Cloud assets the biggest targets for cyberattacks, as data breaches increase
Thales announced the release of the 2023 Thales Cloud Security Study, its annual assessment on
the latest cloud security threats, trends and emerging risks based on a survey
of nearly 3,000 IT and security professionals across 18 countries.
This year’s study found that more than a third (39%)
of businesses have experienced a data breach in their cloud environment last
year, an increase on the 35% reported in 2022. In addition, human error was
reported as the leading cause of cloud data breaches by over half (55%) of
those surveyed.
This comes as businesses reported a dramatic
increase in the level of sensitive data stored in the cloud. Three quarters
(75%) of businesses said that more than 40% of data stored in the cloud is
classified as sensitive, compared to 49% of businesses this time last year.
More than a third (38%) ranked Software as a Service
(SaaS) applications as the leading target for hackers, closely followed by
cloud-based storage (36%).
Lack of Encryption and Key Control Causes Cloud Data
Concerns
Despite the reported increase in sensitive data in
the cloud, the study found low levels of encryption being used. Only a fifth
(22%) of IT professionals reported that more than 60% of their sensitive data
in the cloud is encrypted. According to the findings, on average, only 45% of
cloud data is currently encrypted.
The study also found a lack of control over
encryption keys by businesses, with only 14% of those surveyed stating that
they controlled all of the keys to their encrypted data in their cloud
environments. In addition, almost two thirds (62%) say they have five or more
key management systems – creating increased complexity when securing sensitive
data.
Multicloud Causing Operational Complexity
The adoption of multicloud continues to surge, with
more than three quarters (79%) of organisations having more than one cloud
provider.
Notably, it's not just infrastructure that is
experiencing this growth. The use of SaaS apps is also on the rise significantly.
In 2021, 16% of respondents reported their enterprises utilising 51-100
different SaaS applications, while in 2023 this percentage increased to 22%.
Despite the expansion of cloud usage, a significant
challenge remains. More than half (55%) expressed that managing data in the
cloud is more complex than in on-premises environments – up from 46% compared
to the previous year. Digital sovereignty is also front of mind for
respondents. Eighty three percent expressed concerns over data sovereignty, and
55% agreed that data privacy and compliance in the cloud has become more
difficult.
Pathways to Better Cloud Security
Identity and access management (IAM) is a crucial
measure in mitigating data breaches, emphasising the significance of strong
security practices. Encouragingly, the adoption of robust multi-factor
authentication (MFA) has risen to 65%, indicating progress in fortifying access
controls.
Surprisingly, only 41% of organisations have
implemented zero trust controls in their cloud infrastructure, and an even
smaller percentage (38%) utilises such controls within their cloud networks.
These statistics highlight the need for greater emphasis on adopting
comprehensive security measures to effectively safeguard sensitive data and
enhance overall cybersecurity resilience.
"The study shows
that organisations are operating in a dynamic multicloud landscape, demanding
seamless and efficient access to on-demand IT infrastructure and
services," stated Sebastien Cano, Senior Vice
President for Cloud Protection and Licensing activities at Thales.
“Treating cloud
environments as an extension of existing infrastructure while maintaining
exclusive control and security of data, especially sensitive data, is key to
cloud security. Customer control of encryption keys is essential as it allows
organisations to leverage the scalability, cost efficiency, and accessibility
benefits of the cloud while ensuring the utmost integrity and confidentiality
of their valuable information.”
Leave A Comment