Increasing Cloud Complexity Needs Stronger Cybersecurity

Increasing Cloud Complexity Needs Stronger Cybersecurity

A Thales report, conducted by 451 Research, reveals that 45% of companies have experienced a cloud-based data breach or failed audit in the last 12 months, up 5% from the previous year, leading to even greater concerns regarding the protection of sensitive data from cybercriminals

complexity of multicloud environments

Globally, cloud adoption, and in particular multi-cloud adoption, continues to rise. In 2021, organizations around the world were using an average of 110 software-as-a-service (SaaS) applications, up from just eight in 2015, showing a surprisingly rapid increase.

There has been a notable expansion in the use of multiple IaaS providers, with 72% of companies using multiple IaaS providers, up from 57% the previous year. The use of multiple providers has almost doubled in the last year, with 20% of respondents reporting that they use three or more providers.

Despite its increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services: 51% of IT professionals agree that it is more complex to manage privacy and data protection in the cloud. Cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they expect to lift and switch, the simplest migration tactic, falling from 55% in 2021 to 24% today.

Security challenges of multi-cloud complexity

With the increasing complexity of multi-cloud environments comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, 66% said between 21-60%. However, only 25% said they could fully classify all of the data.

Additionally, 32% of respondents admitted to having to send a notice of breach to a government agency, customer, partner, or employee. This should be a cause for concern among companies with sensitive data, particularly in highly regulated industries.

Cyber ​​attacks also present ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with 26% citing an increase in malware, 25% ransomware, and 19% reporting an increase in phishing/whaling.

Confidential data protection

When it comes to protecting data in multi-cloud environments, IT professionals view encryption as a critical security control. The majority of respondents cited encryption (59%) and key management (52%) as the security technologies they currently use to protect sensitive data in the cloud.

However, when asked what percentage of their cloud data is encrypted, 11% of respondents said between 81-100% is encrypted. In addition, the expansion of the key management platform can be a problem for companies. Only 10% of respondents use one or two platforms, 90% use three or more, and 17% admitted to using eight or more platforms.

Encryption should be a priority area for companies to focus on when it comes to protecting data in the cloud. In fact, 40% of respondents said they were able to bypass the breach notification process because the stolen or leaked data was encrypted or tokenized, demonstrating the tangible value of encryption platforms.

Furthermore, it is encouraging to see signs of companies embracing zero trust and investing accordingly. 29% of respondents said they are already executing a zero trust strategy, 27% said they are evaluating and planning one, and 23% said they are considering one. This is a positive result, but there is certainly still room to grow.

Sebastian Cano, Senior Vice President of Cloud Licensing and Protection Activities at Thales, said: “The complexity of managing multi-cloud environments cannot be overstated. In addition, the growing importance of data sovereignty is raising more and more questions for chief information security officers and data protection officers as they consider their cloud strategy, governance, and risk management. The challenge is not only where sensitive data resides geographically, but also who has access to sensitive data within the organization.

“There are various solutions, such as encryption and key management. Last but not least, continuing to adopt a zero-trust strategy to protect these complex environments will be essential, helping to ensure organizations can back up their data and manage future challenges.”

Leave a Comment