One of the biggest drivers for cloud migration has been how high volumes of data can be easily produced, analyzed, and stored in cloud environments. Starting from large data warehouse platforms, relational databases and object stores the cloud offers a huge range of options when it comes to building a robust data operations platform for enterprise applications. As of 2022 over 60% of corporate data sits in one or more cloud services, as such protecting such business-critical assets is increasingly becoming vital. Across 2022 to 2023 the primary causes of data loss in the public cloud were related to misconfigured cloud storage, insider threats/overprivileged IAM access, loss of stale data resources, or supply chain vulnerabilities.

In most cases when data exfiltration occurs from a cloud environment, it is too late; for most threat actors data exfiltration is the destination of a multi-stage attack that precludes several steps before the exfiltration. This aspect is easily understood by observing the TTPs in the MITRE ATT&CK framework related to data exfiltration.