The ‘2022 Thales Cloud Security Report’ reveals that 45 percent of all companies experienced a cloud data breach or audit failure in the past year. This percentage is 5 percent higher than in 2021. This would raise questions about the effectiveness with which companies protect their sensitive information from cybercriminals.
The use of the cloud, particularly multi-cloud systems, continues to grow across the world. Organizations all across the world used an average of 110 Software-as-a-Service (SaaS) applications by 2021. This represents an extraordinary rapid increase, considering there were just eight in 2015.
The use of several IaaS providers increased dramatically as well. One is used by 72 percent of all businesses. Only 57 percent of all businesses were still doing so in 2021. By 2021, the number of people using several IaaS providers had nearly doubled. One-fifth of those polled stated they collaborate with three or more parties.
Despite the increasing use of cloud services, companies share the same concerns about their complexity, according to the 2022 Thales Cloud Security Report – a study that was commissioned by Thales and conducted by 451 Research. A majority of IT professionals (51%) agreed with the statement that it is harder to keep a grip on privacy and data protection in cloud environments. In addition, moving to the cloud is increasing in complexity. The percentage of respondents who planned to move applications to the cloud without any modification dropped from 55 percent in 2021 to 24 percent in 2022.
Complexity Multi-Cloud Leads to Security Issues
The growing complexity associated with the cloud is accompanied by a greater need for powerful cybersecurity solutions. The vast majority of respondents (66%) said they store 21 to 60% of all their sensitive data in the cloud. Only a quarter said they were able to fully classify all data.
In addition, a third of all respondents saw themselves forced to notify a regulator, customers, partners or employees of a data breach. This gives cause for concern for organizations with sensitive data, and especially companies operating in highly regulated markets.
Cyberattacks continue to pose dangers to applications and data in the cloud. Respondents pointed to an increase in the number of attacks. 26 percent reported an increase in malware attacks, 25 percent in ransomware attacks and 19 percent in phishing and whaling attacks.
Protecting Sensitive Data
When it comes to securing data in multi-cloud environments, IT professionals see encryption as an essential security mechanism. The majority said they currently use encryption (59%) and key management (52%) to keep sensitive data in the cloud safe.
However, when respondents were asked about the proportion of their data in the cloud that was encrypted, only 11 percent of respondents said it was 81 to 100 percent. In addition, it appears that the proliferation of key management platforms may pose problems for businesses. Only 10 percent of all respondents use one or two of these platforms, 90 percent use three or more, and 17 percent said they use as many as eight or more key management platforms.
Companies should prioritize encryption for protecting their data in the cloud, according to Thales’ report. As many as 40 percent of respondents said they had been able to avoid the data breach disclosure process because the stolen or leaked data had been encrypted or edited based on tokenization. This shows that encryption platforms have tangible value to offer companies.
Another encouraging development is that companies are embracing and investing in zero trust. Nearly a third of respondents (29%) had already implemented a zero trust strategy, a quarter (27%) said they were in the process of evaluating and planning one, and 23% said they were considering one. According to Thales, this is a positive development although there is still room for improvement.
“The complexity of managing multi-cloud environments cannot be underestimated. Moreover, the growing importance of data sovereignty raises more and more questions for CISOs and data protection officers when considering their cloud strategy, governance and risk management. The challenge is not only where sensitive data is located geographically, but even who has access to sensitive data within the organization,” said Sebastien Cano, Senior Vice President of Cloud Protection & Licensing Activities at Thales. “There are several solutions, such as encryption and key management. Last but not least, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, allowing organizations to support their data and meet future challenges.”
The 2022 Thales Cloud Security Study is based on data from a survey of nearly 2,800 security professionals and executives. This study was conducted as an observational study and makes no causal statements.
Executive Summary
The 2022 Thales Cloud Security Report
-
45% of companies experienced a cloud data breach or audit failure in the past year
-
The use of the cloud, particularly multi-cloud systems, continues to grow across the world
-
Companies use an average of 110 Software-as-a-Service (SaaS) applications per organization in 2021
-
One SaaS provider is used by 72% of businesses
-
Moving to the cloud is increasing in complexity
Complexity Multi-Cloud Leads to Security Issues
-
The growing complexity associated with the cloud is accompanied by a greater need for powerful cybersecurity solutions
-
66% store 21-60% of sensitive data in the cloud
-
Only a quarter are able to classify all data
-
A third of all respondents saw themselves forced to notify a regulator, customers, partners or employees of a data breach
Protecting Sensitive Data
-
Companies should prioritize encryption for protecting their data in the cloud.
-
40% of respondents said they had been able to avoid the data breach disclosure process because the stolen or leaked data had been encrypted or edited based on tokenization.
-
Another encouraging development is that companies are embracing and investing in zero trust strategies.
