All Resources
In this article:
minus iconplus icon
Share the Blog

5 Key Findings for Cloud Data Security Professionals from ESG's Survey

February 15, 2023
3
 Min Read

Securing sensitive cloud data is a key challenge and priority for 2023 and there's increasing evidence that traditional data security approaches are not sufficient. Recently, Enterprise Strategy Group surveyed hundreds of IT, Cloud Security, and DevOps professionals who are responsible for securing sensitive cloud data. The survey had 4 main objectives:

  • Determine how public cloud adoption was changing data security priorities
  • Explore data loss - particularly sensitive data - from public cloud environments. 
  • Learn the different approaches organizations are adopting to secure their sensitive cloud data. 
  • Examine data security spending trends

The 26 page report is full of insights regarding each of these topics. In this blog, we’ll dive into 5 of the most compelling findings and explore what each of them mean for cloud data security leaders.

More Data is Migrating to the Cloud - Even Though Security Teams Aren’t Confident they Can Keep it Secure.

ESG’s findings show that currently 26% of organizations have more than 40% of their company’s data in the cloud. But in 24 months more organizations ( 58%) will have that much of their data in the cloud. 

On the one hand, this isn’t surprising. The report notes that digital transformation initiatives combined with the growth of remote/hybrid work environments are pushing this migration. The challenge is that the report also shows that sensitive data is being stored in more than one cloud platform and when it comes to IaaS and PaaS data, more than half admit that a large amount of that data is insufficiently secured. In other words - security isn’t keeping pace with this push to store more and more data in the public cloud.

Cloud Data Loss Affects Nearly 60% of Respondents. Yet They’re Confident They Know Where their Data is

59% of surveyed respondents know they’ve lost sensitive data or suspect they have (with the vast majority saying they lost it more than once). There are naturally many reasons for this, including misconfigurations, misclassifications, and malicious insiders. But at the same time, over 90% said they’re confident in their data discovery and classification abilities. Something doesn’t add up. This gives us a clear indication that existing/defensive security controls are insufficient to deal with cloud data security challenges.

The problem here is likely shadow data. Of course security leaders would secure the sensitive data that they know about. But you can’t secure what you’re unaware of. And with data being constantly moved and duplicated, sensitive assets can be abandoned and forgotten. Solving the data loss problem requires a richer data discovery to provide a meaningful security context. Otherwise,  this false sense of security will continue to contribute to sensitive data loss. 

Almost All Data Warehouses Have Sensitive Data

Where is this sensitive data being stored? 86% of survey respondents say that they have sensitive data in data lakes or data warehouses. A third of this data is business critical, with almost all the remaining data considered ‘important’ for the business. 

Data lakes and warehouses allow data scientists and engineers to leverage their business and customer data to use analytics and machine learning to generate business insights, and have a clear impact on the enterprise. Keeping this growing amount of business critical sensitive data secure is leading to increasing adoption of cloud data security tools. 

The Ability to Secure Structured and Unstructured Data is the Most Important Attribute for Data Security Platforms

With 45% of organizations facing a cybersecurity skills shortage, there’s a clear movement towards automation and security platforms to pick up some of the work securing cloud data. With data being stored across different cloud platforms and environments, two thirds of respondents mentioned preferring  a single tool for cloud data security. 

When choosing a data security platform, the 3 most important attributes were:

  • Data type coverage (structured and unstructured data)
  • Data location coverage
  • Integration with security tools

It’s clear that as organizations plan for a future with increasing amounts of data in the public cloud, we will see a widespread adoption of cloud data security tools that can find and secure data across different environments.

Cloud Data Security has an Address in the Organization - The Cloud Security Architect

Cloud data security has always been a role that was assigned to any number of different team members. Devops, legal, security, and compliance teams all have a role to play. But increasingly, we’re seeing data security become the responsibility chiefly of the cloud security architect.

86% of organizations surveyed now have a cloud security architect role, and 11% more are hiring for this role in the next 12-24 months - and for good reason. Of course, the other teams, including infrastructure and development continue to play a major role. But there is finally some agreement that sensitive data requires its own focus and is best secured by the cloud security architect. 

Read insightful articles by the Sentra team about different topics, such as, preventing data breaches, securing sensitive data, and more.

Subscribe

Latest Blog Posts

Yoav Regev
Yoav Regev
June 12, 2025
3
Min Read
Data Security

Why Sentra Was Named Gartner Peer Insights Customer Choice 2025

Why Sentra Was Named Gartner Peer Insights Customer Choice 2025

When we started Sentra three years ago, we had a hypothesis: organizations were drowning in data they couldn't see, classify, or protect. What we didn't anticipate was how brutally honest our customers would be about what actually works, and what doesn't.

This week, Gartner named Sentra a "Customer's Choice" in their Peer Insights Voice of the Customer report for Data Security Posture Management. The recognition is based on over 650 verified customer reviews, giving us a 4.9/5 rating with 98% willing to recommend us.

The Accuracy Obsession Was Right

The most consistent theme across hundreds of reviews? Accuracy matters more than anything else.

"97.4% of Sentra's alerts in our testing were accurate! By far the highest percentage of any of the DSPM platforms that we tested."

"Sentra accurately identified 99% of PII and PCI in our cloud environments with minimal false positives during the POC."

But customers don't just want data discovery—they want trustworthy data discovery. When your DSPM tool incorrectly flags non-sensitive data as critical, teams waste time investigating false leads. When it misses actual sensitive data, you face compliance gaps and real risk. The reviews validate what we suspected: if security teams can't trust your classifications, the tool becomes shelf-ware. Precision isn't a nice-to-have—it's everything.

How Sentra Delivers Time-to-Value

Another revelation: customers don't just want fast deployment, they want fast insights.

"Within less than a week we were getting results, seeing where our sensitive data had been moved to."

"We were able to start seeing actionable insights within hours."

I used to think "time-to-value" was a marketing term. But when you're a CISO trying to demonstrate ROI to your board, or a compliance officer facing an audit deadline, every day matters. Speed isn’t a luxury in security, it’s a necessity. Data breaches don't wait for your security tools to finish their months-long deployment cycles. Compliance deadlines don't care about your proof-of-concept timeline. Security teams need to move at the speed of business risk.

The Honesty That Stings (And Helps)

But here's what really struck me: our customers were refreshingly honest about our shortcomings.

"The chatbot is more annoying than helpful."

"Currently there is no SaaS support for something like Salesforce."

"It's a startup so it has all the advantages and disadvantages that those come with."

As a founder, reading these critiques was... uncomfortable. But it's also incredibly valuable. Our customers aren't just users, they're partners in our product evolution. They're telling us exactly where to invest our engineering resources.

The Salesforce integration requests, for instance, showed up in nearly every "dislike" section. Message received. We're shipping SaaS connectors specifically because it’s a top priority for our customers.

What Gartner Customer Choice Trends Reveal About the DSPM Market

Analyzing 650 reviews across 9 vendors revealed something fascinating about our market's maturity. Customers aren't just comparing features, they're comparing outcomes.

The traditional data security playbook focused on coverage: "How many data sources can you scan?" But customers are asking different questions:

  • How accurate are your findings?
  • How quickly can I act on your insights?
  • How much manual work does this actually eliminate?

This shift from inputs to outcomes suggests the DSPM market is maturing rapidly. 

The Gartner Voice of the Customer Validated

Perhaps the most meaningful insight came from what customers didn't say. I expected more complaints about deployment complexity, integration challenges, or learning curves. Instead, review after review mentioned how quickly teams became productive with Sentra.

"It was also the fastest set up."

"Quick setup and responsive support."

"The platform is intuitive and offers immediate insights."

This tells me we're solving a real problem in a way that feels natural to security teams. The best products don't just work, they feel inevitable once you use them.

The Road Ahead: Learning from Gartner Choice Recognition

These reviews crystallized our 2025 roadmap priorities:

1. SaaS-First Expansion: Every customer asked for broader SaaS coverage. We're expanding beyond IaaS to support the applications where your most sensitive data actually lives. Our mission is to secure data everywhere.

2. AI Enhancement: Our classification engine is industry-leading, but customers want more. We're building contextual AI that doesn't just find data, it understands data relationships and business impact.

3. Remediation Automation: Customers love our visibility but want more automated remediation. We're moving beyond recommendations to actual risk mitigation.

A Personal Thank You

To the customers who contributed to our Sentra Gartner Peer Insights success: thank you. Building a startup is often a lonely journey of best guesses and gut instincts. Your feedback is the compass that keeps us pointed toward solving real problems.

To the security professionals reading this: your honest feedback (both praise and criticism) makes our products better. If you're using Sentra, please keep telling us what's working and what isn't. If you're not, I'd love to show you what earned us Customer Choice 2025 recognition and why 98% of our customers recommend us.

The data security landscape is evolving rapidly. But with customers as partners and recognition like Gartner Peer Insights Customer Choice 2025, I'm confident we're building tools that don't just keep up with threats, they help organizations stay ahead of them.

<blogcta-big>

Read More
Ward Balcerzak
Ward Balcerzak
May 15, 2025
3
Min Read
Data Security

Why I Joined Sentra: A Data Defender’s Journey

Why I Joined Sentra: A Data Defender’s Journey

After nearly two decades immersed in cybersecurity, spanning Fortune 500 enterprises, defense contractors, manufacturing giants, consulting, and the vendor ecosystem, I’ve seen firsthand how elusive true data security remains. I've built and led data security programs from scratch in some of the world’s most demanding environments. But when I met the team from Sentra, something clicked in a way that’s rare in this industry.

Let me tell you why I joined Sentra and why I’m more excited than ever about the future of data security.

From Visibility to Vulnerability

In every role I've held, one challenge has consistently stood out: understanding data.
Not just securing it but truly knowing what data we have, where it lives, how it moves, how it's used, and who touches it. This sounds basic, yet it’s one of the least addressed problems in security.

Now, we layer on the proliferation of cloud environments and SaaS sprawl (without mentioning the increasing proliferation of AI agents). The traditional approaches simply don’t cut it. Most organizations either ignore cloud data discovery altogether or lean on point solutions that can’t scale, lack depth, or require endless manual tuning and triage.

That’s exactly where Sentra shines.

Why Sentra?

When I first engaged with Sentra, what struck me was that this wasn’t another vendor trying to slap a new UI on an old problem. Sentra understands the problem deeply and is solving it holistically across all environments. They’re not just keeping up; they’re setting the pace.

The AI-powered data classification engine at the heart of Sentra’s platform is, quite frankly, the best I’ve seen in the market. It automates what previously required a small army of analysts and does so with an accuracy and scale that’s unmatched. It's not just smart, it’s operationally scalable.

But technology alone wasn’t what sold me. It was the people.
The Sentra founders are visionaries who live and breathe this space. They’re not building in a vacuum, they’re listening to customers, responding to real-world friction, and delivering solutions that security teams will actually adopt. That’s rare. That’s powerful.

And finally, there’s the culture. Sentra radiates innovation, agility, and relentless focus on impact. Every person here knows the importance of their role and how it aligns with our mission. That energy is infectious and it’s exactly where I want to be.

Two Decades. One Mission: Secure the Data.

At Sentra, I’m bringing the scars, stories, and successes from almost 20 years “in the trenches”:

  • Deep experience building and maturing data security programs within highly regulated, high-stakes environments

  • A commitment to the full people-process-technology stack, because securing data isn’t just about tools

  • A background stitching together integrated solutions across silos and toolsets

  • A unique perspective shaped by my time as a practitioner, leader, consultant, and vendor

This blend helps me speak the language of security teams, empathize with their challenges, and design strategies that actually work.

Looking Ahead

Joining Sentra isn’t just the next step in my career; it’s a chance to help lead the next chapter of data security. We’re not here to incrementally improve what exists. We’re here to rethink it. Redefine it. Solve it.

If you’re passionate about protecting what matters most, your data. I’d love to connect.

This is more than a job; it’s a mission. And I couldn’t be prouder to be part of it.

<blogcta-big>

Read More
David Stuart
David Stuart
May 5, 2025
4
Min Read
Compliance

What the HIPAA Compliance Updates Mean for Your Security

What the HIPAA Compliance Updates Mean for Your Security

The Health Insurance Portability and Accountability Act (HIPAA) has long been a cornerstone of safeguarding sensitive health information in the U.S., particularly electronic protected health information (ePHI). As healthcare organizations continue to face growing cybersecurity challenges, ensuring the protection of ePHI has never been more critical. 

In response, for the first time in two decades, the U.S. Department of Health and Human Services (HHS) has proposed significant amendments to the HIPAA Security Rule, aimed at strengthening cybersecurity measures across the healthcare sector. These proposed changes are designed to address emerging threats and ensure that healthcare organizations have robust systems in place to protect patient data from unauthorized access and potential breaches. This blog presents the major changes that are coming soon and how you can prepare for them.

Instead of considering compliance as a one-time effort, with Sentra you can monitor your compliance status at any given moment, streamline reporting, and remediate compliance violations instantly.

How Sentra Can Help You Stay Compliant

Sentra’s data security platform equips healthcare organizations with the necessary tools to stay compliant with the new HIPAA Security Rule amendments. By providing continuous monitoring of ePHI data locations and assessing associated risks, Sentra helps organizations maintain full visibility and control over sensitive data.

Key Benefits of Using Sentra for HIPAA Compliance:

  • Automated Data Discovery & Classification: Instantly locate and classify ePHI across cloud and on-prem environments.
  • Real-time Risk Assessment: Continuously assess vulnerabilities and flag security gaps related to HIPAA requirements.
  • Access Control & Encryption Monitoring: Ensure compliance with mandatory MFA, encryption policies, and access termination requirements.
  • Smart Compliance Alerts: Sentra doesn’t just detect generic cloud misconfigurations. Instead, it pinpoints security issues affecting sensitive data, helping teams focus on what truly matters.

Without a solution such as Sentra, organizations waste valuable time manually searching for and classifying sensitive data, diverting key employees from higher-priority security tasks. With Sentra, security teams gain an ongoing, real-time dashboard that ensures efficient compliance and faster risk mitigation.

What You Need to Know About the Proposed HIPAA Security Rule Updates

The latest proposed updates to the HIPAA Security Rule represent some of the most significant changes in years. These updates aim to modernize data protection practices and ensure healthcare organizations are better equipped to handle today’s security challenges. Below are the key highlights compliance and security teams should focus on:

Mandatory Implementation Specifications
All implementation specifications under the HIPAA Security Rule will become mandatory. Covered entities and business associates must now fully comply with all safeguards—no more "addressable" exceptions.

Stricter Encryption Requirements
Encryption of electronic protected health information (ePHI) will be required both at rest and in transit. Organizations must ensure encryption is in place across all systems handling sensitive data.

Required Multifactor Authentication (MFA)
MFA will become mandatory to protect access to ePHI. This added security layer significantly reduces the risk of unauthorized access and credential compromise.

Network Segmentation for Threat Containment
Organizations must implement network segmentation to isolate sensitive systems and limit the spread of cyber threats in the event of a breach.

Timely Termination of Access
Access to ePHI must be revoked within 24 hours when an employee leaves or changes roles. This reduces the risk of insider threats and unauthorized access.

Comprehensive Documentation Requirements
Healthcare organizations must maintain detailed, up-to-date documentation of all security policies, procedures, risk assessments, and incident response plans.

Asset Inventories and Network Mapping
Annual updates to technology asset inventories and network maps will be required to ensure accurate tracking of where and how ePHI is stored and transmitted.

Enhanced Risk Analysis
Organizations must conduct regular, thorough risk assessments to identify vulnerabilities and assess threats across all systems that interact with ePHI.

Stronger Incident Response Plans
Entities must be able to restore lost systems and data within 72 hours after a cyber incident. Regular testing and refinement of incident response protocols will be essential.

Annual Compliance Audits
Healthcare organizations will be required to conduct annual audits of their HIPAA Security Rule compliance, covering all technical and administrative safeguards.

Mandatory Technical Controls
Technical safeguards like anti-malware tools, firewalls, and port restrictions must be in place and regularly reviewed to protect systems from evolving threats.

What’s Next?

The proposed changes to the HIPAA Security Rule are currently in the Notice of Proposed Rulemaking (NPRM) stage, with a 60-day public comment period that opened on January 6, 2025. During this period, stakeholders can provide feedback on the amendments, which may influence the final rule. Organizations should actively monitor the comment period, engage in the feedback process, and stay informed on any potential adjustments before the rule is finalized.

Steps Organizations Should Take Now:

  • Review the proposed changes and understand how they impact your current security posture.
  • Engage in the public comment process to share concerns or recommendations.
  • Start assessing security gaps to align with HIPAA’s evolving compliance requirements.

Conclusion

The new HIPAA compliance amendments represent a major shift in how healthcare organizations must protect electronic Protected Health Information (ePHI). The introduction of enhanced encryption standards, mandatory multi-factor authentication (MFA), and stricter access control measures means organizations must act swiftly to maintain compliance and reduce cybersecurity risks.

Compliance is not just about meeting regulations, it is about efficiency. Organizations relying on manual processes to locate and secure sensitive data waste valuable time and resources, making compliance efforts less effective.

With Sentra, healthcare organizations gain a powerful, automated data security solution that:

  • Eliminates manual data discovery by providing a real-time, continuous inventory of sensitive data.
  • Prioritizes relevant data security risks instead of overwhelming teams with unnecessary alerts.
  • Ensures compliance readiness by automating key processes like access control monitoring and encryption verification.

Now is the time for healthcare organizations to take proactive steps toward compliance. Stay informed, participate in the public comment process, and start implementing security enhancements today.

To learn how Sentra can help your organization achieve HIPAA compliance efficiently, request a demo today and take control of your sensitive data.

<blogcta-big>

Read More
decorative ball
Expert Data Security Insights Straight to Your Inbox
What Should I Do Now:
1

Get the latest GigaOm DSPM Radar report - see why Sentra was named a Leader and Fast Mover in data security. Download now and stay ahead on securing sensitive data.

2

Sign up for a demo and learn how Sentra’s data security platform can uncover hidden risks, simplify compliance, and safeguard your sensitive data.

3

Follow us on LinkedIn, X (Twitter), and YouTube for actionable expert insights on how to strengthen your data security, build a successful DSPM program, and more!