According to a study conducted by Thales on cloud security, it was found that 79% of organizations use more than one cloud provider. Additionally, 75% of companies stated that they store at least 40% of their sensitive data in the cloud. However, the study also revealed that many businesses (39%) had experienced a data breach in their cloud environment last year. Compared to 34% in the previous year.
Despite this, organizations still store sensitive data in multiple cloud environments. The study was based on a survey of 3,000 IT and security teams across 18 countries in EMEA, the Americas, and Asia Pacific. It found that 75% of IT executives considered more than 40% of their stored data sensitive.
Which is an increase from last years' figure of 49%. Of these respondents, 38% identified software as a service application as the primary target for hackers, followed closely by cloud-based storage at 36%. One key finding from the study is the rising trend of utilizing multiple cloud service providers. The number of reported providers in the market has increased by 35%, aligning with this observation. On average, organizations now work with 2.3 cloud infrastructure providers.
Furthermore, most (79%) respondents confirmed having more than one cloud provider this year. However, with this increased usage comes operational complexity and potential security risks. The authors noted that organizations need dedicated teams specialized in each platform or expect their security teams to become proficient across multiple platforms simultaneously. Failure to address these operational errors effectively expands the attack surface for potential breaches.
The study also revealed an upward trend in storing more workloads and data in the cloud. This year saw an increase from 23% to 27% in organizations reporting that over 60% of their workloads are now located in the cloud.
Overall, Thales' study provides valuable insights into the current landscape of cloud security. Despite the challenges and risks, businesses embrace multiple cloud providers and store sensitive data in these environments. The survey asked participants how much of their organization's sensitive data is stored in the cloud. It found that:
- In last year's study, 52% of respondents stated that over 40% of their sensitive data was stored in the cloud.
- This year, that percentage increased to 64%.
- Furthermore, the number of respondents who indicated that 40% or more of their cloud-based data is sensitive rose from 49% in last year's study to 75% this year.
It is worth mentioning that while encryption is showing progress, it remains a slow process. According to this year's study 22% of participants said that over 60% of their sensitive data in the cloud is encrypted. Additionally, 40% stated that more than half of their cloud-based sensitive data is encrypted.
These numbers demonstrate an improvement compared to last year's findings, which reported only 17% stating that over half of their sensitive data in the cloud was encrypted. However. It should be noted that only a mere 2% claimed to have achieved complete encryption for all their sensitive cloud data. Furthermore, Thales revealed that a substantial portion (62%) of IT executives who participated in the survey reported having five or more key management systems. Thereby increasing the complexity involved in securing sensitive data.
The use of software as a service (SaaS) apps poses its own set of security challenges as well. Notably, most companies reported utilizing multiple cloud service providers, and this trend has expanded the threat surface for potential data exfiltration. Regarding SaaS application deployment within enterprises, results showed an increase from last year's figures.
In this year's study,16% reported deploying between 51 and 100 different SaaS applications within their enterprises. That proportion grew further to reach 22%. Indicating a rise in adoption rates among respondents. Moreover, more individuals (55%) expressed that managing cloud data is becoming more complex than on-premise environments, up from 46% in the prior year. Additionally, 83% expressed concerns over data sovereignty, with 55% asserting that ensuring data privacy and compliance in the cloud has become increasingly challenging.
As part of this study, participants were asked to rank potential targets for attacks based on the likelihood of being targeted. Notably, SaaS emerged as the most frequently mentioned target by 38% of respondents. Closely followed by cloud storage at 36%. Additionally, there was an observed increase of 4% in reported data breaches compared to last year's report - with a jump from 35% to 39%.
The causes behind these breaches, a significant majority (55%) of participants attributed them to human error within their organizations' cloud systems, surprisingly, despite this awareness. Only 41% of organizations have implemented zero trust controls in their cloud infrastructure.
What needs to improve is the adoption of zero trust protocols in cloud networks - with only 38% utilization. Nevertheless, progress is evident when it comes to authentication protocols for employees; multifactor authentication is now deployed by 65% of respondents.
Sebastien Cano, Senior Vice President for cloud protection and licensing activities at Thales emphasized the need for seamless and efficient security measures within today's dynamic multi-cloud landscape organizations operate. Recognizing the challenges stemming from human error and misconfiguration, he stressed that simplified and easily manageable data protections in the cloud are imperative. Cano proposed treating cloud environments as extensions of existing infrastructure as a critical approach to bolstering security effectively and ensuring comprehensive protection across digital ecosystems.