47% of corporate data stored in the cloud is sensitive
As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyberattacks, with SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%) cited as the leading categories of attack, according to Thales.
Protecting cloud environments tops security priorities
As a result, protecting cloud environments has risen as the top security priority ahead of all other security disciplines.
This comes as organizations continue to experience cloud data breaches. 44% of organizations have experienced a cloud data breach with 14% reported having an incident in the last 12 months. Human error and misconfiguration continued to lead the top root cause of these breaches (31%), followed by exploiting known vulnerabilities (28%), and failure to use multi-factor authentication (17%).
Growing cloud usage across enterprises has seen an accompanying growth in the potential attack surface for threat actors, with 66% of organizations using more than 25 SaaS applications and 47% of corporate data being sensitive.
Despite the increased risks to sensitive data in the cloud, the data encryption rates remain low, with less than 10% of enterprises encrypting 80% or more of their sensitive cloud data.
However, respondents are not as convinced about which controls are most effective in protecting sensitive data in the cloud from cyberattack. While 24% of respondents prioritize cloud security measures as effective, other, more traditional (and arguably better-known) categories such as workforce IAM (30%) and endpoint security (31%) were chosen more frequently.
This makes for an interesting contrast, as security teams may favor the tools they are most familiar with rather than work with development teams to integrate security controls directly into cloud environments.
Organizations modernized their investments to meet new security challenges
As organizations gain more experience in using cloud computing, many have modernized their investments to meet new security challenges. For organizations that prioritized digital sovereignty as an emerging security concern, refactoring applications to logically separate, secure, store, and process cloud data was the top way they would attain or achieve sovereignty initiatives ahead of other measures such as repatriating workloads back to on-premises or in-territory.
Future-proofing cloud environments (31%) was the number one driver behind digital sovereignty initiatives, while adhering to regulations came in at a distant second at 22%.
“The scalability and flexibility that the cloud offers is highly compelling for organizations, so it’s no surprise it is central to their security strategies. However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research,” said Sebastien Cano, SVP for Cloud Protection and Licensing activities at Thales.
The report is based on a survey of nearly 3000 IT and security professionals across 18 countries.
Fill out the form to get your eBook: