For Data Breaches, Cloud Assets are Biggest Cybersecurity Headache

Thales cloud safety research reveals that 79% of organizations have a couple of cloud supplier and 75% of firms mentioned they retailer at the least 40% of their delicate knowledge within the cloud.

Whereas Thales, in its 2023 Cloud Safety Examine, discovered that effectively over a 3rd (39%) of companies skilled an information breach of their cloud atmosphere final yr versus 34% in 2021, organizations are more and more caching delicate knowledge in a number of cloud environments.

Within the report, based mostly on a survey of three,000 IT and safety groups throughout 18 international locations in EMEA, the Americas and Asia Pacific:

• Seventy-five % of IT executives labeled as delicate greater than 40% of their knowledge saved within the cloud, in comparison with 49% this time final yr.
• Thirty-eight % of respondents mentioned software program as a service functions are the primary goal for hackers, adopted by cloud-based storage (36%).

Multicloud inflicting operational complexity

The research reveals how extra firms are utilizing extra cloud service suppliers, monitoring with the 35% progress within the variety of reported suppliers available in the market. The research authors famous that the typical variety of cloud infrastructure suppliers is now 2.3, and that greater than three-quarters (79%) of this yr’s respondents have a couple of cloud supplier (Determine A).

Determine A

“With a bigger variety of platforms to safe, the chance for operational errors grows, growing the assault floor with every error. Organizations both must dedicate separate groups to specialise in every platform or count on their safety groups to develop into well-versed in a number of platforms on the identical time,” in keeping with the research.

Extra delicate knowledge being saved within the cloud

The research reported that organizations are lifting extra workloads and knowledge into the cloud: The variety of organizations that reported that 60% or extra of their workloads are within the cloud elevated from 23% to 27% yr over yr.

SEE: Learn how IBM is boosting cloud knowledge observe (TechRepublic)

The report polled respondents two methods about delicate knowledge within the cloud to find out how they’re deploying their knowledge and noticed will increase in each instructions. The survey requested about:

• The share of a corporation’s complete delicate knowledge that’s saved within the cloud.
• The share of all the knowledge a corporation shops within the cloud that’s delicate.

It discovered that:

• In final yr’s research, 52% of respondents mentioned that greater than 40% of their delicate knowledge was within the cloud. This yr, that quantity elevated to 64%.
• The variety of respondents who mentioned that 40% or extra of their knowledge saved within the cloud is delicate knowledge, elevated from 49% in final yr’s research, to 75% this yr.

Encryption is growing, however slowly

On this yr’s research, 22% of respondents mentioned that over 60% of their delicate knowledge within the cloud is encrypted and 40% mentioned over half of that cloud-based delicate knowledge is encrypted. These numbers represent an enchancment from final yr’s research, which reported that solely 17% of respondents had mentioned over half of their delicate knowledge within the cloud was encrypted. That mentioned, solely 2% mentioned 100% of their delicate knowledge within the cloud is encrypted (Determine B).

Determine B

Moreover, 62% of IT executives who responded to the survey mentioned they’ve 5 or extra key administration programs, which Thales mentioned constitutes elevated complexity for securing delicate knowledge.

Software program-as-a-service creating safety challenges

Not solely do most firms report having a number of cloud service suppliers, the rise in the usage of SaaS apps is increasing the risk floor for knowledge exfiltration:

• Within the 2022 research, 16% of respondents reported their enterprises deployed 51-100 totally different SaaS functions.
• On this yr’s research, that proportion grew to 22% of respondents, and 55% (versus 46% within the prior yr) famous that managing knowledge within the cloud is extra advanced than in on-premise environments.
• Moreover, 83% expressed issues over knowledge sovereignty, with 55% of respondents asserting that knowledge privateness and compliance within the cloud has develop into tougher.

The research included a rating query on which assault targets are almost certainly to be attacked. SaaS was talked about first by 38% of respondents, adopted by cloud storage at 36% of these polled. Moreover, the research’s authors mentioned the variety of survey respondents reporting an information breach throughout the research interval was up 4% from final yr’s report — 35% to 39%.

Knowledge breaches and human error

Over half (55%) of respondents to the survey mentioned human error triggered cloud knowledge breaches at their organizations, however solely 41% of organizations have carried out zero-trust controls of their cloud infrastructure — solely 38% use zero-trust protocols of their cloud networks. Nonetheless, extra firms are adopting authentication protocols for workers: 65% of respondents to Thales’ survey mentioned they now deploy multifactor authentication.

SEE: Palo Alto Networks on in a different way about cloud safety (TechRepublic)

“Organizations are working in a dynamic multi-cloud panorama, demanding seamless and environment friendly safety measures,” mentioned Sebastien Cano, senior vp for cloud safety and licensing actions at Thales.

“To beat challenges arising from human error and misconfiguration, it’s crucial that knowledge protections within the cloud are simplified and simply manageable.” He mentioned that the important thing to enhancing cloud safety lies in treating cloud environments as an extension of present infrastructure. “By adopting this strategy, organizations can successfully bolster safety and guarantee complete safety throughout your complete digital ecosystem.”