Dealing with ‘vulnerability lag’: the trouble with cloud sprawl and data ROT

A recent survey of large organizations with high IT spending indicates a probable lag between pandemic-induced DX and escalating cyber threats.

In a June and Aug 2021 survey of 2,050 IT executives in organizations worth US$100m and above from 19 countries regarding the topic of “vulnerability lag”, respondents were lagging behind cyber threats by as much as two years.

These organizations polled also had to have undertaken some form of COVID-led digital transformation (DX) initiative (defined as the implementation of new tools, changes in infrastructure, increased or new cloud adoption, or an overall digital strategy shift) over the last 18 months.

Respondents in the Asia Pacific and Japan region (APJ) were found to have rapidly invested in new technologies in reaction to the global pandemic, but their ability to secure those systems against ransomware and other data loss incidents was still lagging, and in general, most respondents would need to invest and additional US$2.78m (on average) and hire 34 additional IT staff to make up for the lag.

Other findings by the study commissioned by Veritas include:

• Respondents indicated that cloud technology, security, and resiliency/recovery gaps emerged due to pandemic-driven IT transformation.
• 43% of respondents were not clear as to the number of cloud services they were now using, or what these services were.
• 33% of respondents indicated that the data their organization was storing was “dark” and 50% of the data was redundant, obsolete or trivial (ROT).
• These perceived vulnerability lags had already impacted business operations, with APJ respondents reporting downtime in the last 12 months.

The firm’s Vice President & Managing Director (Asia South and Pacific Region), Andy Ng, said organizations need to evolve their cyber protection in parallel with data threats: “… as each new solution is introduced into the organization’s technology stack, protection capabilities need to be extended to cover it. However, the need to innovate quickly often throws this balance out of kilter, creating a vulnerability lag, where systems and data are left unprotected and open to attack.”

Before cloud data sets can be properly protected from threats like ransomware, IT teams need to know exactly what data has been sent to which cloud services, Ng added.

AI and ML can be used to reduce the perceived need for increases in IT staff strength, while consolidating data protection into a single platform operating across public clouds and on-premises data centers can simplify and ease the task of hardening infrastructures against continued cyber threats, according to the survey findings.