Cloud data breaches rise as adoption and complexity increase
According to a new report, 45 percent of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up five percent from the previous year.
The latest Cloud Security Report from Thales also shows multi-cloud adoption is accelerating with 72 percent of organizations using multiple IaaS providers compared to 57 percent in 2021.
In 2021, organizations worldwide were using an average amount of 110 software as a service applications, compared with just eight in 2015,
There are concerns around increasing complexity, however, 51 percent of IT professionals agree that It’s more complex to manage privacy and data protection in the cloud. The journey to cloud is also becoming more complex, with the percentage of respondents reporting that they're expecting to 'lift and shift' -- the simplest of migration tactics -- dropping from 55 percent in 2021 to 24 percent currently.
In addition 66 percent of organizations say that up to 60 percent of their sensitive data is stored in the cloud. Yet only 25 percent say they are able to fully classify all data. A third of respondents admit to having to issue a breach notification to a government agency, customer, partners or employees. This should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.
When it comes to securing data in multicloud environments, IT professionals view encryption as a critical security control. Yet just 11 percent of respondents say that between 81 and 100 percent of their cloud data is encrypted.
More encouraging is that 30 percent say they are already executing a zero trust strategy, with 27 percent saying they are evaluating and planning one and 23 percent considering it.
Sebastien Cano, senior vice president for cloud protection and licensing activities at Thales says:
The Cloud has been instrumental for ensuring business continuity throughout the ongoing turbulence of the last few years. However, organizations must ensure they implement the security measures to support this ongoing expansion because the complexity of managing multicloud environments cannot be overstated. Additionally, the growing importance surrounding the concept of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organization.
While there has been an improvement in enterprises using encryption to secure sensitive data in the cloud, this remains an area of continuous improvement and consolidation, especially when it comes to key management. Additionally, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organizations have the ability to support their data and manage future challenges.