What Makes This “Data Privacy Day” Different?

As we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI changing the playing field, he urges everyone to “do better.”

Launched in April 2006 by the Council of Europe, Data Protection Day – or Data Privacy Day, as it’s known outside of Europe – is celebrated globally every year on January 28. Back in 2006, around 100 million records were compromised across various breaches in the U.S., according to data collated by Privacy Rights Clearing House. But in 2024, in just one data breach suffered by National Public Data (NPD), approximately 2.9 billion records were allegedly stolen.

Collectively, we have to do better. 

The lifeblood of the organization

Data is the essence of every company. It’s information about your customers, your employees, your intellectual property, your financial performance and more. Data also fuels innovation in the cloud. However, the volume and complexity in hybrid and multi-cloud environments make it increasingly complex to secure your business’s data. 

Externally, data breaches can lead to mistrust and brand damage, as well as to lawsuits, fines and lost business. Internally, they can – and should – trigger increased scrutiny from the board, which will justifiably question the strength of the organization’s security posture. 

When AI comes marching in

With data at the heart of everything, AI has completely changed the playing field this Data Privacy Day, adding a further layer of risk when it comes to protecting our information. 

Organizations face the complex task of controlling AI deployment usage while also identifying vulnerabilities within AI tools and AI development packages. The adoption of AI increases the volume and variety of cloud data. In tandem, as AI applications become more sophisticated, they require more training data to learn from and function effectively. Thus, protecting cloud data is paramount to maintaining the integrity and security of your business’s AI usage.

Externally, threat actors are also looking to supercharge their activity with AI. It has been well documented how attackers are leveraging AI to write more sophisticated and effective malware for ransomware attacks, as well as to enhance phishing scams and more. 

You can’t have privacy without security

To take advantage of the unique opportunities offered by the cloud and AI, you must address the full spectrum of security responsibilities that accompany collecting, storing, and using data. These responsibilities include automatically and continuously scanning data assets, discovering and monitoring sensitive data, and alerting on any potential risk.

Protecting data in public cloud environments starts with three steps:

• Know your cloud resources. You must discover the compute, identity and data resources in your cloud and get contextualized visibility into how critical resources are accessed.
• Expose critical cloud risks. It’s critical to gain the context you need to focus on the priority risks caused by the toxic combination of misconfigurations, excessive entitlements, vulnerabilities and sensitive data.
• Close cloud exposures. It’s essential to reduce cloud risk by closing priority exposures with top speed and surgical precision – even if you only have five minutes to spare.

Let’s look at how the integration of data security posture management (DSPM) into a cloud native application protection plaform (CNAPP) can give you a comprehensive view of your cloud data and the risks associated with it. 

DSPM is a set of ongoing processes and technologies that provides visibility into where sensitive data is stored, who has access to it, and how it's being used across your systems, providing analysis of the overall security posture around data itself, rather than just the infrastructure hosting it. 

Meanwhile, CNAPP solutions replace a patchwork of siloed products that often cause more problems than they solve, such as multiple false positives and excessive alerts. Those individual products usually provide only partial coverage and often create overhead and friction with the products they’re supposed to work with. Most importantly, CNAPPs allow businesses to monitor the health of cloud native applications as a whole rather than individually monitoring cloud infrastructure and application security.

When DSPM is integrated into a CNAPP, it empowers the security team to obtain actionable data context that helps the team better prioritize risks and reduce the organization's exposure to customer data breaches and the compromise of AI resources and intellectual property. 

How Tenable can help

With Tenable Cloud Security, you can reduce risk by rapidly exposing and closing priority security gaps caused by misconfigurations, risky entitlements and vulnerabilities – in one powerful CNAPP. With integrated DSPM capabilities, Tenable Cloud Security continuously monitors your multi-cloud environment to discover and classify data types, assign sensitivity levels and prioritize data findings in the context of the entire cloud attack surface. 

At Tenable, we help you identify your weaknesses, detect your gaps and close your exposures quickly. This Data Privacy Day, do better by taking action to protect the data that your organization relies upon to function and that you’re trusted to protect, wherever it resides.

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Blog: Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management