Lynne Murray | Director of Product Marketing for Data Security
More About This Author >
Lynne Murray | Director of Product Marketing for Data Security
More About This Author >
Organizations worldwide face a “perfect storm” of increasing and ever-evolving cyber threats. Internal and external factors are at play, elevating cyber risks and their consequences and mandating new approaches to safeguard data. A recent study based on responses from over 950 IT security professionals, Omdia’s Decision Maker Survey, uncovers the factors and the three keys organizations need to focus on to overcome this perfect storm.
The perfect storm
Stringent regulations are everywhere. As data volumes skyrocket, data privacy legislation is rising in kind to ensure data is properly protected. Today, 137 of 194 countries have enacted data privacy legislation, per Omdia. Regulatory compliance is also becoming more stringent, and noncompliance can bring steep penalties and consequences, damaging an organization and its reputation. In 2024 alone, cumulative fines from the General Data Protection Regulation (GDPR) reached almost 5 billion euros, as exhibited in Figure 1.
Figure 1. GDPR cumulative sum of fines
(Source: https://enforcementtracker.com/?insights)
A persistent skills gap lingers. As organizations strive to improve data security, a longstanding skills gap remains the most significant impediment. The Omdia study found that 64% of respondents cite a skills gap as the most substantial issue impacting the security function of their organization.
Complex, disjointed security infrastructures are commonplace. In the organizational scramble to stay ahead of rapidly advancing cyber threats, multiple tools, duplicate efforts, and labor intensity have created complex, disjointed security infrastructures. This traditional piecemeal approach comes at a high cost, often increasing cyber vulnerabilities. Omdia identified a strong trend toward the adoption of a centralized, integrated security platform.
Respondents indicate the top reasons are the need for scalability and flexibility (43%), improvements in the total cost of ownership (40%), better centralized management (40%), and the need to reduce complexity (37%).
Three keys to a future-forward data security strategy
1. A DSPM moves the needle with integrated capabilities and comprehensive encryption.
Organizations must adopt a more comprehensive, holistic security strategy. Data security posture management (DSPM) is a great first step as the foundation of a broader approach. Equally essential capabilities, such as advanced analytics, encryption, access management, event reporting, and incident response, can be integrated into DSPM to more effectively safeguard data.
Omdia stresses that as part of a DSPM, encryption is a must-have tool, mandated by most regulations, and an essential best practice for any sound data security practice. Most organizations encrypt on-premises data, but the colossal movement of data to the cloud has created a new and growing gap.
According to the Omdia findings, 47% of data in the cloud is deemed “sensitive,” warranting protective measures. However, Omdia respondents show that cloud data encryption rates are dangerously low; less than 10% of enterprises claim to have encrypted 80% or more of their cloud data. Organizations must adopt the encryption of their cloud-based data as a standard and ongoing best practice.
Figure 2: Percentage of sensitive data in the cloud
2. Embrace the strong shift toward unification with a platform-based approach.
In today’s intense cyber threat landscape, hastily acquired or internally developed stop-gap security measures can be problematic. These approaches can elevate vulnerabilities, increase management costs, and cause difficulties in discerning real threats.
Driven by the need to reduce complexity, streamline operations, and achieve a single interface, organizations are seeking a unified, platform-based, data-first security approach. Integrated security platforms manage data security across cloud, SaaS, and on-premises environments. Further, they centralize security management and provide a single view of security across the full data estate and the entire organization, streamlining and improving an organization’s data security posture.
Omdia’s Decision Maker Survey 2024 reveals data security is emerging as one of the leading areas, with 59% of respondents planning to adopt an integrated security platform in the near future. In comparison, the remaining 41% have not ruled out a platform-based approach as part of their future strategy.
Omdia underscores that organizations should validate that integration is part of all-encompassing platforms. An integrated platform is not a collection of point products but rather a united set of components that function together within a single data security platform.
Figure 3. Data security is a leading area
3. Leverage AI with the proper safeguards to reduce workloads and detect security threats.
With the skyrocketing growth of unstructured data—estimated by IDC to be 80% of all data, or 175 zettabytes of data (175 with 21 zeros) by 2025—the use of automation and AI/ML capabilities is vital to reduce workloads and improve detection. These tools are essential to manage the growing volume and complexity of the data landscape.
For instance, using AI/ML tools to constantly monitor real-time data access and use by individuals can streamline operations and improve threat detection, threat response, and security analytics and insights, thereby increasing the effectiveness of risk identification and mitigation. Further, as Omdia states, “AI-driven analytics can be used to predict potential security incidents before they occur, providing a proactive layer of protection that complements DSPM.”
At the same time, the rapid rise and adoption of generative AI introduce new requirements. For organizations, the proper safeguards—such as controls or restrictions—must be put in place. Omdia points out that, fundamentally, “critical business intellectual property and sensitive personally identifiable information must not be exposed to the generative AI domain.”
Take action
The current state of data security, as outlined in the Omdia study, is an urgent call to action for organizations across industries and of all sizes. No one is exempt from the threat and reach of cybercrime, which is growing and morphing at a swift pace. Organizations can bolster their data security posture by focusing on three areas, the keys to a future-forward data security approach:
- Look at DSPM capabilities to move the needle with integrated capabilities and comprehensive encryption.
- Embrace the shift toward unification with a platform-based approach.
- Leverage AI with the proper safeguards to reduce workloads and detect security threats.
Next steps
Read the full Omdia report: Future-proofing data security to learn more about Omdia’s research findings, data security outlook, and key recommendations.
Join a more in-depth discussion in our webinar 2025 Outlook for Data Security featuring Adam Strange, principal analyst of Data Security at OMDIA, and Terry Ray, Data Security CTO, Thales.