Cloud data breaches and cloud complexity on the rise, reveals Thales

  • Multi-cloud adoption is accelerating with 72% of organizations using multiple IaaS providers vs. 57% in 2021
  • 66% of organizations store 21%-60% of their sensitive data in the cloud 
  • 45% have experienced a data breach or failed an audit involving data and applications in the cloud vs. 35% in 2021
Story image

©Thales

The 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence, ​ reports that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year1, raising even greater concerns regarding to protecting sensitive data from cybercriminals. ​

 

Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications2, compared with just eight in 2015, showcasing a startlingly rapid increase. ​ There has been a notable expansion in the use of multiple IaaS providers, with almost three-quarters (72%) of businesses using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) of respondents reporting using three or more providers.

Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with the majority (51%) of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they’re expecting to lift and shift, the simplest of migration tactics, dropping from 55% in 2021 to 24% currently.

 

Security Challenges of Multicloud Complexity

With increasing complexity comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, a solid majority (66%) said between 21-60%. However, only a quarter (25%) said they could fully classify all data.

Additionally, nearly a third (32%) of respondents admitted to having to issue a breach notification to a government agency, customer, partner or employees. This should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.

Cyber-attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with a quarter (26%) citing an increase in malware, 25% in ransomware and one-fifth (19%) reporting seeing an increase in phishing/ whaling.

 

Protecting Sensitive Data

When it comes to securing data in multicloud environments, IT professionals view encryption as a critical security control. The majority of respondents cited encryption (59%) and key management (52%) as the security technologies they currently use to protect sensitive data in the cloud.

However, when asked what percentage of their data in the cloud is encrypted, only one in ten (11%) of respondents said between 81-100% is encrypted. Additionally, key management platform sprawl may be an issue for enterprises. Only 10% of respondents use one to two ​ platforms, 90% use three or more, and almost one in five (17%) admitted using eight or more platforms.

Encryption should be a priority area for enterprises to focus on when it comes to securing data in the cloud. In fact, 40% of respondents stated that they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenised, showcasing the tangible value of encryption platforms.

Additionally, it is encouraging to see signs enterprises embrace Zero Trust and investing accordingly. Nearly a third of respondents (29%) said they are already executing a Zero Trust strategy, a quarter (27%) said they are evaluating and planning one and, 23% said they are considering it. This is a positive result, but there is certainly still room to grow.

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales said: “The complexity of managing multicloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organisation.

There are various solutions such as encryption and key management Last but not least, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organisations can support their data and manage future challenges.”

Thales and 451 Research will discuss the findings in more detail during a webinar on 23 June 2022. To join, please visit the registration page.

About the 2022 Thales Global Cloud Security Study

As organizations step beyond the urgent actions of the last two years, they’re grappling with securing the more complex environments in which they now operate. The global edition of the 2022 Thales Cloud Security Study looked at various aspects of those impacts in a wide-ranging survey of security professionals and executive leadership that touched on issues including accelerated digital transformation, cloud migration, and the complexities of managing security in a multicloud world. The 2022 Thales Cloud Security Study is based on data from a survey of almost 2,800 security professionals and executive leaders. This research was conducted as an observational study and makes no causal claims.

 

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum computing – to build a confident future crucial for the development of our societies. The Group provides its customers – businesses, organisations and governments – in the defense, aeronautics, space, transport, and digital identity and security domains with solutions, services and products that help them fulfil their critical role, consideration for the individual being the driving force behind all decisions.

Thales has 81,000 employees in 68 countries. In 2020 the Group generated sales of €16.2 billion.

 

Thales, Media Relations

Security

Marion Bonnet

[email protected]

+33(0)660384892

 

 

1https://cpl.thalesgroup.com/cloud-security-research

[2] https://www.statista.com/statistics/1233538/average-number-saas-apps-yearly/

 

 

 

Sécurité
A propos de Thales Group

À propos de Thales

Thales (Euronext Paris: HO) est un leader mondial des hautes technologies qui investit dans les innovations du numérique et de la « deep tech » – connectivité, big data, intelligence artificielle, cybersécurité et quantique – pour construire un avenir de confiance, essentiel au développement de nos sociétés. Le Groupe propose des solutions, services et produits qui aident ses clients – entreprises, organisations, Etats - dans les domaines de la défense, de l'aéronautique, de l’espace, du transport et de l’identité et sécurité numériques, à remplir leurs missions critiques en plaçant l’humain au cœur des décisions.

Thales compte 81 000 collaborateurs dans 68 pays. En 2021, le Groupe a réalisé un chiffre d'affaires de 16,2 milliards d'euros.

https://www.thalesgroup.com/fr

Thales Group