Study: Cloud Data Breaches and Cloud Complexity on the Rise

Thales booth

45 percent of businesses have had a cloud-based data breach or failed audit in the previous 12 months, up 5% from the previous year, according to the 2022 Thales Cloud Security Report, conducted by 451 Research, a division of S&P Global Market Intelligence.  This would raise even greater concerns about protecting sensitive data from cybercriminals.

 Listen to this story

Cloud adoption, particularly multicloud usage, continues to increase globally, according to Thales’ report conducted by 451 Research. Organizations used an average of 110 Software as a Service (SaaS) applications in 2021, up from only eight in 2015, demonstrating a strikingly quick rise. The usage of numerous IaaS providers has increased significantly, with almost three-quarters (72%) of firms utilizing multiple IaaS providers, up from 57 percent the year before. The number of people who use numerous providers has nearly doubled in the last year, with one in every five (20%) people saying they use three or more.

Despite their growing popularity and use, companies are concerned about the rising complexity of cloud services, with the majority of IT professionals (51%) believing that managing privacy and data protection in the cloud is more difficult. Furthermore, the cloud migration path is growing more complicated, with the number of respondents anticipating to lift and shift, the simplest of migration strategies, falling from 55 percent in 2021 to 24 percent now.

Security Challenges of Multicloud Complexity

As the world becomes more complicated, so does the demand for stronger cybersecurity. A significant majority (66 percent) claimed between 21 and 60 percent of their sensitive data is kept on the cloud when asked. Only a quarter of respondents (25%) indicated they could fully classify all data.

In addition, over a third (32%) of respondents said they had to notify a government agency, a customer, a partner, or workers of a data breach. According to Thales’ report, this should be a source of worry for businesses that handle sensitive data, especially those in highly regulated sectors.

Cyber-attacks continue to pose a threat to cloud applications and data. A quarter of respondents (26%) said they’ve seen a rise in malware, 25% said they’ve seen an increase in ransomware, and one-fifth (19%) said they’ve seen an increase in phishing/ whaling.

Protecting Sensitive Data

Photo Sebastien Cano, SVP for Cloud Protection and Licensing activities at Thales
“The complexity of managing multicloud environments cannot be overstated,” said Sebastien Cano, SVP for Cloud Protection and Licensing activities at Thales.

IT pros would consider encryption to be a vital security measure when it comes to safeguarding data in multicloud systems. Encryption (59%) and key management (52%) were named by the majority of respondents as the security technology they currently employ to secure sensitive data in the cloud.

However, when asked what proportion of their cloud data is encrypted, just one in ten (11%) of respondents indicated between 81 and 100 percent. Enterprises may also face a problem with key management platform sprawl. Only 10% of respondents said they use one to two platforms, 90% said they use three or more, and almost one-fifth (17%) said they use eight or more.

When it comes to safeguarding data in the cloud, encryption should be a top priority for businesses. Indeed, 40% of respondents said they were able to defer breach reporting because the stolen or leaked data was encrypted or tokenized, demonstrating the practical benefit of encryption technologies.

It’s also good to see indicators that businesses are embracing Zero Trust and investing accordingly, according to the Thales report. Nearly a third of those polled (29%) said they are already implementing a Zero Trust strategy, while a quarter (27%) said they are assessing and preparing one, and 23% said they are thinking about it. According to Thales’ report, this is a positive outcome but there is still potential for improvement.

“The complexity of managing multicloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organization,” said Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales. “There are various solutions such as encryption and key management. Last but not least, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organizations can support their data and manage future challenges.”

Executive Summary

The 2022 Thales Cloud Security Report

  • 45% of businesses have had a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year
  • The number of people who use multiple cloud providers has doubled in the last year, with one in every five (20%) people using three or more
  • Companies are concerned about the rising complexity of cloud services, with 51% believing that managing privacy and data protection in the cloud is more difficult

Security Challenges of Multicloud Complexity

  • As the world becomes more complicated, so does the demand for stronger cybersecurity.
  • A significant majority (66 percent) claimed between 21 and 60 percent of their sensitive data is kept on the cloud, but only a quarter of respondents (25%) indicated they could fully classify all data
  • Cyber-attacks continue to pose a threat to cloud applications and data.

Protecting Sensitive Data

  • Encryption (59%) and key management (52%) were named by the majority of respondents as the security technology they currently employ to secure sensitive data in the cloud.
  • However, when asked what proportion of their cloud data is encrypted, just one in ten (11%) of respondents indicated between 81 and 100 percent
  • Enterprises may also face a problem with key management platform sprawl. Only 10% of respondents use one to two platforms, 90% said they use three or more, and almost 1-fifth (17%) said they used eight or more
  • Continuing to embrace a Zero Trust strategy will be essential in securing these complex environments