Majority of businesses don’t protect their sensitive data on the cloud

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing Activities at Thales

The 2021 Thales Global Cloud Security Study, commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence, reports that 40% of organizations have experienced a cloud-based data breach over the past 12 months.

Despite the increasing cyber-attacks targeting data in the cloud, the vast majority (83%) of businesses are still failing to encrypt half of the sensitive data in their cloud storage, raising even greater concerns as to the impact cybercriminals can have.

Pandemic has accelerated cloud transformation

Cloud adoption is on the rise as businesses continue to diversify their use of cloud solutions.

Globally, 57% of respondents reported they make use of two or more cloud infrastructure providers, whilst almost a quarter (24%) of organizations flagged that the majority of their workloads and data are now saved on the cloud.

According to a recent study by McKinsey & Company, companies globally have accelerated their cloud adoption by three years compared to pre-pandemic adoption rates. 

This marks a significant shift in the use of cloud-based solutions, from being purely data storage solutions to a state in which data is used flexibly to support daily operations.

Security in the cloud is mixed

According to the study, one-fifth (21%) of businesses host the majority of their sensitive data in the cloud, while 40% reported a breach in the last year.

There are some common trends as to where companies turn when considering how to secure their cloud infrastructure, with 33% reporting multi-factor authentication (MFA) as being a central part of their cybersecurity strategy.

However, 17% of the surveyed have encrypted more than half of the data they store in the cloud. This figure drops to 15% where organizations have adopted a multi-cloud approach.

Even where businesses protect their data with encryption, 34% of organizations leave the control of keys to service providers rather than retaining control themselves.

Whereas a large number of organizations failed to protect their data sufficiently with encryption, limiting potential access points became even more critical.

However, nearly half (48%) of business leaders globally admitted their organization does not have a Zero Trust strategy, and a quarter (25%) aren’t even considering one.

Complexity as a concern

Businesses share common concerns about the increasing complexity of cloud services.

Almost half (46%) of global survey respondents claimed managing privacy and data protection in the cloud is more complex than on-premises solutions.

Hybrid models are common with many organizations not moving entirely to the cloud. 55% of businesses have indicated a preference for a lift & shift approach to cloud adoption over re-architecting, as the cloud becomes a more integrated part of the business infrastructure.

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing Activities at Thales had the following insights on cloud storage and its importance to an organization.

“There are many organizations across the world that are struggling to navigate the increased complexity that comes with greater adoption of cloud-based solutions. A robust security strategy is essential to ensuring data and business operations remain secure.”

“With nearly every business reliant on the cloud to some extent, it is vital that security teams have the ability to discover, protect, and maintain control of their data.”

Fernando Montenegro Principal Research Analyst, Information Security at 451 Research, part of S&P Global Market Intelligence Thales Global Cloud Security Study has these insights.

“Protecting customer data is always the priority, and organizations should strongly consider reviewing their strategies and approaches to proactively protect data on the cloud.”

“This includes understanding the role of specific technologies including encryption and key management, as well as the shared responsibilities between providers and their customers.”

“As data privacy and sovereignty regulations grow, it will be paramount that organizations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data.”