. Leveraging deep insights into organizational data practices from deployments of Symmetry DataGuard, the report reveals the critical intersection of data and identity in modern data security.
Symmetry’s research, which unsurprisingly, highlighted that all Organizations collect & retain personal information, also revealed four key insights into the State of Data+AI Security:
- Without active intervention, organizational data and identities become stagnant at alarming rates, exposing organizations through expanded attack surface;
- Sensitive identity information, such as secrets and credentials, which further expose access to data, continues to be stored insecurely;
- The adoption of generative AI copilots is exploding, necessitating proactive risk management and consideration of associated security implications; and
- Implementing basic cybersecurity measures like multi-factor authentication (MFA) and segmentation of environments remains a significant challenge for organizations.
“AI holds immense potential to transform businesses and society, but as our State of Data+AI Security Report clearly shows, the security practices and governance guardrails around identities with access to data are still lagging, and won’t keep pace with CoPilot adoption,” said Dr. Mohit Tiwari, CEO of Symmetry Systems. “From inadequate lifecycle management of identities with access to data and poor MFA hygiene, organizations are playing with fire. Robust data+AI security has to be the top priority to enable the adoption of AI at scale.”
Key findings from the State of Data+AI Security Report include:
- 24.5% of identities with access to were dormant, and growing at 122% year on year.
- 59.6% of data stores were dormant, growing at almost 500% year on year.
- 100% of organizations had at least one form of secret stored insecurely outside of a secrets manager, accounting for 1% of the sensitive data identified.
“Symmetry’s report that 100% of organizations left secrets and credentials exposed is hair-raising,” said Brian Castagna, CISO at PerkinElmer and Symmetry Systems Advisor. “After recent major breaches from leaked secrets, leaving this sensitive data just lying around is inexcusable. This finding must encourage organizations from the Board down to the individual developers to recognize the business risk they introduce by storing secrets and credentials in the open.”
Other key findings from the report include:
- A third of data objects stored in environments are image files or contain images complicating the classification of this data with both optical character recognition (OCR) for extracting text from images and machine learning-based classifiers for categorizing the images required;
- 10.9% of Cloud accounts/projects connected to an organization were unknown and outside of its control boundary – This is largely driven by AWS’s account number-based architecture model, which differs considerably in GCP and Azure; and
- Sadly 9.3% of organizations still had 1 or more human accounts without multi-factor authentication (MFA) enabled and console access to their environment.
“As I was preparing the report, it struck me once again that data classification isn’t the end goal. With a third of data objects consisting of images and a huge variety of data identifiers that could make it sensitive, determining which dataset is sensitive is very context and business dependent”, said Claude Mandy, Chief Evangelist at Symmetry. “Scanning every byte again and again is pointless, unless you know with who or what has access to the data. Then you can layer in the sensitivity of the data to prioritize which dormant identities, external identities, admins, contractors, vendors, service roles get remediated to drive real changes in your data security posture.” said the former Gartner analyst and Financial Services CISO.
The full State of Data+AI Security Report is available for download at https://www.symmetry-systems.com/2024-state-of-data-ai-security/. Symmetry Systems executives will also review the findings in an upcoming webinar on LinkedIn https://www.linkedin.com/events/webinar-symmetry-s2024stateofda7201423246305501184/
To learn more about Symmetry’s customer-native DSPM solution for air-gapped environments, or to request a demo, please visit www.symmetry-systems.com or follow us on X, Facebook or LinkedIn.
Press Contact
Claude Mandy
Symmetry Systems
[email protected]
About Symmetry Systems
Symmetry Systems is the Data+AI Security company. Our platform is engineered specifically to address modern data security and privacy challenges at scale from the data out, providing organizations the ability to innovate with confidence. With total visibility into what data you have, where it lives, who can access it, and how it’s being used, Symmetry safeguards your organization’s data from misuse, insider threats, and cybercriminals, as well as unintended exposure of sensitive IP and personal information through use of generative AI technologies.
Symmetry works with structured and unstructured data in all major clouds (AWS, GCP, Azure), SaaS storage services (e.g. OneDrive), and on-premise databases and data lakes. It is deployable in the most strictly regulated environments; as a read-only service, it inherits all your security and compliance controls (e.g. FedRamp). That’s why the most innovative Fortune 50 financial service providers, manufacturers, pharmaceutical companies, and federal agencies rely on Symmetry to protect their crown jewel data.
Powered by best-in-class AI, Symmetry provides organizations with the necessary toolkit to minimize data posture risks, demonstrate compliance, and react to threats and policy violations in real time. Symmetry solves challenging problems for customers with ease, ranging from classifying custom data types, reducing data blast radius and attack surface, detecting ransomware attacks, enforcing least-privilege access, and more.
Born from the award-winning and DARPA funded Spark Research Lab at UT Austin, Symmetry is backed by leading security investors like ForgePoint, Prefix Capital, and others. Symmetry is proud to be the only vendor of its kind to be both recognized as a “Cool Vendor in Data Security” by Gartner, and achieve AWS Security Competency in Data Protection.
Innovate with confidence with Symmetry.