Forty-five percent of businesses have faced cloud-based information breaches or failed audits in the past 12 months, up 5 percent from the previous year, raising more concerns about protecting confidential information from cybercriminals.
This is stated in the 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence.
Cloud usage is on the rise around the world, especially with many cloud uses. In 2021, organizations around the world used an average of 110 software as a service (SaaS) program, while in 2015 there were only eight, showing remarkable rapid growth. The use of multiple IaaS providers has expanded significantly, with nearly three-quarters (72%) of businesses using multiple IaaS providers, up from 57% in the previous year. Consumption by many service providers has almost doubled in the past year, with one-fifth of respondents (20%) reporting using three or more service providers.
Despite the increase in distribution and use, businesses share a common concern about the complexity of cloud services, and the vast majority of IT professionals (51%) agree that it is more difficult to manage privacy and information protection in the cloud. In addition, the journey to the cloud has become more complicated, with the percentage of respondents polled as the simplest transition tactic rising from 55% in 2021 to 24% now, and plans to lift and move.
Multiple cloud complexity security challenges
As the complexity increases, so does the need for powerful cyber security. When asked what percentage of their sensitive data is stored in the cloud, the majority (66%) answered 21-60%. However, a quarter (25%) said they could fully classify all the data.
In addition, almost one-third of respondents (32%) agreed that they should report violations to government agencies, clients, partners, or employees. This should be a cause for concern for companies with confidential information, especially in highly regulated industries.
Cyber attacks are a constant threat to cloud applications and data. Respondents reported an increase in the prevalence of attacks, with a quarter (26%) reporting malware, 25% ransomware, and one-fifth (19%) reported an increase in phishing / whaling.
Protect sensitive information
When it comes to data protection in many cloud environments, information technology experts consider encryption to be an important security control. The majority of respondents named encryption (59%) and key management (52%) as security technologies used to protect confidential information in the cloud.
However, when asked what percentage of their cloud data was encrypted, one in ten (11%) of respondents said it was 81-100% encrypted. In addition, key management platforms can be a problem for businesses. Only 10% of respondents admitted to using one or two platforms, 90% to three or more, and almost one in five (17%) admitted to using eight or more platforms.
Encryption should be a priority for businesses in protecting their data in the cloud. In fact, 40% of the respondents stated that it was possible to avoid the breach notification process because the stolen or disclosed data was encrypted or tokenized, indicating the real value of encryption platforms.
In addition, it is encouraging to see that companies are recognizing Zero Trust and investing accordingly. Nearly one-third (29%) of those surveyed said they were already implementing the Zero Trust Strategy, while a quarter (27%) said they were evaluating and planning one, while 23% said they thought so. This is a positive result, but there is still room for growth.
Sebastian Cano, Thales’ senior vice president of cloud protection and licensing, said: “The complexity of managing a multi-cloud environment is invaluable. There are more and more questions when it comes to management. The question is not only where the confidential data is located geographically, but also who has access to the confidential information within the organization.
“There are a variety of solutions, such as encryption and key management. Finally, continuing to implement a zero-confidence strategy is important to protect these complex environments and help organizations support their data and overcome future challenges. “