As global businesses are moving to the cloud at an ever-faster pace, the digital infrastructure has to become agile, capable, and distributed for supporting a hybrid work culture. This is driving multicloud adoption and making security the top priority for IT teams and security professionals. The 2022 Thales Cloud Security Study discusses the challenges of data protection in a multicloud ecosystem, cloud complexity, and cloud security technologies. In this blog post, we summarize the key findings of this report so that it can help and guide enterprises to take necessary measures to overcome the challenges and protect sensitive data from cloud-based data breaches.
Increased multicloud adoption
According to the report, in 2022, 72% of organizations use multiple IaaS providers as compared to 57% in the previous year. The percentage of organizations using three or more IaaS providers doubled to 20% from 10% last year.
Multicloud complexity and security challenges
24% of organizations said that more than 60%of their data resides in the cloud while in the case of 8% of organizations, 80% of their data resides in the cloud indicating that most organizations use a mix of venues, leading to increased complexity. A wide range of cloud security tools also poses an issue, for complex multicloud environments.
Sensitive data in the cloud
66% of organizations store around 21-60% of their sensitive data in the cloud, whereas only 22% store 61-100% of their data in the cloud, as per the report. In 2022, over half of respondents agree that privacy management and data protection is more complex for hybrid/multicloud than on-premises whereas last year it was only 46%.
Security teams define policies
In 84% of organizations, security teams define policy. Of this, in 37% of organizations, security teams manage both policy and standards, and in 48% security teams set policy, and cloud delivery teams set and enforce technical standards. By establishing guidelines for consumers of cloud infrastructure, organizations can increase efficiency and build secure environments without direct intervention from security teams.
Cloud data breaches
As compared to 40% in 2021, this year 45% of organizations said they faced cloud-based data breaches or failed an audit involving data and applications that reside in the cloud.
Risk for cloud assets
Organizations revealed that cyberattacks are a risk to cloud applications and data. 26% of enterprises experienced increased malware attacks, 25% were affected by an increase in ransomware and 19% saw more phishing or whaling.
Cloud protection strategies
Organizations find encryption, key management, remote access security technologies, and zero trust as effective ways by which they can reduce cloud risks.
Encryption keys’ management challenges
Enterprises see encryption key management as a challenge.
The report indicated that encryption keys management platform sprawl can be an issue for organizations as only 10% of respondents used 1-2 platforms whereas 90% use 3 or more, and 17% use 8 or more platforms.
Increased Zero Trust adoption
Organizations have shown an increased interest in the adoption of Zero Trust. 29% already have a zero trust strategy in place, 27% are evaluating/planning, and 23% are considering having a zero trust strategy. Only 20% have no plans to implement it.
34% of organizations said that zero trust shapes their cloud security policy to a great extent while 47% relied on some concepts of zero trust. As compared to 24% in 2021, only 19% said that their cloud security strategies are unaffected by zero trust in 2022.
Conclusion: As organizations are shifting to modern, multicloud infrastructure in full swing, they have to build security capabilities accordingly. The complex multicloud environments create security challenges. Enterprises are implementing encryption and key management as security controls in the cloud. However key management solution sprawl is another challenge for organizations. Different strategies for controlling encryption keys indicate an opportunity to centralize and consolidate solutions. Enterprises are also investing in zero trust for cloud access. These capabilities together will help enterprises to work in a secured multicloud environment and enable cloud transformation that will support a remote or hybrid workforce.
Also read: Organizations can enjoy an ROI of 92% by implementing Zero Trust architecture, finds Forrester